Commit 0e08b151 authored by Frédéric Mangano-Tarumi's avatar Frédéric Mangano-Tarumi Committed by Lukas Fleischer
Browse files

SSO: Port IP ban checking

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <>
parent 357dba87
......@@ -14,7 +14,7 @@ from starlette.requests import Request
import aurweb.config
import aurweb.db
from aurweb.schema import Sessions, Users
from aurweb.schema import Bans, Sessions, Users
router = fastapi.APIRouter()
......@@ -57,13 +57,28 @@ def open_session(conn, user_id):
return sid
def is_ip_banned(conn, ip):
Check if an IP is banned. `ip` is a string and may be an IPv4 as well as an
IPv6, depending on the server’s configuration.
result = conn.execute( == ip))
return result.fetchone() is not None
async def authenticate(request: Request, conn=Depends(aurweb.db.connect)):
Receive an OpenID Connect ID token, validate it, then process it to create
an new AUR session.
# TODO check for banned IPs
# TODO Handle translations
if is_ip_banned(conn,
raise HTTPException(
detail='The login form is currently disabled for your IP address, '
'probably due to sustained spam attacks. Sorry for the '
token = await oauth.sso.authorize_access_token(request)
user = await oauth.sso.parse_id_token(request, token)
sub = user.get("sub") # this is the SSO account ID in JWT terminology
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment