blob: 4e9a8c28ff8549a711d344d53aec0a9ee6ac4915 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Plugins\CoreHome;
use Piwik\Common;
use Piwik\Config;
use Piwik\Container\StaticContainer;
use Piwik\Network\IP as NetworkIp;
use Piwik\NoAccessException;
use Piwik\Piwik;
/**
* This class is in CoreHome since some alternative Login plugins disable the Login plugin and we want to ensure the
* feature works for all login plugins.
*/
class LoginWhitelist
{
public function shouldWhitelistApplyToAPI()
{
$general = $this->getGeneralConfig();
return !empty($general['login_whitelist_apply_to_reporting_api_requests']);
}
public function shouldCheckWhitelist()
{
if (Common::isPhpCliMode()) {
return false;
}
$ips = $this->getWhitelistedLoginIps();
return !empty($ips);
}
public function checkIsWhitelisted($ipString)
{
if (!$this->isIpWhitelisted($ipString)) {
throw new NoAccessException(Piwik::translate('CoreHome_ExceptionNotWhitelistedIP', $ipString));
}
}
public function isIpWhitelisted($userIpString)
{
$userIp = NetworkIp::fromStringIP($userIpString);
$ipsWhitelisted = $this->getWhitelistedLoginIps();
if (empty($ipsWhitelisted)) {
return false;
}
return $userIp->isInRanges($ipsWhitelisted);
}
/**
* @return array
*/
protected function getWhitelistedLoginIps()
{
$ips = StaticContainer::get('login.whitelist.ips');
if (!empty($ips) && is_array($ips)) {
$ips = array_map(function ($ip) {
return trim($ip);
}, $ips);
$ips = array_filter($ips, function ($ip) {
return !empty($ip);
});
return array_unique(array_values($ips));
}
return array();
}
private function getGeneralConfig()
{
$config = Config::getInstance();
$general = $config->General;
return $general;
}
}
|
