diff options
| author | Frédéric Mangano-Tarumi <fmang@mg0.fr> | 2020-07-20 16:25:11 +0200 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2021-02-20 17:24:30 +0100 |
| commit | 0e08b151e5c3606e573b1f7113466b5dd6efdcef (patch) | |
| tree | c1e5112c6b4b8e585b751b5fd5dd8c8a122aa150 | |
| parent | 357dba87b3ee784a4201a7bb56befb105b81bbf5 (diff) | |
| download | aur-0e08b151e5c3606e573b1f7113466b5dd6efdcef.tar.gz aur-0e08b151e5c3606e573b1f7113466b5dd6efdcef.tar.xz | |
SSO: Port IP ban checking
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
| -rw-r--r-- | aurweb/routers/sso.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py index 04ecdca6..efd4462c 100644 --- a/aurweb/routers/sso.py +++ b/aurweb/routers/sso.py @@ -14,7 +14,7 @@ from starlette.requests import Request import aurweb.config import aurweb.db -from aurweb.schema import Sessions, Users +from aurweb.schema import Bans, Sessions, Users router = fastapi.APIRouter() @@ -57,13 +57,28 @@ def open_session(conn, user_id): return sid +def is_ip_banned(conn, ip): + """ + Check if an IP is banned. `ip` is a string and may be an IPv4 as well as an + IPv6, depending on the server’s configuration. + """ + result = conn.execute(Bans.select().where(Bans.c.IPAddress == ip)) + return result.fetchone() is not None + + @router.get("/sso/authenticate") async def authenticate(request: Request, conn=Depends(aurweb.db.connect)): """ Receive an OpenID Connect ID token, validate it, then process it to create an new AUR session. """ - # TODO check for banned IPs + # TODO Handle translations + if is_ip_banned(conn, request.client.host): + raise HTTPException( + status_code=403, + detail='The login form is currently disabled for your IP address, ' + 'probably due to sustained spam attacks. Sorry for the ' + 'inconvenience.') token = await oauth.sso.authorize_access_token(request) user = await oauth.sso.parse_id_token(request, token) sub = user.get("sub") # this is the SSO account ID in JWT terminology |