KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix issue matching IPs when whitelisting is enabled

Browse source
This commit is contained in:
Andrew Hancox 2017-11-18 14:10:45 +00:00
parent f0f988e9d3
commit 91c4be7df4
2 changed files with 53 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

61
classes/core_userkey_manager.php
View file

@ -122,38 +122,45 @@ class core_userkey_manager implements userkey_manager_interface {
print_error('expiredkey');
}
if ($key->iprestriction) {
$remoteaddr = getremoteaddr(null);
if (isset($this->config->ipwhitelist)) {
$whitelist = $this->config->ipwhitelist;
} else {
$whitelist = false;
}
if (empty($remoteaddr) ) {
print_error('noip', 'auth_userkey');
} else if (!empty($whitelist)) {
$ips = explode(';', $whitelist);
$whitelisted = false;
foreach ($ips as $ip) {
if (address_in_subnet($remoteaddr, $ip)) {
$whitelisted = true;
}
}
if (!$whitelisted) {
print_error('ipmismatch', 'error', '', null, "Remote address: $remoteaddr\nKey IP: $key->iprestriction");
}
} else if (!address_in_subnet($remoteaddr, $key->iprestriction)) {
print_error('ipmismatch', 'error', '', null, "Remote address: $remoteaddr\nKey IP: $key->iprestriction");
}
}
if (!$user = $DB->get_record('user', array('id' => $key->userid))) {
print_error('invaliduserid');
}
$this->validate_ip_address($key);
return $key;
}
/**
* Validates key IP address and returns true if valid.
*
* @param object $key Key object including userid property.
*
* @throws \moodle_exception If provided key is not valid.
*/
protected function validate_ip_address($key) {
if (!$key->iprestriction) {
return true;
}
$remoteaddr = getremoteaddr(null);
if (empty($remoteaddr)) {
print_error('noip', 'auth_userkey');
}
if (address_in_subnet($remoteaddr, $key->iprestriction)) {
return true;
}
if (isset($this->config->ipwhitelist)) {
$ips = explode(';', $this->config->ipwhitelist);
foreach ($ips as $ip) {
if (address_in_subnet($remoteaddr, $ip)) {
return true;
}
}
}
print_error('ipmismatch', 'error', '', null, "Remote address: $remoteaddr\nKey IP: $key->iprestriction");
}
}