← Back to team overview

widelands-dev team mailing list archive

[Merge] lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website

 

kaputtnik has proposed merging lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.

Requested reviews:
  Widelands Developers (widelands-dev)

For more details, see:
https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337

Fixes getting the real ip address.

Please take a look into the (unchanged) line of http://bazaar.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/view/head:/tracking/utils.py#L19 :

ip_address = request.META.get('HTTP_X_FORWARDED_FOR',
                                  request.META.get('REMOTE_ADDR', '127.0.0.1'))

It looks like the one parameter is used if the previous doesn't exist. But i couldn't find a documentation of the function get() to use it like this. Because we use the tracking only for showing online users (and not all the other things it can do), it needs also a big cleanup or replaced with another, or own, implementation.

I couldn't test this branch on localhost for HTTP_X_FORWARDED_FOR (no proxy), so we might want to test it on the alpha-site.
-- 
Your team Widelands Developers is requested to review the proposed merge of lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website.
=== modified file 'djangoratings/templatetags/ratings.py'
--- djangoratings/templatetags/ratings.py	2016-05-18 19:31:46 +0000
+++ djangoratings/templatetags/ratings.py	2016-10-13 06:59:18 +0000
@@ -8,6 +8,7 @@
 from django.db.models import ObjectDoesNotExist
 
 from djangoratings.models import Vote
+from wl_utils import get_real_ip
 
 register = template.Library()
 
@@ -25,7 +26,7 @@
         except (template.VariableDoesNotExist, AttributeError):
             return ''
         try:
-            vote = field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES)
+            vote = field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES)
             context[self.context_var] = vote
         except ObjectDoesNotExist:
             context[self.context_var] = 0

=== modified file 'djangoratings/views.py'
--- djangoratings/views.py	2016-05-18 19:31:46 +0000
+++ djangoratings/views.py	2016-10-13 06:59:18 +0000
@@ -5,6 +5,7 @@
 from exceptions import *
 from django.conf import settings
 from default_settings import RATINGS_VOTES_PER_IP
+from wl_utils import get_real_ip
 
 class AddRatingView(object):
     def __call__(self, request, content_type_id, object_id, field_name, score):
@@ -30,12 +31,12 @@
             'score': score,
         })
         
-        had_voted = bool(field.get_rating_for_user(request.user, request.META['REMOTE_ADDR'], request.COOKIES))
+        had_voted = bool(field.get_rating_for_user(request.user, get_real_ip(request), request.COOKIES))
         
         context['had_voted'] = had_voted
                     
         try:
-            adds = field.add(score, request.user, request.META.get('REMOTE_ADDR'), request.COOKIES)
+            adds = field.add(score, request.user, get_real_ip(request), request.COOKIES)
         except IPLimitReached:
             return self.too_many_votes_from_ip_response(request, context)
         except AuthRequired:

=== modified file 'pybb/views.py'
--- pybb/views.py	2016-10-09 11:17:03 +0000
+++ pybb/views.py	2016-10-13 06:59:18 +0000
@@ -19,6 +19,7 @@
 from pybb import settings as pybb_settings
 from pybb.orm import load_related
 from django.conf import settings
+from wl_utils import get_real_ip
 
 try:
     from notification import models as notification
@@ -155,9 +156,8 @@
         post = get_object_or_404(Post, pk=quote_id)
         quote = quote_text(post.body, post.user, "markdown")
 
-    ip = request.META.get('REMOTE_ADDR', '')
     form = build_form(AddPostForm, request, topic=topic, forum=forum,
-                      user=request.user, ip=ip,
+                      user=request.user, ip=get_real_ip(request),
                       initial={'markup': "markdown", 'body': quote})
 
     if form.is_valid():

=== modified file 'threadedcomments/views.py'
--- threadedcomments/views.py	2016-05-15 14:41:54 +0000
+++ threadedcomments/views.py	2016-10-13 06:59:18 +0000
@@ -8,6 +8,7 @@
 from threadedcomments.forms import FreeThreadedCommentForm, ThreadedCommentForm
 from threadedcomments.models import ThreadedComment, FreeThreadedComment, DEFAULT_MAX_COMMENT_LENGTH
 from threadedcomments.utils import JSONResponse, XMLResponse
+from wl_utils import get_real_ip
 
 def _adjust_max_comment_length(form, field_name='comment'):
     """
@@ -84,7 +85,7 @@
     if form.is_valid():
         new_comment = form.save(commit=False)
         if not edit_id:
-            new_comment.ip_address = request.META.get('REMOTE_ADDR', None)
+            new_comment.ip_address = get_real_ip(request)
             new_comment.content_type = get_object_or_404(ContentType, id = int(content_type))
             new_comment.object_id = int(object_id)
         if model == ThreadedComment:

=== modified file 'wiki/views.py'
--- wiki/views.py	2016-06-20 19:11:03 +0000
+++ wiki/views.py	2016-10-13 06:59:18 +0000
@@ -18,6 +18,8 @@
 from django.contrib.auth.decorators import login_required
 from mainpage.templatetags.wl_markdown import do_wl_markdown
 
+from wl_utils import get_real_ip
+
 # Settings
 #  lock duration in minutes
 try:
@@ -34,16 +36,6 @@
 ALL_ARTICLES = Article.objects.all()
 ALL_CHANGES = ChangeSet.objects.all()
 
-
-def get_real_ip(request):
-    """ Returns the real user IP, even if behind a proxy.
-    Set BEHIND_PROXY to True in your settings if Django is
-    running behind a proxy.
-    """
-    if getattr(settings, 'BEHIND_PROXY', False):
-        return request.META['HTTP_X_FORWARDED_FOR']
-    return request.META['REMOTE_ADDR']
-
 def get_articles_by_group(article_qs, group_slug=None,
                           group_slug_field=None, group_qs=None):
     group = None

=== added file 'wl_utils.py'
--- wl_utils.py	1970-01-01 00:00:00 +0000
+++ wl_utils.py	2016-10-13 06:59:18 +0000
@@ -0,0 +1,13 @@
+from django.conf import settings
+
+
+def get_real_ip(request):
+    """Returns the real user IP, even if behind a proxy.
+
+    Set BEHIND_PROXY to True in your settings if Django is running
+    behind a proxy.
+
+    """
+    if getattr(settings, 'BEHIND_PROXY', False):
+        return request.META['HTTP_X_FORWARDED_FOR']
+    return request.META['REMOTE_ADDR']

=== modified file 'wlimages/views.py'
--- wlimages/views.py	2013-06-14 19:23:53 +0000
+++ wlimages/views.py	2016-10-13 06:59:18 +0000
@@ -1,27 +1,13 @@
 from django.contrib.auth.decorators import login_required
 from django.contrib.contenttypes.models import ContentType
-from django.core.urlresolvers import reverse
 from django.http import HttpResponse, HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render_to_response
 from django.template import RequestContext
 
 from models import Image
-from settings import MEDIA_ROOT
-from django.core.files.uploadedfile import SimpleUploadedFile
-from django.conf import settings
-
+from wl_utils import get_real_ip
 from forms import UploadImageForm
 
-
-def get_real_ip(request):
-    """ Returns the real user IP, even if behind a proxy.
-    Set BEHIND_PROXY to True in your settings if Django is
-    running behind a proxy.
-    """
-    if getattr(settings, 'BEHIND_PROXY', False):
-        return request.META['HTTP_X_FORWARDED_FOR']
-    return request.META['REMOTE_ADDR']
-
 def display( request, image, revision ):
     revision = int(revision)
 

=== modified file 'wlmaps/views.py'
--- wlmaps/views.py	2016-05-18 19:31:46 +0000
+++ wlmaps/views.py	2016-10-13 06:59:18 +0000
@@ -8,12 +8,10 @@
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseRedirect, HttpResponseNotAllowed, HttpResponse, HttpResponseBadRequest
 from django.core.urlresolvers import reverse
-from django.db import IntegrityError
 import models
 from settings import MAPS_PER_PAGE
 
 import os
-import zipfile
 
 
 #########
@@ -44,9 +42,10 @@
 
     if not (0 < val <= 10):
         return HttpResponseBadRequest()
-
+ 
     m.rating.add(score=val, user=request.user,
-                 ip_address=request.META['REMOTE_ADDR'])
+                 ip_address=get_real_ip(request))
+    
     # m.save() is not needed
 
     return HttpResponseRedirect(reverse('wlmaps_view', None, {'map_slug': m.slug}))


Follow ups