feat(piaf): ajoute une retriction d'IP sur la vue de collecte de paiement
Parent
a398ed0c61
révision
9cd739064d
|
@ -47,3 +47,6 @@
|
|||
# Numero de regie TIPI
|
||||
# NUMERO_REGIE=000001
|
||||
# SAISIE_TIPI=T
|
||||
|
||||
# RESEAU de la regie TIPI
|
||||
# TIPI_TRUSTED_NETWORK=127.0.0.1
|
||||
|
|
|
@ -14,6 +14,12 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import ipware
|
||||
import ipaddress
|
||||
|
||||
from django.conf import settings
|
||||
from django.http import HttpResponseNotFound
|
||||
|
||||
from piaf.base import models
|
||||
|
||||
|
||||
|
@ -22,3 +28,16 @@ class HackyMessagesMixin ():
|
|||
models.HackyMessages.process_messages(self.request)
|
||||
context = super().get_context_data(**kwargs)
|
||||
return context
|
||||
|
||||
|
||||
class RestrictToTipiHost ():
|
||||
def dispatch(self, *args, **kwargs):
|
||||
trusted_network = ipaddress.ip_network(
|
||||
settings.TIPI_TRUSTED_NETWORK,
|
||||
strict=False
|
||||
)
|
||||
client_ip, is_routable = ipware.get_client_ip(self.request)
|
||||
if ipaddress.ip_address(client_ip) not in trusted_network:
|
||||
return HttpResponseNotFound()
|
||||
else:
|
||||
return super().dispatch(*args, **kwargs)
|
||||
|
|
|
@ -449,3 +449,17 @@ class PayInvoiceOnBackendFailure(TestCase):
|
|||
)
|
||||
self.client.get(reverse('unpay_invoice'))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
|
||||
class TrustedPaidInvoice(TestCase):
|
||||
def setUp(self):
|
||||
self.client = Client()
|
||||
|
||||
def test_paid_invoice_authorized___but_fail(self):
|
||||
response = self.client.post(reverse('paid_invoice'), follow=False)
|
||||
self.assertEqual(response.status_code, 400)
|
||||
|
||||
def test_paid_invoice_unauthorized(self):
|
||||
with self.settings(TIPI_TRUSTED_NETWORK='192.0.2.0/24'):
|
||||
response = self.client.post(reverse('paid_invoice'), follow=False)
|
||||
self.assertEqual(response.status_code, 404)
|
||||
|
|
|
@ -278,16 +278,18 @@ class PrepareMergedInvoices(PrepareInvoice):
|
|||
return context
|
||||
|
||||
|
||||
class PaidInvoice(generic.edit.FormView):
|
||||
class PaidInvoice(mixins.RestrictToTipiHost, generic.edit.FormView):
|
||||
http_method_names = ['post']
|
||||
success_url = reverse_lazy('home')
|
||||
form_class = forms.PaidInvoiceForm
|
||||
context = {}
|
||||
|
||||
@method_decorator(csrf_exempt)
|
||||
def dispatch(self, *args, **kwargs):
|
||||
return super().dispatch(*args, **kwargs)
|
||||
|
||||
def form_invalid(self, form):
|
||||
return HttpResponseBadRequest()
|
||||
|
||||
def form_valid(self, form):
|
||||
# We don't use response from eopaiement.tipi since django's form
|
||||
# validation is stronger
|
||||
|
|
|
@ -279,8 +279,11 @@ MESSAGE_TAGS = {
|
|||
# ------------------------------------------------------------------------------
|
||||
|
||||
NUMERO_REGIE = env.str('NUMERO_REGIE', default='000001')
|
||||
|
||||
SAISIE_TIPI = env.str('SAISIE_TIPI', default='T')
|
||||
|
||||
TIPI_TRUSTED_NETWORK = env.str('TIPI_TRUSTED_NETWORK', default='127.0.0.1')
|
||||
|
||||
# RESTHYS CONNECTION
|
||||
# ------------------------------------------------------------------------------
|
||||
RESTHYS_BASEURL = env.str('RESTHYS_BASEURL', default='http://127.0.0.1:8080/')
|
||||
|
|
|
@ -101,3 +101,5 @@ if not os.path.isdir(var_dir('log')):
|
|||
# ------------------------------------------------------------------------------
|
||||
# APPLICATION AND 3RD PARTY LIBRARY SETTINGS
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
TIPI_TRUSTED_NETWORK = env.str('TIPI_TRUSTED_NETWORK')
|
||||
|
|
|
@ -2,3 +2,4 @@ django >=2.0,<2.1
|
|||
django-environ
|
||||
git+https://forge.cliss21.org/fpoulain/eopayment.git@wip/python3#egg=eopayment
|
||||
django-constance[database]
|
||||
django-ipware
|
||||
|
|
Chargement…
Référencer dans un nouveau ticket