Closed (fixed)
Project:
Restrict Login or Role Access by IP Address
Version:
8.x-4.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
23 Mar 2021 at 14:51 UTC
Updated:
4 Jul 2026 at 06:20 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
DrupalBDGirl commentedComment #3
manuel.adanPlease, provide some steps to reproduce.
Comment #4
DrupalBDGirl commentedHi Manuel,
I am sorry for the late reply, I have missed your comment somehow. I am having the same issue with the 8.x-4.0-beta1 version also.
I have users from different CIDR IP ranges per role. I took the following steps to verify the functionalities of this module:
1) First I added a single CIDR IP range for a role under the tab 'Restrict role by IP'.
2) I was able to log in and have access to all the functionalities that role supposed to have access to.
3) I added a second CIDR IP range for the role.
4) Logged in from that IP. I was logged in but didn't have access to any of the functionalities that role supposed to have access to.
5) When I remove either one of the IP ranges from the list the other one starts to work perfectly well.
I hope this explains my issue. I need this issue to be resolved as soon as possible because we have a production deployment coming very soon. Please let me know if need more information.
Thank you so much for your help with this!!
Comment #5
nubeli commentedI can confirm this but only on the Restrict role by IP admin screen
/admin/config/people/restrict_by_ip/role.Comment #6
DrupalBDGirl commentedHi nubeli,
Are you confirming that you are having the same issue as mine?
Comment #7
nubeli commented@DrupalBDGirl - yes. For the restricting roles, not anything else.
Comment #11
nubeli commentedHere's a MR: https://git.drupalcode.org/project/restrict_by_ip/-/merge_requests/2. The problem before was that if *any* IP in the text field failed then it would remove the role. Now it will only remove the role if all of them fail (at least I think so). In my testing it seems to be working.
Comment #12
DrupalBDGirl commented@nubeli - Thank you so much for all your efforts to resolve the issues!
Comment #13
amairesse commentedThank you @nubeli, much appreciated as well
Comment #14
becw commentedI can duplicate this issue as well. I tested MR #2, and it solved the issue -- with that patch, if the visitor matches at least one of the specified CIDRs, then they can be granted the role. The code itself reads fine as well.
Comment #15
agentrickardSo it turns out that composer patches from MRs are volatile if someone updates the MR. So here's a stable patch version of the MR.
Comment #16
darvanenAgree this looks good, just needs tests to cement it.
If someone is interested in creating said tests, you may find it easier to wait for #3479940: Drupal 11 compatibility to get in or help with that, as that issue will activate gitlab CI.
Comment #17
anybodyComment #19
jhuhta commentedConfirmed the problem, tested the fix, and to get this further:
I rebased the code in MR 2, adjusted the ip range validation loop a bit (if a match is found, break out) and wrote unit tests. I didn't include them in the existing legacy UnitTest class but chose to create a focused test class for this item.
Disclosure: AI was used to help creating the test class and the tests.
Comment #20
darvanenLGTM, there's no multi-IP test for the frontend but we're about to change that behaviour per the related issue @anybody linked so we can cover it there. There's also no regression coverage for changes in core's role system but that's not the responsibility of this ticket.
Comment #22
darvanen