Include package data in the build (GH-28)

.github/workflows/docs.yml

@@ -3,8 +3,6 @@ name: docs
 on:
   push:
     branches: [ master ]
-  pull_request:
-    branches: [ master ]
 
 jobs:
   deploy:

.github/workflows/tests.yml

@@ -51,7 +51,7 @@ jobs:
       - name: Install dependencies
         run: |
           pip install --upgrade pip
-          python -m pip install -e .
+          sh build.sh
           pip install tox tox-gh-actions
       - name: Run tests using tox
         run: tox -e ${{ matrix.env }}

.gitignore

@@ -1,10 +1,16 @@
+# caches
 .idea
 .tox
 .pytest_cache
 *.egg-info
 __pycache__
 
+# docs
 docs/node_modules
 docs/package-lock.json
 docs/.vitepress/cache
 docs/.vitepress/dist
+
+# build
+build
+dist

MANIFEST.in

@@ -0,0 +1 @@
+include src/django_forbid/templates/*.html

build.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# last version of `build` supporting Python 3.6
+pip install build==0.9.0
+
+# build the wheel and install it
+WHEEL_NAME=$(python -m build | grep -Po "django_forbid-.*\.whl" | tail -n 1)
+pip install dist/$WHEEL_NAME

setup.cfg

@@ -26,7 +26,7 @@ keywords =
     detection
     django-forbid
 license = MIT
-license_file = LICENSE
+license_files = LICENSE
 platforms = unix, linux, osx, win32
 classifiers =
     Operating System :: OS Independent
@@ -50,6 +50,7 @@ classifiers =
 [options]
 packages =
     django_forbid
+    django_forbid.skills
 install_requires =
     Django>=2.1
     geoip2

src/django_forbid/__init__.py

@@ -1 +1 @@
-__version__ = "0.1.0"
+__version__ = "0.1.2"

src/django_forbid/middleware.py

@@ -3,9 +3,9 @@
 from .skills.forbid_network import ForbidNetworkMiddleware
 
 __skills__ = (
-    ForbidDeviceMiddleware,
-    ForbidLocationMiddleware,
     ForbidNetworkMiddleware,
+    ForbidLocationMiddleware,
+    ForbidDeviceMiddleware,
 )
 
 

src/django_forbid/skills/forbid_network.py

@@ -22,7 +22,17 @@ def erase_response_attributes():
             for attr in response_attributes:
                 request.session.pop(attr)
 
+        def forbidden_page():
+            # Redirects to the FORBIDDEN_NET URL if set.
+            if Settings.has("OPTIONS.URL.FORBIDDEN_NET"):
+                return redirect(Settings.get("OPTIONS.URL.FORBIDDEN_NET"))
+            return HttpResponseForbidden()
+
+        geoip2_tz = request.session.get("GEOIP2_TZ")
+        verified_tz = request.session.get("VERIFIED_TZ", "")
+
         if any([
+            verified_tz == geoip2_tz,
             # Checks if VPN is False or not set.
             not Settings.get("OPTIONS.VPN", False),
             # Checks if the request is an AJAX request.
@@ -33,19 +43,19 @@ def erase_response_attributes():
         ]):
             return self.get_response(request)
 
+        # Checks if GEOIP2_TZ and VERIFIED_TZ don't exist.
+        if all([verified_tz, geoip2_tz != "N/A"]):
+            return forbidden_page()
+
         if all(map(request.session.has_key, ("GEOIP2_TZ", *response_attributes))):
             # Handles if the user's timezone differs from the
             # one determined by GeoIP API. If so, VPN is used.
-            verified_tz = request.session.get("VERIFIED_TZ")
-            geoip2_tz = request.session.get("GEOIP2_TZ")
             client_tz = request.POST.get("CLIENT_TZ", verified_tz)
 
             if geoip2_tz != "N/A" and client_tz != geoip2_tz:
+                request.session["VERIFIED_TZ"] = ""
                 erase_response_attributes()
-                # Redirects to the FORBIDDEN_NET URL if set.
-                if Settings.has("OPTIONS.URL.FORBIDDEN_NET"):
-                    return redirect(Settings.get("OPTIONS.URL.FORBIDDEN_NET"))
-                return HttpResponseForbidden()
+                return forbidden_page()
 
             # Restores the response from the session.
             response = HttpResponse(**{

tests/test_network_middleware.py

@@ -12,19 +12,16 @@ def skips(get_response, ip_address, ajax=False):
     return response.status_code == 200
 
 
-def forbids(get_response, ip_address):
-    detector = Detector(get_response)
+def forbids_shared_session(detector, ip_address):
     response = detector.request_resource(ip_address)
-    assert response.status_code == 302
-    response = detector.request_access()
+    if response.status_code == 302:
+        response = detector.request_access(ip_address)
     return response.status_code == 403
 
 
-def forbids_shared_session(detector, ip_address):
-    response = detector.request_resource(ip_address)
-    assert response.status_code == 302
-    response = detector.request_access()
-    return response.status_code == 403
+def forbids(get_response, ip_address):
+    detector = Detector(get_response)
+    return forbids_shared_session(detector, ip_address)
 
 
 class Detector:
@@ -36,13 +33,15 @@ def request_resource(self, ip_address=""):
         """Sends a request to the server to access a resource"""
         request = self.request.get()
         request.META["HTTP_X_FORWARDED_FOR"] = ip_address
-        get_response = ForbidLocationMiddleware(self.get_response)
-        return ForbidNetworkMiddleware(get_response)(request)
+        get_response = ForbidNetworkMiddleware(self.get_response)
+        return ForbidLocationMiddleware(get_response)(request)
 
-    def request_access(self):
+    def request_access(self, ip_address=""):
         """Simulates the request sent by the user browser to the server"""
         request = self.request.post({"CLIENT_TZ": "Europe/London"})
-        return ForbidNetworkMiddleware(self.get_response)(request)
+        request.META["HTTP_X_FORWARDED_FOR"] = ip_address
+        get_response = ForbidNetworkMiddleware(self.get_response)
+        return ForbidLocationMiddleware(get_response)(request)
 
 
 def test_should_allow_all_when_no_config_provided(get_response):

tests/test_primary_middleware.py

@@ -11,8 +11,10 @@
 
 def forbids(get_response, request):
     response = ForbidMiddleware(get_response)(request)
+    client_ip = request.META["HTTP_X_FORWARDED_FOR"]
     if response.status_code == 302:
         request = wsgi.post({"CLIENT_TZ": "Europe/London"})
+        request.META["HTTP_X_FORWARDED_FOR"] = client_ip
         response = ForbidMiddleware(get_response)(request)
     return response.status_code == 403
 
@@ -49,9 +51,32 @@ def test_should_forbid_users_when_country_in_territories_blacklist(get_response)
 
 @override_settings(DJANGO_FORBID={"COUNTRIES": ["GB"], "OPTIONS": {"VPN": True}})
 def test_should_allow_users_when_country_in_countries_whitelist(get_response):
+    """Should allow access to users from countries in whitelist."""
     for ip_address in IP.all:
         request.META["HTTP_X_FORWARDED_FOR"] = ip_address
         if ip_address == IP.ip_london:
             assert not forbids(get_response, request)
             continue
         assert forbids(get_response, request)
+
+
+@override_settings(DJANGO_FORBID={"OPTIONS": {"VPN": True}})
+def test_should_allow_users_only_from_great_britain_with_shared_session(get_response):
+    """It should give access to the user from Great Britain when session is shared"""
+    # Get access from London
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_london
+    assert not forbids(get_response, request)
+    # Turn on VPN temporary
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_zurich
+    assert forbids(get_response, request)
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_cobain
+    assert forbids(get_response, request)
+    # Turn off VPN - back to London
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_london
+    assert not forbids(get_response, request)
+    # Turn on VPN temporary
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_cobain
+    assert forbids(get_response, request)
+    # Turn off VPN - back to London
+    request.META["HTTP_X_FORWARDED_FOR"] = IP.ip_london
+    assert not forbids(get_response, request)

tox.ini

@@ -14,6 +14,7 @@ deps =
     django32: django<3.3
     django21: django==2.1
     -r{toxinidir}/tests/requirements.txt
+allowlist_externals = sh
 commands =
-    pip install -e .
+    sh build.sh
     pytest