mirror/moodle-auth_ip
1
0
Fork 0
mirror of https://github.com/SREd-URV/moodle-auth_ip.git synced 2026-05-16 21:41:30 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4 from robertboloc/feature-cidr-support

Browse Source 
Added CIDR support
This commit is contained in:
Jordi Pujol-Ahulló
2015-07-24 09:58:07 +02:00
parent 86d14bf068 0cb18b4573
commit 27ff9ab2db
2 changed files with 150 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
auth.php
View File

@@ -38,12 +38,9 @@ require_once($CFG->dirroot.'/auth/manual/auth.php');
*/
class auth_plugin_ip extends auth_plugin_manual {
/**
* Constructor
*/
function __construct() {
$this->authtype = 'ip';
$this->config = get_config('auth_ip');
$this->config = get_config('auth_ip');
}
/**
@@ -57,19 +54,66 @@ class auth_plugin_ip extends auth_plugin_manual {
function user_login($username, $password) {
global $DB, $CFG;
if (($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id)))) {
$valid_ips = explode(',', $this->config->valid_ips);
//check if IP is one of the restricted ones.
$remote_addr = filter_input(INPUT_SERVER, 'REMOTE_ADDR');
if (isset($remote_addr) && in_array($remote_addr, $valid_ips)) {
// Check if IP is one of the restricted ones.
$userIp = filter_input(INPUT_SERVER, 'REMOTE_ADDR');
if (isset($userIp) && $this->is_ip_valid($userIp)) {
return validate_internal_user_password($user, $password);
} else {
return false;
}
}
// if no valid username, we do not allow to create a new user using this auth type.
// If no valid username, we do not allow to create a new user using this auth type.
return false;
}
/**
* Determine if the $ip is in the allowed list of IP or CIDR.
*
* @see https://secure.php.net/manual/en/ref.network.php#74656
* @param $ip
* @return bool
*/
function is_ip_valid($ip) {
// List of allowed IP addresses or CIDR ranges
$valid_ips_or_cidrs = explode(',', str_replace(' ', '', $this->config->valid_ips));
// Check all the allowed IP or CIDR for matches
foreach ($valid_ips_or_cidrs as $valid_ip_or_cidr) {
// If CIDR check if in range
if ($this->is_cidr($valid_ip_or_cidr)) {
list ($net, $mask) = explode('/', $valid_ip_or_cidr);
$ip_net = ip2long($net);
$ip_mask = ~((1 << (32 - $mask)) - 1);
$ip_ip = ip2long($ip);
$ip_ip_net = $ip_ip & $ip_mask;
if ($ip_ip_net === $ip_net) {
return true;
}
// Simple IP compare with equality
} elseif ($valid_ip_or_cidr === $ip) {
return true;
}
}
// No match found mark as not allowed
return false;
}
/**
* Check if a string is a CIDR.
*
* @param string $ip_or_cidr
* @return bool
*/
function is_cidr($ip_or_cidr) {
return strpos($ip_or_cidr, '/') > 0;
}
/**
* Returns true if this authentication plugin is 'internal'.
*
@@ -90,7 +134,7 @@ class auth_plugin_ip extends auth_plugin_manual {
* @param array $user_fields
* @return void
*/
function config_form($config, $err, $user_fields) {
function config_form($config, $error, $user_fields) {
include 'config.html';
}

96
tests/ip_test.php Normal file
View File

@@ -0,0 +1,96 @@
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot.'/auth/ip/auth.php');
class auth_ip_testcase extends advanced_testcase {
protected $authplugin;
protected function setUp() {
$this->authplugin = new auth_plugin_ip();
}
/**
* Test that valid IPs or IPs in range are detected as valid.
*
* @dataProvider is_ip_valid_data_provider
*
* @param array $valid_ips
* @param string $ip
* @param boolean $is_valid
*/
public function test_is_ip_valid_detects_valid_ips($valid_ips, $ip, $is_valid) {
$this->authplugin->config->valid_ips = $valid_ips;
$this->assertEquals(
$is_valid,
$this->authplugin->is_ip_valid($ip)
);
}
/**
* @return array
*/
public static function is_ip_valid_data_provider() {
return array(
array('192.168.1.1,192.168.1.2', '192.168.1.1', true),
array('192.168.1.1,192.168.1.2', '192.168.1.3', false),
array('192.168.0.0/24', '192.168.0.200', true),
array('111.112.0.0/12,96.0.0.0/6', '192.168.0.200', false),
array('111.112.0.0/12,96.0.0.0/6', '99.255.255.254', true),
array('111.112.0.0/12,10.40.22.0/24,96.0.0.0/6', '10.40.22.50', true),
array('111.112.0.0/12, 10.40.22.0/24, 96.0.0.0/6', '10.40.22.50', true),
array(' 111.112.0.0 ', '111.112.0.0', true), // Extra spaces for testing
);
}
/**
* Test range detection
*
* @dataProvider is_cidr_data_provider
*
* @param string $ip_or_cidr
* @param boolean $is_cidr
*/
public function test_is_cidr_detects_cidrs($ip_or_cidr, $is_cidr) {
$this->assertEquals(
$this->authplugin->is_cidr($ip_or_cidr),
$is_cidr
);
}
/**
* @return array
*/
public static function is_cidr_data_provider() {
return array(
array('192.168.1.1', false),
array('192.168.1.1/24', true),
array('10.15.1.1', false),
array('10.15.1.1/2', true),
);
}
/**
* Test the plugin is not marked as internal.
*/
public function test_is_not_internal() {
$this->assertFalse($this->authplugin->is_internal());
}
}