iprestrictions
fix Verify add check enable add api method
This commit is contained in:
parent
a502c4ee52
commit
f9da8e4026
@ -3,6 +3,7 @@
|
|||||||
using ASC.Common;
|
using ASC.Common;
|
||||||
using ASC.Common.Logging;
|
using ASC.Common.Logging;
|
||||||
using ASC.Core;
|
using ASC.Core;
|
||||||
|
using ASC.Core.Common.Settings;
|
||||||
using ASC.IPSecurity;
|
using ASC.IPSecurity;
|
||||||
|
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
@ -19,9 +20,11 @@ namespace ASC.Api.Core.Middleware
|
|||||||
public IpSecurityFilter(
|
public IpSecurityFilter(
|
||||||
IOptionsMonitor<ILog> options,
|
IOptionsMonitor<ILog> options,
|
||||||
AuthContext authContext,
|
AuthContext authContext,
|
||||||
IPSecurity.IPSecurity IPSecurity)
|
IPSecurity.IPSecurity IPSecurity,
|
||||||
|
SettingsManager settingsManager)
|
||||||
{
|
{
|
||||||
log = options.CurrentValue;
|
log = options.CurrentValue;
|
||||||
|
IPRestrictionsSettings = settingsManager.Load<IPRestrictionsSettings>();
|
||||||
AuthContext = authContext;
|
AuthContext = authContext;
|
||||||
this.IPSecurity = IPSecurity;
|
this.IPSecurity = IPSecurity;
|
||||||
}
|
}
|
||||||
@ -36,7 +39,8 @@ namespace ASC.Api.Core.Middleware
|
|||||||
|
|
||||||
public void OnResourceExecuting(ResourceExecutingContext context)
|
public void OnResourceExecuting(ResourceExecutingContext context)
|
||||||
{
|
{
|
||||||
if (AuthContext.IsAuthenticated && !IPSecurity.Verify())
|
|
||||||
|
if (IPRestrictionsSettings.Enable && AuthContext.IsAuthenticated && !IPSecurity.Verify())
|
||||||
{
|
{
|
||||||
context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden);
|
context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden);
|
||||||
log.WarnFormat("IPSecurity: user {0}", AuthContext.CurrentAccount.ID);
|
log.WarnFormat("IPSecurity: user {0}", AuthContext.CurrentAccount.ID);
|
||||||
|
@ -75,7 +75,7 @@ namespace ASC.IPSecurity
|
|||||||
{
|
{
|
||||||
var key = IPRestrictionsServiceCache.GetCacheKey(tenant);
|
var key = IPRestrictionsServiceCache.GetCacheKey(tenant);
|
||||||
var restrictions = cache.Get<List<IPRestriction>>(key);
|
var restrictions = cache.Get<List<IPRestriction>>(key);
|
||||||
if (restrictions == null)
|
if (restrictions == null || restrictions.Count == 0)
|
||||||
{
|
{
|
||||||
restrictions = IPRestrictionsRepository.Get(tenant);
|
restrictions = IPRestrictionsRepository.Get(tenant);
|
||||||
cache.Insert(key, restrictions, timeout);
|
cache.Insert(key, restrictions, timeout);
|
||||||
|
@ -25,8 +25,10 @@
|
|||||||
|
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Net;
|
using System.Net;
|
||||||
|
using System.Net.Sockets;
|
||||||
using System.Web;
|
using System.Web;
|
||||||
|
|
||||||
using ASC.Common;
|
using ASC.Common;
|
||||||
@ -55,6 +57,7 @@ namespace ASC.IPSecurity
|
|||||||
private SettingsManager SettingsManager { get; }
|
private SettingsManager SettingsManager { get; }
|
||||||
|
|
||||||
private readonly string CurrentIpForTest;
|
private readonly string CurrentIpForTest;
|
||||||
|
private readonly string MyNetworks;
|
||||||
|
|
||||||
public IPSecurity(
|
public IPSecurity(
|
||||||
IConfiguration configuration,
|
IConfiguration configuration,
|
||||||
@ -72,6 +75,7 @@ namespace ASC.IPSecurity
|
|||||||
IPRestrictionsService = iPRestrictionsService;
|
IPRestrictionsService = iPRestrictionsService;
|
||||||
SettingsManager = settingsManager;
|
SettingsManager = settingsManager;
|
||||||
CurrentIpForTest = configuration["ipsecurity:test"];
|
CurrentIpForTest = configuration["ipsecurity:test"];
|
||||||
|
MyNetworks = configuration["ipsecurity.mynetworks"];
|
||||||
var hideSettings = (configuration["web:hide-settings"] ?? "").Split(new[] { ',', ';', ' ' });
|
var hideSettings = (configuration["web:hide-settings"] ?? "").Split(new[] { ',', ';', ' ' });
|
||||||
IpSecurityEnabled = !hideSettings.Contains("IpSecurity", StringComparer.CurrentCultureIgnoreCase);
|
IpSecurityEnabled = !hideSettings.Contains("IpSecurity", StringComparer.CurrentCultureIgnoreCase);
|
||||||
}
|
}
|
||||||
@ -109,6 +113,10 @@ namespace ASC.IPSecurity
|
|||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
if (IsMyNetwork(ips))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
@ -140,5 +148,42 @@ namespace ASC.IPSecurity
|
|||||||
var portIdx = ip.IndexOf(':');
|
var portIdx = ip.IndexOf(':');
|
||||||
return portIdx > 0 ? ip.Substring(0, portIdx) : ip;
|
return portIdx > 0 ? ip.Substring(0, portIdx) : ip;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private bool IsMyNetwork(string[] ips)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (!string.IsNullOrEmpty(MyNetworks))
|
||||||
|
{
|
||||||
|
var myNetworkIps = MyNetworks.Split(new[] { ",", " " }, StringSplitOptions.RemoveEmptyEntries);
|
||||||
|
|
||||||
|
if (ips.Any(requestIp => myNetworkIps.Any(ipAddress => MatchIPs(GetIpWithoutPort(requestIp), ipAddress))))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var hostName = Dns.GetHostName();
|
||||||
|
var hostAddresses = Dns.GetHostAddresses(Dns.GetHostName());
|
||||||
|
|
||||||
|
var localIPs = new List<IPAddress> { IPAddress.IPv6Loopback, IPAddress.Loopback };
|
||||||
|
|
||||||
|
localIPs.AddRange(hostAddresses.Where(ip => ip.AddressFamily == AddressFamily.InterNetwork || ip.AddressFamily == AddressFamily.InterNetworkV6));
|
||||||
|
|
||||||
|
foreach (var ipAddress in localIPs)
|
||||||
|
{
|
||||||
|
if (ips.Contains(ipAddress.ToString()))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
Log.ErrorFormat("Can't verify local network from request with IP-address: {0}", string.Join(",", ips), ex);
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1341,6 +1341,13 @@ namespace ASC.Api.Settings
|
|||||||
return IPRestrictionsService.Save(model.Ips, Tenant.TenantId);
|
return IPRestrictionsService.Save(model.Ips, Tenant.TenantId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Read("iprestrictions/settings")]
|
||||||
|
public IPRestrictionsSettings GetIpRestrictionsSettings()
|
||||||
|
{
|
||||||
|
PermissionContext.DemandPermissions(SecutiryConstants.EditPortalSettings);
|
||||||
|
return SettingsManager.Load<IPRestrictionsSettings>();
|
||||||
|
}
|
||||||
|
|
||||||
[Update("iprestrictions/settings")]
|
[Update("iprestrictions/settings")]
|
||||||
public IPRestrictionsSettings UpdateIpRestrictionsSettingsFromBody([FromBody] IpRestrictionsModel model)
|
public IPRestrictionsSettings UpdateIpRestrictionsSettingsFromBody([FromBody] IpRestrictionsModel model)
|
||||||
{
|
{
|
||||||
|
@ -36,6 +36,7 @@ using ASC.Core;
|
|||||||
using ASC.Core.Common.Settings;
|
using ASC.Core.Common.Settings;
|
||||||
using ASC.Core.Tenants;
|
using ASC.Core.Tenants;
|
||||||
using ASC.Core.Users;
|
using ASC.Core.Users;
|
||||||
|
using ASC.IPSecurity;
|
||||||
using ASC.MessagingSystem;
|
using ASC.MessagingSystem;
|
||||||
using ASC.Web.Core.PublicResources;
|
using ASC.Web.Core.PublicResources;
|
||||||
using ASC.Web.Core.Utility;
|
using ASC.Web.Core.Utility;
|
||||||
@ -259,7 +260,9 @@ namespace ASC.Web.Core.Users
|
|||||||
email = (email ?? "").Trim();
|
email = (email ?? "").Trim();
|
||||||
if (!email.TestEmailRegex()) throw new ArgumentNullException(nameof(email), Resource.ErrorNotCorrectEmail);
|
if (!email.TestEmailRegex()) throw new ArgumentNullException(nameof(email), Resource.ErrorNotCorrectEmail);
|
||||||
|
|
||||||
if (!IPSecurity.Verify())
|
var settings = SettingsManager.Load<IPRestrictionsSettings>();
|
||||||
|
|
||||||
|
if (settings.Enable && !IPSecurity.Verify())
|
||||||
{
|
{
|
||||||
throw new Exception(Resource.ErrorAccessRestricted);
|
throw new Exception(Resource.ErrorAccessRestricted);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user