From e4eb3a70415665e868fef2688ee9a3b56d8283e9 Mon Sep 17 00:00:00 2001 From: Hayley Mapley Date: Mon, 27 May 2019 13:57:05 +1200 Subject: [PATCH] Bug 22943: Renames the in_ipset function to in_iprange in C4::Auth Bug 14407 introduced a new system preference to allow limiting the online self checkout system to an IP or IP Range. The function that handles this is called in_ipset, which is the name of a linux tool. To stop confusion, this patch renames the function to 'in_iprange', and the variable 'ipset' within it to 'iprange'. To test, follow the test plans outlined in Bug 14407 and confirm that everything works as expected. Sponsored-by: Catalyst IT Signed-off-by: Martin Renvoize Signed-off-by: Katrin Fischer Signed-off-by: Martin Renvoize Signed-off-by: Joy Nelson (cherry picked from commit 46b219864e3ea001d05dc69e960fd77c00c5eed6) Signed-off-by: Lucas Gass --- C4/Auth.pm | 16 ++++++++-------- opac/sco/printslip.pl | 2 +- opac/sco/sco-main.pl | 4 ++-- opac/sco/sco-patron-image.pl | 4 ++-- t/Auth.t | 28 ++++++++++++++-------------- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 70950261e6..fa3b14e6e6 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -61,7 +61,7 @@ BEGIN { @ISA = qw(Exporter); @EXPORT = qw(&checkauth &get_template_and_user &haspermission &get_user_subpermissions); @EXPORT_OK = qw(&check_api_auth &get_session &check_cookie_auth &checkpw &checkpw_internal &checkpw_hash - &get_all_subpermissions &get_user_subpermissions track_login_daily &in_ipset + &get_all_subpermissions &get_user_subpermissions track_login_daily &in_iprange ); %EXPORT_TAGS = ( EditPermissions => [qw(get_all_subpermissions get_user_subpermissions)] ); $ldap = C4::Context->config('useldapserver') || 0; @@ -2118,20 +2118,20 @@ sub haspermission { #FIXME - This fcn should return the failed permission so a suitable error msg can be delivered. } -=head2 in_ipset +=head2 in_iprange - $flags = ($ipset); + $flags = ($iprange); -C<$ipset> A space separated string describing an IP set. Can include single IPs or ranges +C<$iprange> A space separated string describing an IP range. Can include single IPs or ranges -Returns 1 if the remote address is in the provided ipset, or 0 otherwise. +Returns 1 if the remote address is in the provided iprange, or 0 otherwise. =cut -sub in_ipset { - my ($ipset) = @_; +sub in_iprange { + my ($iprange) = @_; my $result = 1; - my @allowedipranges = $ipset ? split(' ', $ipset) : (); + my @allowedipranges = $iprange ? split(' ', $iprange) : (); if (scalar @allowedipranges > 0) { my @rangelist; eval { @rangelist = Net::CIDR::range2cidr(@allowedipranges); }; return 0 if $@; diff --git a/opac/sco/printslip.pl b/opac/sco/printslip.pl index 8234e891a5..d914c288cc 100755 --- a/opac/sco/printslip.pl +++ b/opac/sco/printslip.pl @@ -35,7 +35,7 @@ use C4::Members; use C4::Koha; my $input = new CGI; -unless ( in_ipset(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { +unless ( in_iprange(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { print $input->header(status => '403 Forbidden - functionality not available from your location'); exit; } diff --git a/opac/sco/sco-main.pl b/opac/sco/sco-main.pl index a41971d802..efc0f90af2 100755 --- a/opac/sco/sco-main.pl +++ b/opac/sco/sco-main.pl @@ -35,7 +35,7 @@ use Modern::Perl; use CGI qw ( -utf8 ); -use C4::Auth qw(get_template_and_user checkpw in_ipset); +use C4::Auth qw(get_template_and_user checkpw in_iprange); use C4::Koha; use C4::Circulation; use C4::Reserves; @@ -59,7 +59,7 @@ unless (C4::Context->preference('WebBasedSelfCheck')) { exit; } -unless ( in_ipset(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { +unless ( in_iprange(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { # redirect to OPAC home if self-checkout not permitted from current IP print $query->redirect("/cgi-bin/koha/opac-main.pl"); exit; diff --git a/opac/sco/sco-patron-image.pl b/opac/sco/sco-patron-image.pl index b61130eda1..e997ab984b 100755 --- a/opac/sco/sco-patron-image.pl +++ b/opac/sco/sco-patron-image.pl @@ -18,7 +18,7 @@ # along with Koha; if not, see . use Modern::Perl; -use C4::Auth qw(in_ipset); +use C4::Auth qw(in_iprange); use C4::Service; use C4::Members; use Koha::Patron::Images; @@ -36,7 +36,7 @@ unless (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) { exit; } -unless ( in_ipset(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { +unless ( in_iprange(C4::Context->preference('SelfCheckAllowByIPRanges')) ) { print $query->header(status => '403 Forbidden - functionality not available from your location'); exit; } diff --git a/t/Auth.t b/t/Auth.t index d9045947c1..4ab2e8997a 100644 --- a/t/Auth.t +++ b/t/Auth.t @@ -19,24 +19,24 @@ use Modern::Perl; use Test::More tests => 13; use Test::Warn; -use C4::Auth qw / in_ipset /; +use C4::Auth qw / in_iprange /; $ENV{REMOTE_ADDR} = '192.168.1.30'; my $ipset1 = "192.168.1.30"; -ok(in_ipset("192.168.1.30"), 'simple single ip matching remote ip'); -ok(!in_ipset("192.168.1.31"), 'simple single ip not match remote ip'); -ok(in_ipset("192.168.1.1/24"), 'simple ip range/24 with remote ip in it'); -ok(!in_ipset("192.168.2.1/24"), 'simple ip range/24 with remote ip not in it'); -ok(in_ipset("192.168.2.1/16"), 'simple ip range/16 with remote ip in it'); -ok(!in_ipset("192.168.1.10-30"), 'invalidly represented IP range with remote ip in it'); -ok(in_ipset("192.168.1.10-192.168.1.30"), 'validly represented ip range with remote ip in it'); -ok(in_ipset("127.0.0.1 192.168.1.30 192.168.2.10-192.168.2.25"), 'multiple ips and ranges, including the remote ip'); -ok(!in_ipset("127.0.0.1 8.8.8.8 192.168.2.1/24 192.168.3.1/24 192.168.1.1-192.168.1.29"), "multiple ip and ip ranges, with the remote ip in none of them"); -ok(in_ipset(""), "blank list given, no preference set - implies everything goes through."); -ok(in_ipset(), "no list given, no preference set - implies everything goes through."); -ok(in_ipset("192.168.1.1/36"), 'simple invalid ip range/36 with remote ip in it'); +ok(in_iprange("192.168.1.30"), 'simple single ip matching remote ip'); +ok(!in_iprange("192.168.1.31"), 'simple single ip not match remote ip'); +ok(in_iprange("192.168.1.1/24"), 'simple ip range/24 with remote ip in it'); +ok(!in_iprange("192.168.2.1/24"), 'simple ip range/24 with remote ip not in it'); +ok(in_iprange("192.168.2.1/16"), 'simple ip range/16 with remote ip in it'); +ok(!in_iprange("192.168.1.10-30"), 'invalidly represented IP range with remote ip in it'); +ok(in_iprange("192.168.1.10-192.168.1.30"), 'validly represented ip range with remote ip in it'); +ok(in_iprange("127.0.0.1 192.168.1.30 192.168.2.10-192.168.2.25"), 'multiple ips and ranges, including the remote ip'); +ok(!in_iprange("127.0.0.1 8.8.8.8 192.168.2.1/24 192.168.3.1/24 192.168.1.1-192.168.1.29"), "multiple ip and ip ranges, with the remote ip in none of them"); +ok(in_iprange(""), "blank list given, no preference set - implies everything goes through."); +ok(in_iprange(), "no list given, no preference set - implies everything goes through."); +ok(in_iprange("192.168.1.1/36"), 'simple invalid ip range/36 with remote ip in it'); $ENV{DEBUG} = 1; -warning_like { in_ipset("192.168.1.1/36") } +warning_like { in_iprange("192.168.1.1/36") } qr/cidrlookup failed for/, 'noisy simple invalid ip range/36 with remote ip in it'; -- 2.39.5