Hello there,
Is the restrict_by_ip module working properly in Drupal 8? I'm using the 8.x-4.x-dev version. Whenever I enter more than one IP range for a user role it stops working.
Thanks in advance!

CommentFileSizeAuthor
#15 3205184-restrict-by-ip015.patch687 bytesagentrickard
Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

Comments

DrupalBDGirl created an issue. See original summary.

DrupalBDGirl’s picture

Title: Restrict By IP module is not working for more than 1 IP ranges » Restrict Login or Role Access by IP Address module is not working for more than 1 IP ranges
Project: Restrict IP » Restrict Login or Role Access by IP Address
Version: 8.x-1.x-dev » 8.x-4.x-dev
Issue summary: View changes
Issue tags: -Restrict By IP +Restrict Login or Role Access by IP Address
manuel.adan’s picture

Priority: Major » Normal
Status: Needs work » Active
Issue tags: -Restrict Login or Role Access by IP Address

Please, provide some steps to reproduce.

DrupalBDGirl’s picture

Hi Manuel,
I am sorry for the late reply, I have missed your comment somehow. I am having the same issue with the 8.x-4.0-beta1 version also.
I have users from different CIDR IP ranges per role. I took the following steps to verify the functionalities of this module:
1) First I added a single CIDR IP range for a role under the tab 'Restrict role by IP'.
2) I was able to log in and have access to all the functionalities that role supposed to have access to.
3) I added a second CIDR IP range for the role.
4) Logged in from that IP. I was logged in but didn't have access to any of the functionalities that role supposed to have access to.
5) When I remove either one of the IP ranges from the list the other one starts to work perfectly well.
I hope this explains my issue. I need this issue to be resolved as soon as possible because we have a production deployment coming very soon. Please let me know if need more information.
Thank you so much for your help with this!!

nubeli’s picture

I can confirm this but only on the Restrict role by IP admin screen /admin/config/people/restrict_by_ip/role.

DrupalBDGirl’s picture

Hi nubeli,
Are you confirming that you are having the same issue as mine?

nubeli’s picture

@DrupalBDGirl - yes. For the restricting roles, not anything else.

nubeli’s picture

Here's a MR: https://git.drupalcode.org/project/restrict_by_ip/-/merge_requests/2. The problem before was that if *any* IP in the text field failed then it would remove the role. Now it will only remove the role if all of them fail (at least I think so). In my testing it seems to be working.

DrupalBDGirl’s picture

@nubeli - Thank you so much for all your efforts to resolve the issues!

amairesse’s picture

Thank you @nubeli, much appreciated as well

becw’s picture

Status: Active » Reviewed & tested by the community

I can duplicate this issue as well. I tested MR #2, and it solved the issue -- with that patch, if the visitor matches at least one of the specified CIDRs, then they can be granted the role. The code itself reads fine as well.

agentrickard’s picture

StatusFileSize
new687 bytes

So it turns out that composer patches from MRs are volatile if someone updates the MR. So here's a stable patch version of the MR.

darvanen’s picture

Status: Reviewed & tested by the community » Needs work
Issue tags: +Needs tests

Agree this looks good, just needs tests to cement it.

If someone is interested in creating said tests, you may find it easier to wait for #3479940: Drupal 11 compatibility to get in or help with that, as that issue will activate gitlab CI.

anybody’s picture

jhuhta made their first commit to this issue’s fork.

jhuhta’s picture

Status: Needs work » Needs review
Issue tags: -Needs tests

Confirmed the problem, tested the fix, and to get this further:

I rebased the code in MR 2, adjusted the ip range validation loop a bit (if a match is found, break out) and wrote unit tests. I didn't include them in the existing legacy UnitTest class but chose to create a focused test class for this item.

Disclosure: AI was used to help creating the test class and the tests.

darvanen’s picture

Status: Needs review » Reviewed & tested by the community

LGTM, there's no multi-IP test for the frontend but we're about to change that behaviour per the related issue @anybody linked so we can cover it there. There's also no regression coverage for changes in core's role system but that's not the responsibility of this ticket.

  • darvanen committed d3c8c79d on 8.x-4.x authored by nubeli
    fix: #3205184 Restrict Login or Role Access by IP Address module is not...
darvanen’s picture

Status: Reviewed & tested by the community » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.