iprestrictions
fix Verify add check enable add api method
This commit is contained in:
parent
a502c4ee52
commit
f9da8e4026
@ -3,6 +3,7 @@
|
||||
using ASC.Common;
|
||||
using ASC.Common.Logging;
|
||||
using ASC.Core;
|
||||
using ASC.Core.Common.Settings;
|
||||
using ASC.IPSecurity;
|
||||
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
@ -19,9 +20,11 @@ namespace ASC.Api.Core.Middleware
|
||||
public IpSecurityFilter(
|
||||
IOptionsMonitor<ILog> options,
|
||||
AuthContext authContext,
|
||||
IPSecurity.IPSecurity IPSecurity)
|
||||
IPSecurity.IPSecurity IPSecurity,
|
||||
SettingsManager settingsManager)
|
||||
{
|
||||
log = options.CurrentValue;
|
||||
IPRestrictionsSettings = settingsManager.Load<IPRestrictionsSettings>();
|
||||
AuthContext = authContext;
|
||||
this.IPSecurity = IPSecurity;
|
||||
}
|
||||
@ -36,7 +39,8 @@ namespace ASC.Api.Core.Middleware
|
||||
|
||||
public void OnResourceExecuting(ResourceExecutingContext context)
|
||||
{
|
||||
if (AuthContext.IsAuthenticated && !IPSecurity.Verify())
|
||||
|
||||
if (IPRestrictionsSettings.Enable && AuthContext.IsAuthenticated && !IPSecurity.Verify())
|
||||
{
|
||||
context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden);
|
||||
log.WarnFormat("IPSecurity: user {0}", AuthContext.CurrentAccount.ID);
|
||||
|
@ -75,7 +75,7 @@ namespace ASC.IPSecurity
|
||||
{
|
||||
var key = IPRestrictionsServiceCache.GetCacheKey(tenant);
|
||||
var restrictions = cache.Get<List<IPRestriction>>(key);
|
||||
if (restrictions == null)
|
||||
if (restrictions == null || restrictions.Count == 0)
|
||||
{
|
||||
restrictions = IPRestrictionsRepository.Get(tenant);
|
||||
cache.Insert(key, restrictions, timeout);
|
||||
|
@ -25,8 +25,10 @@
|
||||
|
||||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Sockets;
|
||||
using System.Web;
|
||||
|
||||
using ASC.Common;
|
||||
@ -55,6 +57,7 @@ namespace ASC.IPSecurity
|
||||
private SettingsManager SettingsManager { get; }
|
||||
|
||||
private readonly string CurrentIpForTest;
|
||||
private readonly string MyNetworks;
|
||||
|
||||
public IPSecurity(
|
||||
IConfiguration configuration,
|
||||
@ -72,6 +75,7 @@ namespace ASC.IPSecurity
|
||||
IPRestrictionsService = iPRestrictionsService;
|
||||
SettingsManager = settingsManager;
|
||||
CurrentIpForTest = configuration["ipsecurity:test"];
|
||||
MyNetworks = configuration["ipsecurity.mynetworks"];
|
||||
var hideSettings = (configuration["web:hide-settings"] ?? "").Split(new[] { ',', ';', ' ' });
|
||||
IpSecurityEnabled = !hideSettings.Contains("IpSecurity", StringComparer.CurrentCultureIgnoreCase);
|
||||
}
|
||||
@ -109,6 +113,10 @@ namespace ASC.IPSecurity
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if (IsMyNetwork(ips))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
@ -140,5 +148,42 @@ namespace ASC.IPSecurity
|
||||
var portIdx = ip.IndexOf(':');
|
||||
return portIdx > 0 ? ip.Substring(0, portIdx) : ip;
|
||||
}
|
||||
|
||||
private bool IsMyNetwork(string[] ips)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (!string.IsNullOrEmpty(MyNetworks))
|
||||
{
|
||||
var myNetworkIps = MyNetworks.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
|
||||
|
||||
if (ips.Any(requestIp => myNetworkIps.Any(ipAddress => MatchIPs(GetIpWithoutPort(requestIp), ipAddress))))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
var hostName = Dns.GetHostName();
|
||||
var hostAddresses = Dns.GetHostAddresses(Dns.GetHostName());
|
||||
|
||||
var localIPs = new List<IPAddress> { IPAddress.IPv6Loopback, IPAddress.Loopback };
|
||||
|
||||
localIPs.AddRange(hostAddresses.Where(ip => ip.AddressFamily == AddressFamily.InterNetwork || ip.AddressFamily == AddressFamily.InterNetworkV6));
|
||||
|
||||
foreach (var ipAddress in localIPs)
|
||||
{
|
||||
if (ips.Contains(ipAddress.ToString()))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Log.ErrorFormat("Can't verify local network from request with IP-address: {0}", string.Join(",", ips), ex);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
@ -1341,6 +1341,13 @@ namespace ASC.Api.Settings
|
||||
return IPRestrictionsService.Save(model.Ips, Tenant.TenantId);
|
||||
}
|
||||
|
||||
[Read("iprestrictions/settings")]
|
||||
public IPRestrictionsSettings GetIpRestrictionsSettings()
|
||||
{
|
||||
PermissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
||||
return SettingsManager.Load<IPRestrictionsSettings>();
|
||||
}
|
||||
|
||||
[Update("iprestrictions/settings")]
|
||||
public IPRestrictionsSettings UpdateIpRestrictionsSettingsFromBody([FromBody] IpRestrictionsModel model)
|
||||
{
|
||||
|
@ -36,6 +36,7 @@ using ASC.Core;
|
||||
using ASC.Core.Common.Settings;
|
||||
using ASC.Core.Tenants;
|
||||
using ASC.Core.Users;
|
||||
using ASC.IPSecurity;
|
||||
using ASC.MessagingSystem;
|
||||
using ASC.Web.Core.PublicResources;
|
||||
using ASC.Web.Core.Utility;
|
||||
@ -259,7 +260,9 @@ namespace ASC.Web.Core.Users
|
||||
email = (email ?? "").Trim();
|
||||
if (!email.TestEmailRegex()) throw new ArgumentNullException(nameof(email), Resource.ErrorNotCorrectEmail);
|
||||
|
||||
if (!IPSecurity.Verify())
|
||||
var settings = SettingsManager.Load<IPRestrictionsSettings>();
|
||||
|
||||
if (settings.Enable && !IPSecurity.Verify())
|
||||
{
|
||||
throw new Exception(Resource.ErrorAccessRestricted);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user