Browse Source

feat(piaf): ajoute une retriction d'IP sur la vue de collecte de paiement

master
François Poulain 1 year ago
parent
commit
9cd739064d
7 changed files with 46 additions and 2 deletions
  1. +3
    -0
      config.env.example
  2. +19
    -0
      piaf/base/mixins.py
  3. +14
    -0
      piaf/base/tests.py
  4. +4
    -2
      piaf/base/views.py
  5. +3
    -0
      piaf/settings/base.py
  6. +2
    -0
      piaf/settings/production.py
  7. +1
    -0
      requirements/base.txt

+ 3
- 0
config.env.example View File

@@ -47,3 +47,6 @@
# Numero de regie TIPI
# NUMERO_REGIE=000001
# SAISIE_TIPI=T

# RESEAU de la regie TIPI
# TIPI_TRUSTED_NETWORK=127.0.0.1

+ 19
- 0
piaf/base/mixins.py View File

@@ -14,6 +14,12 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

import ipware
import ipaddress

from django.conf import settings
from django.http import HttpResponseNotFound

from piaf.base import models


@@ -22,3 +28,16 @@ class HackyMessagesMixin ():
models.HackyMessages.process_messages(self.request)
context = super().get_context_data(**kwargs)
return context


class RestrictToTipiHost ():
def dispatch(self, *args, **kwargs):
trusted_network = ipaddress.ip_network(
settings.TIPI_TRUSTED_NETWORK,
strict=False
)
client_ip, is_routable = ipware.get_client_ip(self.request)
if ipaddress.ip_address(client_ip) not in trusted_network:
return HttpResponseNotFound()
else:
return super().dispatch(*args, **kwargs)

+ 14
- 0
piaf/base/tests.py View File

@@ -449,3 +449,17 @@ class PayInvoiceOnBackendFailure(TestCase):
)
self.client.get(reverse('unpay_invoice'))
self.assertEqual(response.status_code, 200)


class TrustedPaidInvoice(TestCase):
def setUp(self):
self.client = Client()

def test_paid_invoice_authorized___but_fail(self):
response = self.client.post(reverse('paid_invoice'), follow=False)
self.assertEqual(response.status_code, 400)

def test_paid_invoice_unauthorized(self):
with self.settings(TIPI_TRUSTED_NETWORK='192.0.2.0/24'):
response = self.client.post(reverse('paid_invoice'), follow=False)
self.assertEqual(response.status_code, 404)

+ 4
- 2
piaf/base/views.py View File

@@ -278,16 +278,18 @@ class PrepareMergedInvoices(PrepareInvoice):
return context


class PaidInvoice(generic.edit.FormView):
class PaidInvoice(mixins.RestrictToTipiHost, generic.edit.FormView):
http_method_names = ['post']
success_url = reverse_lazy('home')
form_class = forms.PaidInvoiceForm
context = {}

@method_decorator(csrf_exempt)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)

def form_invalid(self, form):
return HttpResponseBadRequest()

def form_valid(self, form):
# We don't use response from eopaiement.tipi since django's form
# validation is stronger

+ 3
- 0
piaf/settings/base.py View File

@@ -279,8 +279,11 @@ MESSAGE_TAGS = {
# ------------------------------------------------------------------------------

NUMERO_REGIE = env.str('NUMERO_REGIE', default='000001')

SAISIE_TIPI = env.str('SAISIE_TIPI', default='T')

TIPI_TRUSTED_NETWORK = env.str('TIPI_TRUSTED_NETWORK', default='127.0.0.1')

# RESTHYS CONNECTION
# ------------------------------------------------------------------------------
RESTHYS_BASEURL = env.str('RESTHYS_BASEURL', default='http://127.0.0.1:8080/')

+ 2
- 0
piaf/settings/production.py View File

@@ -101,3 +101,5 @@ if not os.path.isdir(var_dir('log')):
# ------------------------------------------------------------------------------
# APPLICATION AND 3RD PARTY LIBRARY SETTINGS
# ------------------------------------------------------------------------------

TIPI_TRUSTED_NETWORK = env.str('TIPI_TRUSTED_NETWORK')

+ 1
- 0
requirements/base.txt View File

@@ -2,3 +2,4 @@ django >=2.0,<2.1
django-environ
git+https://forge.cliss21.org/fpoulain/eopayment.git@wip/python3#egg=eopayment
django-constance[database]
django-ipware

Loading…
Cancel
Save