AdminIPFilter - Version 0.1.0

Version Notes

NOTE: This module actives the Remote Address Validation.
To see the general filter list you should go to:
System > Configuration > Admin > Security
To edit the ip's by user you should go to:
System > Permissions > Users -> and here edit the user you want.

Download this release

Release Info

Developer Magento Core Team
Extension AdminIPFilter
Version 0.1.0
Comparing to
See all releases


Version 0.1.0

Files changed (12) hide show
  1. app/code/community/Strategery/AdminIPFilter/Block/Permissions/User/Edit/Tab/Main.php +25 -0
  2. app/code/community/Strategery/AdminIPFilter/Helper/Data.php +11 -0
  3. app/code/community/Strategery/AdminIPFilter/Model/Allowedip.php +60 -0
  4. app/code/community/Strategery/AdminIPFilter/Model/Mysql4/Allowedip.php +46 -0
  5. app/code/community/Strategery/AdminIPFilter/Model/Mysql4/Setup.php +5 -0
  6. app/code/community/Strategery/AdminIPFilter/Model/User/Observer.php +62 -0
  7. app/code/community/Strategery/AdminIPFilter/controllers/Permissions/UserController.php +47 -0
  8. app/code/community/Strategery/AdminIPFilter/etc/config.xml +91 -0
  9. app/code/community/Strategery/AdminIPFilter/etc/system.xml +31 -0
  10. app/code/community/Strategery/AdminIPFilter/sql/adminipfilter_setup/mysql4-install-0.1.0.php +18 -0
  11. app/etc/modules/Strategery_Admin_IPFilter.xml +12 -0
  12. package.xml +22 -0
app/code/community/Strategery/AdminIPFilter/Block/Permissions/User/Edit/Tab/Main.php ADDED
@@ -0,0 +1,25 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_AdminIPFilter_Block_Permissions_User_Edit_Tab_Main extends Mage_Adminhtml_Block_Permissions_User_Edit_Tab_Main {
4
+
5
+ protected function _prepareForm() {
6
+ parent::_prepareForm();
7
+ $model = Mage::registry('permissions_user');
8
+ $user_id = $model->getUserId();
9
+ $allowed_ip = Mage::getModel('adminipfilter/allowedip')->load($user_id);
10
+ $form = $this->getForm();
11
+ $fieldset = $form->addFieldset('ip_whitelist_filedset', array('legend' => 'IP Whitelist'));
12
+ $fieldset->addField('ip_list', 'text', array(
13
+ 'name' => 'ip_list',
14
+ 'label' => "Whitelisted Ip's",
15
+ 'id' => 'ip_list',
16
+ 'title' => 'ip_list',
17
+ 'required' => false,
18
+ 'value' => $allowed_ip->load($user_id)->getIpList(),
19
+ ));
20
+ return $this;
21
+ }
22
+
23
+ }
24
+
25
+ ?>
app/code/community/Strategery/AdminIPFilter/Helper/Data.php ADDED
@@ -0,0 +1,11 @@
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_AdminIPFilter_Helper_Data extends Mage_Core_Helper_Data {
4
+
5
+ const CONFIG_KEY_GLOBAL_IP_WHITELIST = 'admin/security/global_ip_whitelist';
6
+
7
+ public function getGlobalIPWhitelist() {
8
+ $whitelist = Mage::getStoreConfig(self::CONFIG_KEY_GLOBAL_IP_WHITELIST);
9
+ return explode(',', $whitelist);
10
+ }
11
+ }
app/code/community/Strategery/AdminIPFilter/Model/Allowedip.php ADDED
@@ -0,0 +1,60 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_AdminIPFilter_Model_Allowedip extends Mage_Core_Model_Abstract {
4
+
5
+ protected function _construct() {
6
+ $this->_init('adminipfilter/allowedip');
7
+ }
8
+
9
+ public function validate() {
10
+ $ip_list = $this->getIpList();
11
+ if ($ip_list == '') {
12
+ return true;
13
+ }
14
+
15
+ $errors = Array();
16
+ $ips = explode(',', $ip_list);
17
+
18
+ foreach ($ips as $ip) {
19
+ if ($ip == '') {
20
+ $errors[] = "Empty addres, probably extra comma";
21
+ continue;
22
+ }
23
+ if ($pos = strpos($ip, '/')) {
24
+ // maybe a CIDR block
25
+ $block_size = substr($ip, $pos + 1);
26
+
27
+ if (!ctype_digit($block_size) || $block_size < 0 || $block_size > 32) {
28
+ $errors[] = "Invalid Block Size: $ip";
29
+ }
30
+ $ip = substr($ip, 0, $pos);
31
+ }
32
+ if (!filter_var($ip, FILTER_VALIDATE_IP)) {
33
+ $errors[] = "Invalid Ip Address: $ip";
34
+ }
35
+ }
36
+ if (empty($errors)) {
37
+ return true;
38
+ }
39
+ return $errors;
40
+ }
41
+
42
+ public function saveFix($new=false)
43
+ {
44
+ $this->_getResource()->beginTransaction();
45
+ try {
46
+ $this->_beforeSave();
47
+ if ($this->_dataSaveAllowed) {
48
+ $this->_getResource()->saveFix($this,$new);
49
+ $this->_afterSave();
50
+ }
51
+ $this->_getResource()->commit();
52
+ }
53
+ catch (Exception $e){
54
+ $this->_getResource()->rollBack();
55
+ throw $e;
56
+ }
57
+ return $this;
58
+ }
59
+
60
+ }
app/code/community/Strategery/AdminIPFilter/Model/Mysql4/Allowedip.php ADDED
@@ -0,0 +1,46 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_Adminipfilter_Model_Mysql4_Allowedip extends Mage_Core_Model_Mysql4_Abstract {
4
+
5
+ protected $_isPkAutoIncrement = false;
6
+
7
+ protected function _construct() {
8
+ $this->_init('adminipfilter/allowedip', 'user_id');
9
+ }
10
+
11
+ public function saveFix(Mage_Core_Model_Abstract $object,$new=false)
12
+ {
13
+ if ($object->isDeleted()) {
14
+ return $this->delete($object);
15
+ }
16
+
17
+ $this->_beforeSave($object);
18
+ $this->_checkUnique($object);
19
+
20
+ if (!is_null($object->getId())) {
21
+ $condition = $this->_getWriteAdapter()->quoteInto($this->getIdFieldName().'=?', $object->getId());
22
+ /**
23
+ * Not auto increment primary key support
24
+ */
25
+ if ($this->_isPkAutoIncrement) {
26
+ $this->_getWriteAdapter()->update($this->getMainTable(), $this->_prepareDataForSave($object), $condition);
27
+ } else {
28
+ $select = $this->_getWriteAdapter()->select($this->getMainTable(), array($this->getIdFieldName()))
29
+ ->where($condition);
30
+ if ($new == false) {
31
+ $this->_getWriteAdapter()->update($this->getMainTable(), $this->_prepareDataForSave($object), $condition);
32
+ } else {
33
+ $this->_getWriteAdapter()->insert($this->getMainTable(), $this->_prepareDataForSave($object));
34
+ }
35
+ }
36
+ } else {
37
+ $this->_getWriteAdapter()->insert($this->getMainTable(), $this->_prepareDataForSave($object));
38
+ $object->setId($this->_getWriteAdapter()->lastInsertId($this->getMainTable()));
39
+ }
40
+
41
+ $this->_afterSave($object);
42
+
43
+ return $this;
44
+ }
45
+
46
+ }
app/code/community/Strategery/AdminIPFilter/Model/Mysql4/Setup.php ADDED
@@ -0,0 +1,5 @@
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_AdminIPFilter_Model_Mysql4_Setup extends Mage_Core_Model_Resource_Setup {
4
+
5
+ }
app/code/community/Strategery/AdminIPFilter/Model/User/Observer.php ADDED
@@ -0,0 +1,62 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ class Strategery_AdminIPFilter_Model_User_Observer {
4
+
5
+ public function validate_ip_address($observer) {
6
+ // user data:
7
+ $data = $observer->getData();
8
+ /*
9
+ 'username' => $username,
10
+ 'password' => $password,
11
+ 'user' => $this,
12
+ 'result' => $result // always True
13
+ */
14
+ // get ip:
15
+ if(Mage::getVersion() <= 1.3){ $request_ip = $_SERVER['REMOTE_ADDR']; }
16
+ else { $request_ip = Mage::app()->getRequest()->getClientIp(); }
17
+ $user_id = $data['user']->getUserId();
18
+ $allowed_ips = Mage::getModel('adminipfilter/allowedip')->load($user_id);
19
+ $user_whitelist = explode(',', $allowed_ips->getIpList());
20
+ $global_whitelist = $this->helper()->getGlobalIPWhitelist();
21
+ // if is empty $global_whitelist let everyone login:
22
+ if(empty($global_whitelist[0]) || ($request_ip=='127.0.0.1' && Mage::getStoreConfig('admin/security/allowlocal')==1))
23
+ {
24
+ return;
25
+ }
26
+ // explode returns Array(0 => '') when parameter is empty string,
27
+ // use array_filter to remove them
28
+ $ip_array = array_filter(array_merge($user_whitelist, $global_whitelist));
29
+ if(empty($ip_array)){
30
+ $ip_array=Array('0.0.0.0/0');
31
+ }
32
+ foreach ($ip_array as $ip_address) {
33
+ if (!strpos($ip_address, '/')) {
34
+ // Convert IP to CIDR format
35
+ $ip_address.='/32';
36
+ }
37
+ if ($this->_matchCIDR($request_ip, $ip_address)) {
38
+ return TRUE;
39
+ }
40
+ }
41
+ Mage::throwException('Not connecting from valid IP: '.$request_ip);
42
+ }
43
+
44
+ /**
45
+ * Returns True if the IP address is inside of the CIDR block. False otherwise.
46
+ * @param String $ip
47
+ * @param String $CIDR
48
+ * @return Bool
49
+ */
50
+ protected function _matchCIDR($ip, $CIDR) {
51
+ $ip = ip2long($ip);
52
+ $cidrArr = explode('/', $CIDR);
53
+ $maskIP = ip2long($cidrArr[0]);
54
+ $maskBits = 32 - $cidrArr[1];
55
+ return (($ip >> $maskBits) == ($maskIP >> $maskBits));
56
+ }
57
+
58
+ protected function helper() {
59
+ return Mage::helper('strategery_adminipfilter');
60
+ }
61
+
62
+ }
app/code/community/Strategery/AdminIPFilter/controllers/Permissions/UserController.php ADDED
@@ -0,0 +1,47 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ include_once("Mage/Adminhtml/controllers/Permissions/UserController.php");
4
+
5
+ class Strategery_Adminipfilter_Permissions_UserController extends Mage_Adminhtml_Permissions_UserController {
6
+
7
+ public function saveAction() {
8
+
9
+ $pr = parent::saveAction();
10
+ $id = $this->getRequest()->getParam('user_id');
11
+ $ip_list = $this->getRequest()->getParam('ip_list');
12
+ // create model and try to load the user data:
13
+ $model = Mage::getModel('adminipfilter/allowedip')->load($id);
14
+ $isNew = $model->getId();
15
+ // validation:
16
+ $result = $model->validate();
17
+ if (is_array($result)) {
18
+ $data = $this->getRequest()->getPost();
19
+ Mage::getSingleton('adminhtml/session')->setUserData($data);
20
+ foreach ($result as $message) {
21
+ Mage::getSingleton('adminhtml/session')->addError($message);
22
+ }
23
+ $this->_redirect('*/*/edit', array('_current' => true));
24
+ return $this;
25
+ }
26
+ try {
27
+ $model->setUserId($id);
28
+ $model->setIpList($ip_list);
29
+ if (Mage::getVersion() <= 1.3) {
30
+ if ($isNew) {
31
+ $model->saveFix();
32
+ } else {
33
+ $model->saveFix(true);
34
+ }
35
+ } else {
36
+ $model->save();
37
+ }
38
+ Mage::getSingleton('adminhtml/session')->addSuccess($this->__('The IP whitelist has been saved.'));
39
+ } catch (Exception $e) {
40
+ Mage::getSingleton('adminhtml/session')->addError($this->__('The IP whitelist was not saved.'));
41
+ }
42
+ return $pr;
43
+ }
44
+
45
+ }
46
+
47
+ ?>
app/code/community/Strategery/AdminIPFilter/etc/config.xml ADDED
@@ -0,0 +1,91 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0"?>
2
+ <config>
3
+ <modules>
4
+ <Strategery_AdminIPFilter>
5
+ <version>0.1.0</version>
6
+ </Strategery_AdminIPFilter>
7
+ </modules>
8
+ <global>
9
+ <blocks>
10
+ <adminhtml>
11
+ <rewrite>
12
+ <permissions_user_edit_tab_main>Strategery_AdminIPFilter_Block_Permissions_User_Edit_Tab_Main</permissions_user_edit_tab_main>
13
+ </rewrite>
14
+ </adminhtml>
15
+ </blocks>
16
+ <helpers>
17
+ <strategery_adminipfilter>
18
+ <class>Strategery_AdminIPFilter_Helper</class>
19
+ </strategery_adminipfilter>
20
+ </helpers>
21
+ <models>
22
+ <adminipfilter>
23
+ <class>Strategery_AdminIPFilter_Model</class>
24
+ <resourceModel>adminipfilter_mysql4</resourceModel>
25
+ </adminipfilter>
26
+ <adminipfilter_mysql4>
27
+ <class>Strategery_AdminIPFilter_Model_Mysql4</class>
28
+ <entities>
29
+ <allowedip>
30
+ <table>adminipfilter_allowedip</table>
31
+ </allowedip>
32
+ </entities>
33
+ </adminipfilter_mysql4>
34
+ </models>
35
+ <resources>
36
+ <adminipfilter_setup>
37
+ <setup>
38
+ <module>Strategery_AdminIPFilter</module>
39
+ <class>Strategery_AdminIPFilter_Model_Mysql4_Setup</class>
40
+ </setup>
41
+ <connection>
42
+ <use>core_setup</use>
43
+ </connection>
44
+ </adminipfilter_setup>
45
+ <adminipfilter_write>
46
+ <connection>
47
+ <use>core_write</use>
48
+ </connection>
49
+ </adminipfilter_write>
50
+ <adminipfilter_read>
51
+ <connection>
52
+ <use>core_read</use>
53
+ </connection>
54
+ </adminipfilter_read>
55
+ </resources>
56
+ <events>
57
+ <admin_user_authenticate_after>
58
+ <observers>
59
+ <strategery_adminipfilter_login_observer>
60
+ <type>singleton</type>
61
+ <class>Strategery_AdminIPFilter_Model_User_Observer</class>
62
+ <method>validate_ip_address</method>
63
+ </strategery_adminipfilter_login_observer>
64
+ </observers>
65
+ </admin_user_authenticate_after>
66
+ </events>
67
+ </global>
68
+ <admin>
69
+ <routers>
70
+ <adminhtml>
71
+ <args>
72
+ <modules>
73
+ <Strategery_AdminIPFilter before="Mage_Adminhtml">Strategery_AdminIPFilter</Strategery_AdminIPFilter>
74
+ </modules>
75
+ </args>
76
+ </adminhtml>
77
+ </routers>
78
+ </admin>
79
+ <default>
80
+ <web>
81
+ <session>
82
+ <use_remote_addr>1</use_remote_addr>
83
+ </session>
84
+ </web>
85
+ <admin>
86
+ <security>
87
+ <allowlocal>1</allowlocal>
88
+ </security>
89
+ </admin>
90
+ </default>
91
+ </config>
app/code/community/Strategery/AdminIPFilter/etc/system.xml ADDED
@@ -0,0 +1,31 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0"?>
2
+ <config>
3
+ <sections>
4
+ <admin>
5
+ <groups>
6
+ <security translate="label">
7
+ <fields>
8
+ <global_ip_whitelist translate="label">
9
+ <label>IP Whitelist</label>
10
+ <frontend_type>text</frontend_type>
11
+ <sort_order>50</sort_order>
12
+ <show_in_default>1</show_in_default>
13
+ <show_in_website>1</show_in_website>
14
+ <show_in_store>1</show_in_store>
15
+ <comment>only allow access to the Admin from the listed IPs (comma separated, blank to allow all)</comment>
16
+ </global_ip_whitelist>
17
+ <allowlocal translate="label">
18
+ <label>Allow access from localhost</label>
19
+ <frontend_type>select</frontend_type>
20
+ <source_model>adminhtml/system_config_source_yesno</source_model>
21
+ <sort_order>51</sort_order>
22
+ <show_in_default>1</show_in_default>
23
+ <show_in_website>1</show_in_website>
24
+ <show_in_store>1</show_in_store>
25
+ </allowlocal>
26
+ </fields>
27
+ </security>
28
+ </groups>
29
+ </admin>
30
+ </sections>
31
+ </config>
app/code/community/Strategery/AdminIPFilter/sql/adminipfilter_setup/mysql4-install-0.1.0.php ADDED
@@ -0,0 +1,18 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+
3
+ $installer = $this;
4
+ $installer->startSetup();
5
+
6
+ $installer->run("
7
+
8
+ -- DROP TABLE IF EXISTS {$this->getTable('adminipfilter/allowedip')};
9
+ CREATE TABLE adminipfilter_allowedip (
10
+ `user_id` int(11) NOT NULL AUTOINCREMENT,
11
+ `ip_list` text NOT NULL,
12
+ PRIMARY KEY (`user_id`),
13
+ UNIQUE KEY `user_id_UNIQUE` (`user_id`)
14
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
15
+
16
+ ");
17
+
18
+ $installer->endSetup();
app/etc/modules/Strategery_Admin_IPFilter.xml ADDED
@@ -0,0 +1,12 @@
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0"?>
2
+ <config>
3
+ <modules>
4
+ <Strategery_AdminIPFilter>
5
+ <active>true</active>
6
+ <codePool>community</codePool>
7
+ <depends>
8
+ <Mage_Adminhtml/>
9
+ </depends>
10
+ </Strategery_AdminIPFilter>
11
+ </modules>
12
+ </config>
package.xml ADDED
@@ -0,0 +1,22 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?xml version="1.0"?>
2
+ <package>
3
+ <name>AdminIPFilter</name>
4
+ <version>0.1.0</version>
5
+ <stability>stable</stability>
6
+ <license uri="http://opensource.org/licenses/afl-3.0.php">Academic Free License (AFL 3.0)</license>
7
+ <channel>community</channel>
8
+ <extends/>
9
+ <summary>This module gives you the ability to limit access by IP to the administration panel.</summary>
10
+ <description>Limit access to IP administration panel by either a general or per-user list.</description>
11
+ <notes>NOTE: This module actives the Remote Address Validation.
12
+ To see the general filter list you should go to:
13
+ System &gt; Configuration &gt; Admin &gt; Security
14
+ To edit the ip's by user you should go to:
15
+ System &gt; Permissions &gt; Users -&gt; and here edit the user you want.</notes>
16
+ <authors><author><name>Damian A. Pastorini</name><user>auto-converted</user><email>contact@usestrategery.com</email></author></authors>
17
+ <date>2011-12-13</date>
18
+ <time>13:12:44</time>
19
+ <contents><target name="mageetc"><dir name="modules"><file name="Strategery_Admin_IPFilter.xml" hash="a7be58c2820f87af0de8f39f533147e6"/></dir></target><target name="magecommunity"><dir name="Strategery"><dir name="AdminIPFilter"><dir name="Block"><dir name="Permissions"><dir name="User"><dir name="Edit"><dir name="Tab"><file name="Main.php" hash="ab68d86e41083bed64b5468ba6c6a299"/></dir></dir></dir></dir></dir><dir name="controllers"><dir name="Permissions"><file name="UserController.php" hash="488a8e2e61ca0ba6937dd2c9cdc369b3"/></dir></dir><dir name="etc"><file name="config.xml" hash="c9a437c25c9dd5f6f3f41ad5cac3f23a"/><file name="system.xml" hash="60ab1c8de4023d42ead015e5060d0a9b"/></dir><dir name="Helper"><file name="Data.php" hash="aaa396c57994c6056da0289ecfddaccf"/></dir><dir name="Model"><file name="Allowedip.php" hash="a661ed54411d514b6feac4f6ba27c0c4"/><dir name="Mysql4"><file name="Allowedip.php" hash="cc9c08722a5457033057908c12aff71f"/><file name="Setup.php" hash="a88a250107b8ff9c92aeb5bca1ce174c"/></dir><dir name="User"><file name="Observer.php" hash="b574fe75cd614a7771eb4482a6c04e29"/></dir></dir><dir name="sql"><dir name="adminipfilter_setup"><file name="mysql4-install-0.1.0.php" hash="c7fe31aa1bebc82a0897eedd489a5883"/></dir></dir></dir></dir></target></contents>
20
+ <compatible/>
21
+ <dependencies/>
22
+ </package>