[Bug 24537] New: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Bug ID: 24537 Summary: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Web services Assignee: koha-bugs@lists.koha-community.org Reporter: dcook@prosentient.com.au QA Contact: testopia@bugs.koha-community.org By using Net::Netmask (introduced by Bug 23068), we can allow IP ranges in the ILS-DI:AuthorizedIPs system preference. This makes it much easier to integrate with other systems. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Patch complexity|--- |Small patch Status|NEW |Needs Signoff -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 --- Comment #1 from David Cook <dcook@prosentient.com.au> --- Created attachment 98105 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=98105&action=edit Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24, 10.0.0, and so on. To Test: 1. Apply the patch 2. Empty the 'ILS-DI:AuthorizedIPs' system preference 3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 3b. Note that the request is successful 4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including your IP address (e.g. 192.168.1.0/24) 5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 5b. Note that the request is successful 6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include your IP address (e.g. 1.1.1) 7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 7b. Note that your request is refused 8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values (e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=23068 -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 --- Comment #2 from David Cook <dcook@prosentient.com.au> --- Note that this really shines when you're running Koha behind a reverse proxy and you use koha_trusted_proxies to set your REMOTE_USER to the IP address that contacted your reverse proxy (or the last one in a trust chain). (Note also that there are other places in Koha that could benefit from this. Like OpacSuppressionByIPRange, RestrictedPageLocalIPs, etc.) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bc@interleaf.ie --- Comment #3 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- *** Bug 20243 has been marked as a duplicate of this bug. *** -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |dcook@prosentient.com.au |ity.org | -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Michal Denar <black23@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |black23@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #98105|0 |1 is obsolete| | --- Comment #4 from David Nind <david@davidnind.com> --- Created attachment 102172 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102172&action=edit Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24, 10.0.0, and so on. To Test: 1. Apply the patch 2. Empty the 'ILS-DI:AuthorizedIPs' system preference 3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 3b. Note that the request is successful 4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including your IP address (e.g. 192.168.1.0/24) 5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 5b. Note that the request is successful 6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include your IP address (e.g. 1.1.1) 7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 7b. Note that your request is refused 8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values (e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values Signed-off-by: David Nind <david@davidnind.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 --- Comment #5 from David Cook <dcook@prosentient.com.au> --- Thanks, David! You're a legend :). -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kyle@bywatersolutions.com QA Contact|testopia@bugs.koha-communit |kyle@bywatersolutions.com |y.org | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #102172|0 |1 is obsolete| | --- Comment #6 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 102213 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102213&action=edit Bug 24537: Allow IP ranges in ILS-DI:AuthorizedIPs using Net::Netmask This patch uses Net::Netmask to match IPs from ILS-DI:AuthorizedIPs against $ENV{REMOTE_USER}. By using Net::Netmask, we can use addresses in a variety of formats. This includes 127.0.0.1, 192.168.1.0/24, 10.0.0, and so on. To Test: 1. Apply the patch 2. Empty the 'ILS-DI:AuthorizedIPs' system preference 3. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 3b. Note that the request is successful 4. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet including your IP address (e.g. 192.168.1.0/24) 5. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 5b. Note that the request is successful 6. Set the 'ILS-DI:AuthorizedIPs' system preference to a subnet that doesn't include your IP address (e.g. 1.1.1) 7. Send a request to '/cgi-bin/koha/ilsdi.pl?service=LookupPatron&id=1&id_type=cardnumber' 7b. Note that your request is refused 8. Try a variety of permutations including bad values (e.g. 192.168.1.) or multiple values (e.g. 10.0.0.0/8,192.168.1.0/24) or multiple values including a mix of good and bad values Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 --- Comment #7 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 102214 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=102214&action=edit Bug 24537: Tidy code Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to master Version(s)| |20.05.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 --- Comment #8 from Martin Renvoize <martin.renvoize@ptfs-europe.com> --- Nice work everyone! Pushed to master for 20.05 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Joy Nelson <joy@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |joy@bywatersolutions.com --- Comment #9 from Joy Nelson <joy@bywatersolutions.com> --- enhancement not backported to 19.11.x -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the| |It's now possible to not release notes| |only allow a single IP, but | |multiple IPs, IP ranges and | |subnets access to the | |ILS-DI API. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24537 Martin Renvoize <martin.renvoize@ptfs-europe.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@ptfs-europe | |.com Summary|Allow IP ranges in |Add support for IP ranges |ILS-DI:AuthorizedIPs using |in ILS-DI:AuthorizedIPs |Net::Netmask |using Net::Netmask -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org