From f003f93f97c2ff462fe67553ce0ba6c39d982f95 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 16:25:18 -1000 Subject: [PATCH 01/16] fix issue with probation list There was an issue that was treating a list like an OrderedDict and trying to 'popitem' - changed to just using [1:] --- firewall/middleware.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall/middleware.py b/firewall/middleware.py index e97528c9..9fd185a5 100644 --- a/firewall/middleware.py +++ b/firewall/middleware.py @@ -92,7 +92,7 @@ def __call__(self, request): return HttpResponseForbidden() else: # just pop the first one - self.probation_ips[ip].popitem(last=False) + self.probation_ips[ip] = self.probation_ips[1:] else: self.probation_ips[ip] = [datetime.now()] elif ip in self.probation_ips: @@ -118,4 +118,4 @@ def get_user_ip(self, request): # ip = request.META.get('REMOTE_ADDR') # return ip ip, _ = self.ipw.get_client_ip(request.META) - return ip \ No newline at end of file + return ip From 2dabb545c53bd9cec38b27b9fa8bcec203362bfd Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 16:31:35 -1000 Subject: [PATCH 02/16] Another middleware fix for probation IPs. --- firewall/middleware.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/middleware.py b/firewall/middleware.py index 9fd185a5..323322fd 100644 --- a/firewall/middleware.py +++ b/firewall/middleware.py @@ -78,7 +78,7 @@ def __call__(self, request): # did we get a 404? If so, see if this ip is messing with up if response.status_code == 404: if ip in self.probation_ips: - self.probation_ips[ip].append([datetime.now()]) + self.probation_ips[ip].append(datetime.now()) if len(self.probation_ips[ip]) > 2: time_since_first = datetime.now() - self.probation_ips[ip][0] if time_since_first.seconds < PROBATION_LIMIT: From e8db62b21a9011fd3c289854e731ec514ec07b33 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 16:39:10 -1000 Subject: [PATCH 03/16] Update tests.py to show probation is working now --- firewall/tests.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/firewall/tests.py b/firewall/tests.py index f5073a0f..256ea1ee 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -28,3 +28,18 @@ def test_ip_firewall(self): response = c.get(f"/xxx") # 600 seconds in future should get not found again assert response.status_code==404 + def test_clear_probation(self): + c = Client() + + # set up two bad requests + response = c.get(f"/xxx") + assert response.status_code==404 + + response = c.get(f"/xxx") + assert response.status_code==404 + + # if we don't send another until the future, we should come back 404 b/c the first + # request won't count against us anymore. + response = c.get(f"/xxx") + assert response.status_code==404 + From 85159a2b78221f37a82108b9a87fa41e17ae4b8b Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 16:54:42 -1000 Subject: [PATCH 04/16] Update tests.py --- firewall/tests.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 256ea1ee..1a71df6f 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -30,16 +30,14 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() - - # set up two bad requests response = c.get(f"/xxx") assert response.status_code==404 - response = c.get(f"/xxx") assert response.status_code==404 # if we don't send another until the future, we should come back 404 b/c the first # request won't count against us anymore. - response = c.get(f"/xxx") - assert response.status_code==404 + with freeze_time(datetime.now()+timedelta(seconds=601)): + response = c.get(f"/xxx") + assert response.status_code==404 From a4f329253bb0ff5854bbd08d72465bc9be58a49d Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:04:27 -1000 Subject: [PATCH 05/16] trying to fix tests --- firewall/tests.py | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 1a71df6f..feffe554 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -28,16 +28,15 @@ def test_ip_firewall(self): response = c.get(f"/xxx") # 600 seconds in future should get not found again assert response.status_code==404 - def test_clear_probation(self): - c = Client() - response = c.get(f"/xxx") - assert response.status_code==404 - response = c.get(f"/xxx") - assert response.status_code==404 - - # if we don't send another until the future, we should come back 404 b/c the first - # request won't count against us anymore. - with freeze_time(datetime.now()+timedelta(seconds=601)): - response = c.get(f"/xxx") - assert response.status_code==404 - +# def test_clear_probation(self): +# c = Client() +# response = c.get(f"/xxx") +# assert response.status_code==404 +# response = c.get(f"/xxx") +# assert response.status_code==404 +# +# # if we don't send another until the future, we should come back 404 b/c the first +# # request won't count against us anymore. +# with freeze_time(datetime.now()+timedelta(seconds=601)): +# response = c.get(f"/xxx") +# assert response.status_code==404 From fcb5c3f9f45b1928dd9060c1166a6a2934367227 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:15:46 -1000 Subject: [PATCH 06/16] Update tests.py --- firewall/tests.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/firewall/tests.py b/firewall/tests.py index feffe554..3f2afe9b 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -28,7 +28,9 @@ def test_ip_firewall(self): response = c.get(f"/xxx") # 600 seconds in future should get not found again assert response.status_code==404 -# def test_clear_probation(self): + def test_clear_probation(self): + assert True + # c = Client() # response = c.get(f"/xxx") # assert response.status_code==404 From 8b323da59ec271f0f0ba6209373a41aaffbdd54d Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:26:55 -1000 Subject: [PATCH 07/16] Update tests.py --- firewall/tests.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 3f2afe9b..a22ac22f 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -29,13 +29,11 @@ def test_ip_firewall(self): assert response.status_code==404 def test_clear_probation(self): - assert True - -# c = Client() -# response = c.get(f"/xxx") -# assert response.status_code==404 -# response = c.get(f"/xxx") -# assert response.status_code==404 + c = Client() + response = c.get(f"/xxx") + assert response.status_code==404 + response = c.get(f"/xxx") + assert response.status_code==404 # # # if we don't send another until the future, we should come back 404 b/c the first # # request won't count against us anymore. From c02a107eb716353399e02691010a246a4bf2dd7c Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:37:14 -1000 Subject: [PATCH 08/16] still trying to figure out what's wrong with the test --- firewall/tests.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/firewall/tests.py b/firewall/tests.py index a22ac22f..529fde97 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -30,6 +30,9 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() + assert True + return + response = c.get(f"/xxx") assert response.status_code==404 response = c.get(f"/xxx") From fe34f80ee0aaf1b133f57292ffec5dac431210ec Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:46:24 -1000 Subject: [PATCH 09/16] Update tests.py --- firewall/tests.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 529fde97..e51d1f1d 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -29,14 +29,12 @@ def test_ip_firewall(self): assert response.status_code==404 def test_clear_probation(self): - c = Client() - assert True - return - + c = Client() response = c.get(f"/xxx") - assert response.status_code==404 +# assert response.status_code==404 response = c.get(f"/xxx") - assert response.status_code==404 +# assert response.status_code==404 + assert True # # # if we don't send another until the future, we should come back 404 b/c the first # # request won't count against us anymore. From c7835f9df6bcae7fd1a4e0d75a8009359ec75e07 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 17:53:47 -1000 Subject: [PATCH 10/16] Update tests.py --- firewall/tests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index e51d1f1d..41622d68 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -30,9 +30,9 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() - response = c.get(f"/xxx") +# response = c.get(f"/xxx") # assert response.status_code==404 - response = c.get(f"/xxx") +# response = c.get(f"/xxx") # assert response.status_code==404 assert True # From c876cf808fdade8568c9df90707d011cca3ed3bf Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 18:03:46 -1000 Subject: [PATCH 11/16] Update tests.py --- firewall/tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/tests.py b/firewall/tests.py index 41622d68..363bcf5f 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -30,7 +30,7 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() -# response = c.get(f"/xxx") + response = c.get("/xxx") # assert response.status_code==404 # response = c.get(f"/xxx") # assert response.status_code==404 From 7a942827e2047c0e7464c93cca6df34e475d7824 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 18:12:02 -1000 Subject: [PATCH 12/16] Update tests.py --- firewall/tests.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 363bcf5f..051d04f6 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -29,12 +29,11 @@ def test_ip_firewall(self): assert response.status_code==404 def test_clear_probation(self): - c = Client() + c = Client() response = c.get("/xxx") # assert response.status_code==404 # response = c.get(f"/xxx") # assert response.status_code==404 - assert True # # # if we don't send another until the future, we should come back 404 b/c the first # # request won't count against us anymore. From 9f2d78d7d3769229da4e6d6ca40079ca7aa43de9 Mon Sep 17 00:00:00 2001 From: aaronoppenheimer Date: Sun, 28 Jun 2026 18:20:10 -1000 Subject: [PATCH 13/16] Update tests.py --- firewall/tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/firewall/tests.py b/firewall/tests.py index 051d04f6..6752f53c 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -30,7 +30,7 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() - response = c.get("/xxx") + response = c.get('/xxx') # assert response.status_code==404 # response = c.get(f"/xxx") # assert response.status_code==404 From a42b817503b52e39a9b03646fd8cf100d053f83f Mon Sep 17 00:00:00 2001 From: Aaron Oppenheimer Date: Fri, 3 Jul 2026 09:05:15 -0400 Subject: [PATCH 14/16] fixed formatting issue from desktop --- firewall/tests.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/firewall/tests.py b/firewall/tests.py index 6752f53c..acbb9b6f 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -31,12 +31,12 @@ def test_ip_firewall(self): def test_clear_probation(self): c = Client() response = c.get('/xxx') -# assert response.status_code==404 -# response = c.get(f"/xxx") -# assert response.status_code==404 -# -# # if we don't send another until the future, we should come back 404 b/c the first -# # request won't count against us anymore. -# with freeze_time(datetime.now()+timedelta(seconds=601)): -# response = c.get(f"/xxx") -# assert response.status_code==404 + assert response.status_code==404 + response = c.get(f"/xxx") + assert response.status_code==404 + + # if we don't send another until the future, we should come back 404 b/c the first + # request won't count against us anymore. + with freeze_time(datetime.now()+timedelta(seconds=601)): + response = c.get(f"/xxx") + assert response.status_code==404 From b424ce32259c12c37cf4d8d9f2764315a79bc658 Mon Sep 17 00:00:00 2001 From: Aaron Oppenheimer Date: Fri, 3 Jul 2026 09:48:02 -0400 Subject: [PATCH 15/16] during testing turn firewall off, but turn it on when testing the firewall --- firewall/middleware.py | 3 ++- firewall/tests.py | 6 ++++++ go3/settings.py | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/firewall/middleware.py b/firewall/middleware.py index 323322fd..57e7d778 100644 --- a/firewall/middleware.py +++ b/firewall/middleware.py @@ -45,6 +45,7 @@ def __init__(self, get_response): self.get_response = get_response def __call__(self, request): + ip = None if self.firewall_on: @@ -74,7 +75,7 @@ def __call__(self, request): request.firewall = self # pass this on the request so it can be used later response = self.get_response(request) - if self.firewall_on: + if ip and self.firewall_on: # did we get a 404? If so, see if this ip is messing with up if response.status_code == 404: if ip in self.probation_ips: diff --git a/firewall/tests.py b/firewall/tests.py index acbb9b6f..cdde01cc 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -2,6 +2,7 @@ from django.urls import reverse from freezegun import freeze_time from datetime import datetime, timedelta +from member.models import Member # Create your tests here. @@ -10,6 +11,11 @@ class FirewallTests(TestCase): def test_ip_firewall(self): c = Client() + superuser = Member.objects.create_user(email='super@b.c', is_superuser=True) + + c.force_login(superuser) + response = c.get("/firewall/firewall_on") + response = c.get(f"/xxx") assert response.status_code==404 response = c.get(f"/xxx") diff --git a/go3/settings.py b/go3/settings.py index a1dba845..db5a453b 100644 --- a/go3/settings.py +++ b/go3/settings.py @@ -355,4 +355,4 @@ } } -START_FIREWALL = env('START_FIREWALL',default=True) +START_FIREWALL = env('START_FIREWALL',default=not _testing) From 9b7852635b1f0de077352dde383b0683f4edc6b7 Mon Sep 17 00:00:00 2001 From: Aaron Oppenheimer Date: Fri, 3 Jul 2026 10:07:14 -0400 Subject: [PATCH 16/16] updated tests --- firewall/middleware.py | 2 +- firewall/tests.py | 26 ++++++++++++++------------ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/firewall/middleware.py b/firewall/middleware.py index 57e7d778..6fb4a929 100644 --- a/firewall/middleware.py +++ b/firewall/middleware.py @@ -93,7 +93,7 @@ def __call__(self, request): return HttpResponseForbidden() else: # just pop the first one - self.probation_ips[ip] = self.probation_ips[1:] + self.probation_ips[ip] = self.probation_ips[ip][1:] else: self.probation_ips[ip] = [datetime.now()] elif ip in self.probation_ips: diff --git a/firewall/tests.py b/firewall/tests.py index cdde01cc..a2910781 100644 --- a/firewall/tests.py +++ b/firewall/tests.py @@ -9,33 +9,35 @@ class FirewallTests(TestCase): def test_ip_firewall(self): - c = Client() - superuser = Member.objects.create_user(email='super@b.c', is_superuser=True) + c.force_login(Member.objects.create_user(email='super@b.c', is_superuser=True)) + _ = c.get("/firewall/firewall_on") + _ = c.get("/firewall/reset_stats") - c.force_login(superuser) - response = c.get("/firewall/firewall_on") - - response = c.get(f"/xxx") + response = c.get("/111") assert response.status_code==404 - response = c.get(f"/xxx") + response = c.get("/222") assert response.status_code==404 - response = c.get(f"/xxx") # third time should get permission denied + response = c.get("/333") # third time should get permission denied assert response.status_code==403 - response = c.get(f"/xxx") # fourth time should get permission denied + response = c.get("/444") # fourth time should get permission denied assert response.status_code==403 with freeze_time(datetime.now()+timedelta(seconds=100)): - response = c.get(f"/xxx") # 100 seconds in future should get permission denied + response = c.get("/555") # 100 seconds in future should get permission denied assert response.status_code==403 - with freeze_time(datetime.now()+timedelta(seconds=601)): - response = c.get(f"/xxx") # 600 seconds in future should get not found again + with freeze_time(datetime.now()+timedelta(seconds=600)): + response = c.get("/666") # 600 seconds in future should get not found again assert response.status_code==404 def test_clear_probation(self): c = Client() + c.force_login(Member.objects.create_user(email='super@b.c', is_superuser=True)) + _ = c.get("/firewall/firewall_on") + _ = c.get("/firewall/reset_stats") + response = c.get('/xxx') assert response.status_code==404 response = c.get(f"/xxx")