teamsempo/SempoBlockchain

IP Address broken on prod

Closed this issue · 2 comments

tristanhcole commented

Describe the bug
IP Address, which is useful to record for admin and compliance purposes, is not working on a production version of the app.

To Reproduce
Steps to reproduce the behavior:

  1. Go to http://dev.withsempo.com/
  2. Login as admin
  3. IP address is not recorded (likely due to incorrectly configured proxies)

    SempoBlockchain/app/server/utils/auth.py

    Line 193 in 7228470

    check_ip(proxies, user, num_proxy=1)

Expected behavior
IP Address should be recorded in the database for users.

Desktop/Smartphones (please complete the following information):
All Devices

Additional context

SempoBlockchain/app/server/utils/auth.py

Lines 261 to 274 in 7228470

def check_ip(proxies, user, num_proxy=0):
"""
Proxies can be faked easily. Assumes there is a set number of proxies in production.
Todo: make this more robust
"""
correct_ip_index = num_proxy + 1
if len(proxies) >= correct_ip_index:
real_ip_address = proxies[-correct_ip_index] # get the correct referring client ip
if real_ip_address is not None and not IpAddress.check_user_ips(user, real_ip_address):
# IP exists in request and is not already saved
new_ip = IpAddress(ip=real_ip_address)
new_ip.user = user
db.session.add(new_ip)

tristanhcole commented

Closed by #798

tristanhcole commented

Closed by #798