git.koha-community.org Git - koha.git/commit

author	David Cook <dcook@prosentient.com.au>
	Thu, 30 Jan 2020 03:53:09 +0000 (14:53 +1100)
committer	Martin Renvoize <martin.renvoize@ptfs-europe.com>
	Mon, 6 Apr 2020 10:00:44 +0000 (11:00 +0100)
commit	cede9bbe43f39d44317b7cd9ba742a71d45e67f9
tree	49c65e224c9c6df1bcae3b1bb01047a6b362fad8	tree \| snapshot
parent	2e1e9c5b4846b057ac707f3e5fc84427c1dd71d9	commit \| diff

Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask

This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs
against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses
in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24,
10.0.0, and so on.

To Test:
1. Apply the patch
2. Empty the 'ILS-DI:AuthorizedIPs' system preference
3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
3b. Note that the request is successful
4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including
your IP address (e.g. 192.168.1.0/24)
5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
5b. Note that the request is successful
6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include
your IP address (e.g. 1.1.1)
7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber'
7b. Note that your request is refused
8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values
(e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>