check network access for Request an Account page #1476
Conversation
- Added new test coverage for registry public access.
- Fix python 2 types.
- Request environ in follow redirects issues.
- Fixed merge conflicts. - Updated pytests for py3.
|
@RabiaSajjad I rebased this now as python3 code is in Master branch. I updated the pytests for python3 too. So we will see if those are successful. |
| 'api.action', # change if need to narrow down the scope | ||
| ] | ||
| if blueprint in restricted_blueprints and not helpers.registry_network_access(): | ||
| return abort(403) |
There was a problem hiding this comment.
might want to log failed access attempts so we can report on them
There was a problem hiding this comment.
Good idea. Do you think we need a separate log handler for "Registry Access"? As we will need to also log failed login attempts and all login sessions.
We could have a new log handler for ckanext.canada.user_access to go to its own log file ckan_registry_access.log.
Or should we just keep it in the normal logs and have Log Analytics handle all this stuff @wardi ?
There was a problem hiding this comment.
@JVickery-TBS I don't have a strong opinion either way. As long as the data can be pulled out of Log Analytics it shouldn't matter.
There was a problem hiding this comment.
@wardi and @JVickery-TBS let's implement logging as a separate feature for both registry network access and login access. It is one of the requirements given to us by imtd/security. I would prefer to implement it as a separate log handler so that it is easier for us to investigate any issues reported by helpdesk.
No description provided.