Issue#2650: Allow local network ips in gitlab and bitbucket ip filters

taiga/hooks/bitbucket/api.py

@@ -24,7 +24,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
 from . import event_hooks
 
 from urllib.parse import parse_qs
-from ipware.ip import get_real_ip
+from ipware.ip import get_ip
 
 
 class BitBucketViewSet(BaseWebhookApiViewSet):
@@ -60,7 +60,7 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
         bitbucket_config = project.modules_config.config.get("bitbucket", {})
         valid_origin_ips = bitbucket_config.get("valid_origin_ips",
                                                 settings.BITBUCKET_VALID_ORIGIN_IPS)
-        origin_ip = get_real_ip(request)
+        origin_ip = get_ip(request)
         if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips):
             return False
 

taiga/hooks/gitlab/api.py

@@ -16,7 +16,7 @@
 
 from django.conf import settings
 
-from ipware.ip import get_real_ip
+from ipware.ip import get_ip
 
 from taiga.base.utils import json
 
@@ -50,7 +50,7 @@ class GitLabViewSet(BaseWebhookApiViewSet):
 
         gitlab_config = project.modules_config.config.get("gitlab", {})
         valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
-        origin_ip = get_real_ip(request)
+        origin_ip = get_ip(request)
         if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips):
             return False
 

tests/integration/test_hooks_bitbucket.py

@@ -73,6 +73,25 @@ def test_invalid_ip(client):
     assert response.status_code == 400
 
 
+def test_valid_local_network_ip(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["192.168.1.1"]
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = {'payload': ['{"commits": []}']}
+    response = client.post(url,
+                           urllib.parse.urlencode(data, True),
+                           content_type="application/x-www-form-urlencoded",
+                           REMOTE_ADDR="192.168.1.1")
+    assert response.status_code == 204
+
+
 def test_not_ip_filter(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={

tests/integration/test_hooks_gitlab.py

@@ -78,6 +78,26 @@ def test_invalid_ip(client):
     assert response.status_code == 400
 
 
+def test_valid_local_network_ip(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["192.168.1.1"],
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = {"test:": "data"}
+    response = client.post(url,
+                           json.dumps(data),
+                           content_type="application/json",
+                           REMOTE_ADDR="192.168.1.1")
+
+    assert response.status_code == 204
+
+
 def test_not_ip_filter(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={