Class: Fortifier::AuthSteps::CheckForWhitelistedIp

Inherits:

Object

• Object
• Fortifier::AuthSteps::CheckForWhitelistedIp

Defined in:

app/models/fortifier/auth_steps/check_for_whitelisted_ip.rb

Class Method Summary

• .invoke(params) ⇒ Object
• .skip_step?(params) ⇒ Boolean

Class Method Details

.invoke(params) ⇒ Object

# File 'app/models/fortifier/auth_steps/check_for_whitelisted_ip.rb', line 8

def self.invoke(params)
  remote_addr = params[:auth_log].remote_addr
  ip_ranges = Fortifier::AuthRule.
                joins(:auth_users_auth_rules).
                where('auth_user_id = ? and rule_type = ?', params[:auth_user].id, Fortifier::AuthRule::TYPE_IP_FILTER).
                pluck(:rule_value).
                flatten(1)
  range_results = []
  
  # TODO: (DK) refactor once tests are written for this
  if ip_ranges.present?
    ip_ranges.each do |ipr|
      if ipr.count==1 #e.g. single-string range, like ['192.168.1.1/16']
        range = (IPAddr.new(ipr.first)) # .to_i here will cause '.include?' to blowup, so don't use
        range_results << range.include?(IPAddr.new(remote_addr).to_i)
      elsif ipr.count==2 #e.g. double-string range, like ['192.168.1.1', '192.168.1.255']
        range = (IPAddr.new(ipr.first).to_i..IPAddr.new(ipr.last).to_i)
        range_results << range.include?(IPAddr.new(remote_addr).to_i)
      else
        # no ip ranges were specified
        range_results << true
      end
    end
  else
    range_results << true
  end
  params.merge! auth_msg: range_results.include?(true) ? nil : Messaging::EXTERNAL_IP
end

.skip_step?(params) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/fortifier/auth_steps/check_for_whitelisted_ip.rb', line 4

def self.skip_step?(params)
  params[:auth_msg].present?
end