feat: enable/disable Ahjo IP restriction, allow multiple IPs (#2598)

City-of-Helsinki · Dec 12, 2023 · e78e1be · e78e1be
1 parent 7939f5e
commit e78e1be
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/.env.benefit-backend.example b/.env.benefit-backend.example
@@ -108,4 +108,5 @@ AHJO_CLIENT_ID=
 AHJO_CLIENT_SECRET=
 AHJO_TOKEN_URL=
 AHJO_REST_API_URL=
-AHJO_REDIRECT_URL=
+AHJO_REDIRECT_URL=
+DISABLE_AHJO_SAFE_LIST_CHECK=True
diff --git a/backend/benefit/common/permissions.py b/backend/benefit/common/permissions.py
@@ -75,7 +75,7 @@ class SafeListPermission(permissions.BasePermission):
 
     def has_permission(self, request, view):
         remote_addr = request.META["REMOTE_ADDR"]
-        if settings.NEXT_PUBLIC_MOCK_FLAG:
+        if settings.NEXT_PUBLIC_MOCK_FLAG or settings.DISABLE_AHJO_SAFE_LIST_CHECK:
             # disable safe list check in mock mode
             return True
 

diff --git a/backend/benefit/helsinkibenefit/settings.py b/backend/benefit/helsinkibenefit/settings.py
@@ -164,7 +164,8 @@
     AHJO_TOKEN_URL=(str, "https://johdontyopoytahyte.hel.fi/ids4/connect/token"),
     AHJO_REST_API_URL=(str, "https://ahjohyte.hel.fi:9802/ahjorest/v1"),
     AHJO_REDIRECT_URL=(str, "https://helsinkilisa/dummyredirect.html"),
-    AHJO_ALLOWED_IP=(str, ""),
+    AHJO_ALLOWED_IP=(list, ["*"]),
+    DISABLE_AHJO_SAFE_LIST_CHECK=(bool, False),
 )
 if os.path.exists(env_file):
     env.read_env(env_file)
@@ -518,4 +519,5 @@
 AHJO_REST_API_URL = env("AHJO_REST_API_URL")
 AHJO_REDIRECT_URL = env("AHJO_REDIRECT_URL")
 
-REST_SAFE_LIST_IPS = (env("AHJO_ALLOWED_IP"),)
+REST_SAFE_LIST_IPS = env.list("AHJO_ALLOWED_IP")
+DISABLE_AHJO_SAFE_LIST_CHECK = env.bool("DISABLE_AHJO_SAFE_LIST_CHECK")