[MediaWiki-commits] [Gerrit] Allow specifying the allowed IPs in a message - change (mediawiki...NetworkAuth)

Mon, 13 Jun 2016 23:11:55 -0700 

Brian Wolff has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/294251

Change subject: Allow specifying the allowed IPs in a message
......................................................................

Allow specifying the allowed IPs in a message

This lets you do config like:
 $wgNetworkAuthUsers[] = [
        'ipmsg' => 'networkauth-ips',
        'user' => 'Foo'
 );

And then have the list of IPs be on MediaWiki:networkauth-ips

The format of the message is a * followed by either an
IP address (192.168.0.1), a plain range (10.0.0.3 - 10.0.0.5)
or a CIDR range (10.1.0.0/16). Any line not not starting with a *
is considered a comment and ignored.

Change-Id: I504258a41208a298a989a137b7da92f9f027ce2e
---
M NetworkAuth.class.php
1 file changed, 28 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/NetworkAuth 
refs/changes/51/294251/1

diff --git a/NetworkAuth.class.php b/NetworkAuth.class.php
index a7948ad..96339a1 100644
--- a/NetworkAuth.class.php
+++ b/NetworkAuth.class.php
@@ -108,6 +108,33 @@
                                        }
                                }
 
+                               // Get IP ranges from a MediaWiki namespace page
+                               // Stolen from 
Block::isWhitelistedFromAutoblocks()
+                               if ( isset( $authrecord['ipmsg'] ) ) {
+                                       $msg = wfMessage( $authrecord['ipmsg'] )
+                                               ->inContentLanguage()
+                                               ->plain();
+                                       $msgLines = explode( "\n", $msg );
+
+                                       foreach( $msgLines as $line ) {
+                                               if ( substr( $line, 0, 1 ) !== 
'*' ) {
+                                                       continue;
+                                               }
+                                               $wlEntry = substr( $line, 1 );
+                                               $wlEntry = trim( $wlEntry );
+
+                                               wfDebug( "Checking $ip against 
$wlEntry..." );
+
+                                               # Is the IP in this range?
+                                               if ( IP::isInRange( $ip, 
$wlEntry ) ) {
+                                                       wfDebug( " IP $ip 
matches $wlEntry\n" );
+                                                       $matched = true;
+                                                       break 2;
+                                                       return true;
+                                               }
+                                       }
+                               }
+
                                // test IP pattern
                                if ( isset( $authrecord['ippattern'] ) ) {
                                        $patterns = $authrecord['ippattern'];
@@ -265,4 +292,4 @@
 
                return true;
        }
-}
\ No newline at end of file
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/294251
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I504258a41208a298a989a137b7da92f9f027ce2e
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/NetworkAuth
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to