Merge pull request #1495 from ONLYOFFICE/feature/ipsecurity-fixes
Feature/ipsecurity fixes
This commit is contained in:
commit
2a80673ba4
@ -73,8 +73,16 @@ internal class IPAddressRange
|
||||
{
|
||||
var parts = CIDRmask.Split('/');
|
||||
|
||||
var IP_addr = BitConverter.ToInt32(IPAddress.Parse(ipAddress).GetAddressBytes(), 0);
|
||||
var CIDR_addr = BitConverter.ToInt32(IPAddress.Parse(parts[0]).GetAddressBytes(), 0);
|
||||
var requestIP = IPAddress.Parse(ipAddress);
|
||||
var restrictionIP = IPAddress.Parse(parts[0]);
|
||||
|
||||
if (requestIP.AddressFamily != restrictionIP.AddressFamily)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
var IP_addr = BitConverter.ToInt32(requestIP.GetAddressBytes(), 0);
|
||||
var CIDR_addr = BitConverter.ToInt32(restrictionIP.GetAddressBytes(), 0);
|
||||
var CIDR_mask = IPAddress.HostToNetworkOrder(-1 << (32 - int.Parse(parts[1])));
|
||||
|
||||
return (IP_addr & CIDR_mask) == (CIDR_addr & CIDR_mask);
|
||||
|
@ -38,7 +38,6 @@ public class IPSecurity
|
||||
private readonly IPRestrictionsService _ipRestrictionsService;
|
||||
private readonly string _currentIpForTest;
|
||||
private readonly string _myNetworks;
|
||||
private readonly SecurityContext _securityContext;
|
||||
private readonly UserManager _userManager;
|
||||
|
||||
public IPSecurity(
|
||||
@ -47,7 +46,6 @@ public class IPSecurity
|
||||
AuthContext authContext,
|
||||
TenantManager tenantManager,
|
||||
IPRestrictionsService iPRestrictionsService,
|
||||
SecurityContext securityContext,
|
||||
UserManager userManager,
|
||||
ILogger<IPSecurity> logger)
|
||||
{
|
||||
@ -56,7 +54,6 @@ public class IPSecurity
|
||||
_authContext = authContext;
|
||||
_tenantManager = tenantManager;
|
||||
_ipRestrictionsService = iPRestrictionsService;
|
||||
_securityContext = securityContext;
|
||||
_userManager = userManager;
|
||||
_currentIpForTest = configuration["ipsecurity:test"];
|
||||
_myNetworks = configuration["ipsecurity:mynetworks"];
|
||||
@ -97,7 +94,6 @@ public class IPSecurity
|
||||
|
||||
if (string.IsNullOrWhiteSpace(requestIps))
|
||||
{
|
||||
var request = _httpContextAccessor.HttpContext.Request;
|
||||
requestIps = _httpContextAccessor.HttpContext.Connection.RemoteIpAddress.ToString();
|
||||
}
|
||||
|
||||
@ -105,7 +101,7 @@ public class IPSecurity
|
||||
? Array.Empty<string>()
|
||||
: requestIps.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
|
||||
|
||||
var isDocSpaceAdmin = await _userManager.IsUserInGroupAsync(_securityContext.CurrentAccount.ID, Core.Users.Constants.GroupAdmin.ID);
|
||||
var isDocSpaceAdmin = await _userManager.IsUserInGroupAsync(_authContext.CurrentAccount.ID, Core.Users.Constants.GroupAdmin.ID);
|
||||
|
||||
if (ips.Any(requestIp => restrictions.Any(restriction => (restriction.ForAdmin ? isDocSpaceAdmin : true) && MatchIPs(GetIpWithoutPort(requestIp), restriction.Ip))))
|
||||
{
|
||||
@ -131,7 +127,7 @@ public class IPSecurity
|
||||
public static bool MatchIPs(string requestIp, string restrictionIp)
|
||||
{
|
||||
var dividerIdx = restrictionIp.IndexOf('-');
|
||||
if (dividerIdx > -1)
|
||||
if (dividerIdx > 0)
|
||||
{
|
||||
var lower = IPAddress.Parse(restrictionIp.Substring(0, dividerIdx).Trim());
|
||||
var upper = IPAddress.Parse(restrictionIp.Substring(dividerIdx + 1).Trim());
|
||||
@ -141,7 +137,7 @@ public class IPSecurity
|
||||
return range.IsInRange(IPAddress.Parse(requestIp));
|
||||
}
|
||||
|
||||
if (restrictionIp.IndexOf('/') > -1)
|
||||
if (restrictionIp.IndexOf('/') > 0)
|
||||
{
|
||||
return IPAddressRange.IsInRange(requestIp, restrictionIp);
|
||||
}
|
||||
|
@ -170,13 +170,6 @@ public class MessageSettingsController : BaseSettingsController
|
||||
throw new Exception(_customNamingPeople.Substitute<Resource>("ErrorEmailAlreadyExists"));
|
||||
}
|
||||
|
||||
var settings = await _settingsManager.LoadAsync<IPRestrictionsSettings>();
|
||||
|
||||
if (settings.Enable && !await _ipSecurity.VerifyAsync())
|
||||
{
|
||||
throw new Exception(Resource.ErrorAccessRestricted);
|
||||
}
|
||||
|
||||
var trustedDomainSettings = await _settingsManager.LoadAsync<StudioTrustedDomainSettings>();
|
||||
var emplType = trustedDomainSettings.InviteAsUsers ? EmployeeType.User : EmployeeType.RoomAdmin;
|
||||
if (!_coreBaseSettings.Personal)
|
||||
|
@ -380,13 +380,6 @@ public sealed class UserManagerWrapper
|
||||
throw new ArgumentNullException(nameof(email), Resource.ErrorNotCorrectEmail);
|
||||
}
|
||||
|
||||
var settings = await _settingsManager.LoadAsync<IPRestrictionsSettings>();
|
||||
|
||||
if (settings.Enable && !await _iPSecurity.VerifyAsync())
|
||||
{
|
||||
throw new Exception(Resource.ErrorAccessRestricted);
|
||||
}
|
||||
|
||||
var userInfo = await _userManager.GetUserByEmailAsync(email);
|
||||
if (!_userManager.UserExists(userInfo) || string.IsNullOrEmpty(userInfo.Email))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user