Skip to content
Snippets Groups Projects
Commit 8cdeecf0 authored by CMS's avatar CMS
Browse files

A hack for subnet-based authentication

parent bc8a0700
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
cms/server/contest/authentication.py
+ 7
1
View file @ 8cdeecf0
...@@ -30,6 +30,7 @@ import json ...@@ -30,6 +30,7 @@ import json
import logging import logging
from datetime import timedelta from datetime import timedelta
from sqlalchemy import or_
from sqlalchemy.orm import contains_eager, joinedload from sqlalchemy.orm import contains_eager, joinedload
from cms import config from cms import config
...@@ -247,10 +248,15 @@ def _authenticate_request_by_ip_address(sql_session, contest, ip_address): ...@@ -247,10 +248,15 @@ def _authenticate_request_by_ip_address(sql_session, contest, ip_address):
# since we're comparing it for equality with other networks. # since we're comparing it for equality with other networks.
ip_network = ipaddress.ip_network((ip_address, ip_address.max_prefixlen)) ip_network = ipaddress.ip_network((ip_address, ip_address.max_prefixlen))
# FIXME: Subnet-based login for VPN users with dynamically allocated addresses
# Currently special-cased to /24.
ip_subnet = ipaddress.ip_network((ip_address, 24), strict=False)
participations = sql_session.query(Participation) \ participations = sql_session.query(Participation) \
.options(joinedload(Participation.user)) \ .options(joinedload(Participation.user)) \
.filter(Participation.contest == contest) \ .filter(Participation.contest == contest) \
.filter(Participation.ip.any(ip_network)) .filter(or_(Participation.ip.any(ip_network),
Participation.ip.any(ip_subnet)))
# If hidden users are blocked we ignore them completely. # If hidden users are blocked we ignore them completely.
if contest.block_hidden_participations: if contest.block_hidden_participations:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment