mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 01:42:04 +08:00
FEATURE: add site setting use_admin_ip_whitelist to enable/disable the whitelisting of admins by IP address
This commit is contained in:
parent
7d4dbc9962
commit
5ca26a7707
|
@ -18,14 +18,25 @@ Discourse.ScreenedIpAddressFormComponent = Ember.Component.extend({
|
|||
formSubmitted: false,
|
||||
actionName: 'block',
|
||||
|
||||
actionNames: function() {
|
||||
return [
|
||||
{id: 'block', name: I18n.t('admin.logs.screened_ips.actions.block')},
|
||||
{id: 'do_nothing', name: I18n.t('admin.logs.screened_ips.actions.do_nothing')},
|
||||
{id: 'allow_admin', name: I18n.t('admin.logs.screened_ips.actions.allow_admin')}
|
||||
];
|
||||
adminWhitelistEnabled: function() {
|
||||
return Discourse.SiteSettings.use_admin_ip_whitelist;
|
||||
}.property(),
|
||||
|
||||
actionNames: function() {
|
||||
if (this.get('adminWhitelistEnabled')) {
|
||||
return [
|
||||
{id: 'block', name: I18n.t('admin.logs.screened_ips.actions.block')},
|
||||
{id: 'do_nothing', name: I18n.t('admin.logs.screened_ips.actions.do_nothing')},
|
||||
{id: 'allow_admin', name: I18n.t('admin.logs.screened_ips.actions.allow_admin')}
|
||||
];
|
||||
} else {
|
||||
return [
|
||||
{id: 'block', name: I18n.t('admin.logs.screened_ips.actions.block')},
|
||||
{id: 'do_nothing', name: I18n.t('admin.logs.screened_ips.actions.do_nothing')}
|
||||
];
|
||||
}
|
||||
}.property('adminWhitelistEnabled'),
|
||||
|
||||
actions: {
|
||||
submit: function() {
|
||||
if (!this.get('formSubmitted')) {
|
||||
|
|
|
@ -75,6 +75,7 @@ class ScreenedIpAddress < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def self.block_admin_login?(user, ip_address)
|
||||
return false unless SiteSetting.use_admin_ip_whitelist
|
||||
return false if user.nil?
|
||||
return false if !user.admin?
|
||||
return false if ScreenedIpAddress.where(action_type: actions[:allow_admin]).count == 0
|
||||
|
|
|
@ -862,6 +862,7 @@ en:
|
|||
enable_noscript_support: "Enable standard webcrawler search engine support via the noscript tag"
|
||||
allow_moderators_to_create_categories: "Allow moderators to create new categories"
|
||||
cors_origins: "Allowed origins for cross-origin requests (CORS). Each origin must include http:// or https://. The DISCOURSE_ENABLE_CORS env variable must be set to true to enable CORS."
|
||||
use_admin_ip_whitelist: "Admins can only log in if they are at an IP address defined in the Screened IPs list (Admin > Logs > Screened Ips)."
|
||||
top_menu: "Determine which items appear in the homepage navigation, and in what order. Example latest|new|unread|categories|top|read|posted|bookmarks"
|
||||
post_menu: "Determine which items appear on the post menu, and in what order. Example like|edit|flag|delete|share|bookmark|reply"
|
||||
post_menu_hidden_items: "The menu items to hide by default in the post menu unless an expansion ellipsis is clicked on."
|
||||
|
|
|
@ -656,6 +656,9 @@ security:
|
|||
cors_origins:
|
||||
default: ''
|
||||
type: list
|
||||
use_admin_ip_whitelist:
|
||||
default: false
|
||||
client: true
|
||||
|
||||
onebox:
|
||||
enable_flash_video_onebox: false
|
||||
|
|
|
@ -507,6 +507,7 @@ describe SessionController do
|
|||
let(:permitted_ip_address) { '111.234.23.11' }
|
||||
before do
|
||||
Fabricate(:screened_ip_address, ip_address: permitted_ip_address, action_type: ScreenedIpAddress.actions[:allow_admin])
|
||||
SiteSetting.stubs(:use_admin_ip_whitelist).returns(true)
|
||||
end
|
||||
|
||||
it 'is successful for admin at the ip address' do
|
||||
|
|
|
@ -240,20 +240,29 @@ describe ScreenedIpAddress do
|
|||
|
||||
describe '#block_admin_login?' do
|
||||
context 'no allow_admin records exist' do
|
||||
it "returns false when user is nil" do
|
||||
expect(described_class.block_admin_login?(nil, '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for non-admin user" do
|
||||
it "returns false when use_admin_ip_whitelist is false" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for admin user" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
context "use_admin_ip_whitelist is true" do
|
||||
before { SiteSetting.stubs(:use_admin_ip_whitelist).returns(true) }
|
||||
|
||||
it "returns false for admin user and ip_address arg is nil" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), nil)).to eq(false)
|
||||
it "returns false when user is nil" do
|
||||
expect(described_class.block_admin_login?(nil, '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for non-admin user" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for admin user" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for admin user and ip_address arg is nil" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), nil)).to eq(false)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -263,24 +272,32 @@ describe ScreenedIpAddress do
|
|||
Fabricate(:screened_ip_address, ip_address: @permitted_ip_address, action_type: described_class.actions[:allow_admin])
|
||||
end
|
||||
|
||||
it "returns false when user is nil" do
|
||||
expect(described_class.block_admin_login?(nil, @permitted_ip_address)).to eq(false)
|
||||
it "returns false when use_admin_ip_whitelist is false" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for an admin user at the allowed ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), @permitted_ip_address)).to eq(false)
|
||||
end
|
||||
context "use_admin_ip_whitelist is true" do
|
||||
before { SiteSetting.stubs(:use_admin_ip_whitelist).returns(true) }
|
||||
|
||||
it "returns true for an admin user at another ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(true)
|
||||
end
|
||||
it "returns false when user is nil" do
|
||||
expect(described_class.block_admin_login?(nil, @permitted_ip_address)).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for regular user at allowed ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), @permitted_ip_address)).to eq(false)
|
||||
end
|
||||
it "returns false for an admin user at the allowed ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), @permitted_ip_address)).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for regular user at another ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), '123.12.12.12')).to eq(false)
|
||||
it "returns true for an admin user at another ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:admin), '123.12.12.12')).to eq(true)
|
||||
end
|
||||
|
||||
it "returns false for regular user at allowed ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), @permitted_ip_address)).to eq(false)
|
||||
end
|
||||
|
||||
it "returns false for regular user at another ip address" do
|
||||
expect(described_class.block_admin_login?(Fabricate.build(:user), '123.12.12.12')).to eq(false)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user