Merge pull request #6779 from Piccirello/disable-web-auth

Add ip subnet whitelist for bypassing webui auth
2025-12-23 08:48:07 -06:00 · 2017-11-20 21:52:33 +03:00
parent 236abcf3f1 0de2f1776e
commit f41cb8089d
16 changed files with 509 additions and 22 deletions
--- a/src/gui/CMakeLists.txt
+++ b/src/gui/CMakeLists.txt
@@ -30,7 +30,6 @@ set(QBT_GUI_HEADERS
 about_imp.h
 addnewtorrentdialog.h
 advancedsettings.h
-advancedsettings.h
 autoexpandabledialog.h
 banlistoptions.h
 categoryfiltermodel.h
@@ -45,6 +44,7 @@ fspathedit.h
 fspathedit_p.h
 guiiconprovider.h
 hidabletabwidget.h
+ipsubnetwhitelistoptionsdialog.h
 loglistwidget.h
 mainwindow.h
 messageboxraised.h
@@ -90,6 +90,7 @@ executionlog.cpp
 fspathedit.cpp
 fspathedit_p.cpp
 guiiconprovider.cpp
+ipsubnetwhitelistoptionsdialog.cpp
 loglistwidget.cpp
 mainwindow.cpp
 messageboxraised.cpp
@@ -135,6 +136,7 @@ mainwindow.ui
 about.ui
 banlistoptions.ui
 cookiesdialog.ui
+ipsubnetwhitelistoptionsdialog.ui
 previewselectdialog.ui
 login.ui
 downloadfromurldlg.ui
--- a/src/gui/banlistoptions.cpp
+++ b/src/gui/banlistoptions.cpp
@@ -70,8 +70,11 @@ void BanListOptions::on_buttonBox_accepted()
            IPList << index.data().toString();
        }
        BitTorrent::Session::instance()->setBannedIPs(IPList);
+        QDialog::accept();
+    }
+    else {
+        QDialog::reject();
    }
-    QDialog::accept();
 }

 void BanListOptions::on_buttonBanIP_clicked()
--- a/src/gui/gui.pri
+++ b/src/gui/gui.pri
@@ -55,6 +55,7 @@ HEADERS += \
    $$PWD/tagfilterproxymodel.h \
    $$PWD/tagfilterwidget.h \
    $$PWD/banlistoptions.h \
+    $$PWD/ipsubnetwhitelistoptionsdialog.h \
    $$PWD/rss/rsswidget.h \
    $$PWD/rss/articlelistwidget.h \
    $$PWD/rss/feedlistwidget.h \
@@ -109,6 +110,7 @@ SOURCES += \
    $$PWD/tagfilterproxymodel.cpp \
    $$PWD/tagfilterwidget.cpp \
    $$PWD/banlistoptions.cpp \
+    $$PWD/ipsubnetwhitelistoptionsdialog.cpp \
    $$PWD/rss/rsswidget.cpp \
    $$PWD/rss/articlelistwidget.cpp \
    $$PWD/rss/feedlistwidget.cpp \
@@ -150,6 +152,7 @@ FORMS += \
    $$PWD/search/searchtab.ui \
    $$PWD/cookiesdialog.ui \
    $$PWD/banlistoptions.ui \
+    $$PWD/ipsubnetwhitelistoptionsdialog.ui \
    $$PWD/rss/rsswidget.ui \
    $$PWD/rss/automatedrssdownloader.ui \
    $$PWD/torrentcategorydialog.ui
--- a/src/gui/ipsubnetwhitelistoptionsdialog.cpp
+++ b/src/gui/ipsubnetwhitelistoptionsdialog.cpp
@@ -0,0 +1,111 @@
+/*
+ * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2017  Thomas Piccirello <thomas@piccirello.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * In addition, as a special exception, the copyright holders give permission to
+ * link this program with the OpenSSL project's "OpenSSL" library (or with
+ * modified versions of it that use the same license as the "OpenSSL" library),
+ * and distribute the linked executables. You must obey the GNU General Public
+ * License in all respects for all of the code used other than "OpenSSL".  If you
+ * modify file(s), you may extend this exception to your version of the file(s),
+ * but you are not obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ */
+
+#include "ipsubnetwhitelistoptionsdialog.h"
+
+#include <QHostAddress>
+#include <QMessageBox>
+#include <QPair>
+#include <QSortFilterProxyModel>
+#include <QStringListModel>
+
+#include "base/preferences.h"
+#include "base/utils/net.h"
+#include "ui_ipsubnetwhitelistoptionsdialog.h"
+
+IPSubnetWhitelistOptionsDialog::IPSubnetWhitelistOptionsDialog(QWidget *parent)
+    : QDialog(parent)
+    , m_ui(new Ui::IPSubnetWhitelistOptionsDialog)
+    , m_modified(false)
+{
+    m_ui->setupUi(this);
+
+    QStringList authSubnetWhitelistStringList;
+    for (const Utils::Net::Subnet &subnet : Preferences::instance()->getWebUiAuthSubnetWhitelist())
+        authSubnetWhitelistStringList << Utils::Net::subnetToString(subnet);
+    m_model = new QStringListModel(authSubnetWhitelistStringList, this);
+
+    m_sortFilter = new QSortFilterProxyModel(this);
+    m_sortFilter->setDynamicSortFilter(true);
+    m_sortFilter->setSourceModel(m_model);
+
+    m_ui->whitelistedIPSubnetList->setModel(m_sortFilter);
+    m_ui->whitelistedIPSubnetList->sortByColumn(0, Qt::AscendingOrder);
+    m_ui->buttonWhitelistIPSubnet->setEnabled(false);
+}
+
+IPSubnetWhitelistOptionsDialog::~IPSubnetWhitelistOptionsDialog()
+{
+    delete m_ui;
+}
+
+void IPSubnetWhitelistOptionsDialog::on_buttonBox_accepted()
+{
+    if (m_modified) {
+        // save to session
+        QList<Utils::Net::Subnet> subnets;
+        // Operate on the m_sortFilter to grab the strings in sorted order
+        for (int i = 0; i < m_sortFilter->rowCount(); ++i) {
+            const QString subnet = m_sortFilter->index(i, 0).data().toString();
+            subnets.append(QHostAddress::parseSubnet(subnet));
+        }
+        Preferences::instance()->setWebUiAuthSubnetWhitelist(subnets);
+        QDialog::accept();
+    }
+    else {
+        QDialog::reject();
+    }
+}
+
+void IPSubnetWhitelistOptionsDialog::on_buttonWhitelistIPSubnet_clicked()
+{
+    bool ok = false;
+    const Utils::Net::Subnet subnet = Utils::Net::parseSubnet(m_ui->txtIPSubnet->text(), &ok);
+    if (!ok) {
+        QMessageBox::critical(this, tr("Error"), tr("The entered subnet is invalid."));
+        return;
+    }
+
+    m_model->insertRow(m_model->rowCount());
+    m_model->setData(m_model->index(m_model->rowCount() - 1, 0), Utils::Net::subnetToString(subnet));
+    m_ui->txtIPSubnet->clear();
+    m_modified = true;
+}
+
+void IPSubnetWhitelistOptionsDialog::on_buttonDeleteIPSubnet_clicked()
+{
+    for (const auto &i : m_ui->whitelistedIPSubnetList->selectionModel()->selectedIndexes())
+        m_sortFilter->removeRow(i.row());
+
+    m_modified = true;
+}
+
+void IPSubnetWhitelistOptionsDialog::on_txtIPSubnet_textChanged(const QString &subnetStr)
+{
+    m_ui->buttonWhitelistIPSubnet->setEnabled(Utils::Net::canParseSubnet(subnetStr));
+}
--- a/src/gui/ipsubnetwhitelistoptionsdialog.h
+++ b/src/gui/ipsubnetwhitelistoptionsdialog.h
@@ -0,0 +1,64 @@
+/*
+ * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2017  Thomas Piccirello <thomas@piccirello.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * In addition, as a special exception, the copyright holders give permission to
+ * link this program with the OpenSSL project's "OpenSSL" library (or with
+ * modified versions of it that use the same license as the "OpenSSL" library),
+ * and distribute the linked executables. You must obey the GNU General Public
+ * License in all respects for all of the code used other than "OpenSSL".  If you
+ * modify file(s), you may extend this exception to your version of the file(s),
+ * but you are not obligated to do so. If you do not wish to do so, delete this
+ * exception statement from your version.
+ */
+
+#ifndef OPTIONS_IPSUBNETWHITELIST_H
+#define OPTIONS_IPSUBNETWHITELIST_H
+
+#include <QDialog>
+
+class QSortFilterProxyModel;
+class QStringListModel;
+
+namespace Ui
+{
+    class IPSubnetWhitelistOptionsDialog;
+}
+
+class IPSubnetWhitelistOptionsDialog : public QDialog
+{
+    Q_OBJECT
+    Q_DISABLE_COPY(IPSubnetWhitelistOptionsDialog)
+
+public:
+    explicit IPSubnetWhitelistOptionsDialog(QWidget *parent = nullptr);
+    ~IPSubnetWhitelistOptionsDialog();
+
+private slots:
+    void on_buttonBox_accepted();
+    void on_buttonWhitelistIPSubnet_clicked();
+    void on_buttonDeleteIPSubnet_clicked();
+    void on_txtIPSubnet_textChanged(const QString &subnetStr);
+
+private:
+    Ui::IPSubnetWhitelistOptionsDialog *m_ui;
+    QStringListModel *m_model;
+    QSortFilterProxyModel *m_sortFilter;
+    bool m_modified;
+};
+
+#endif // OPTIONS_IPSUBNETWHITELIST_H
--- a/src/gui/ipsubnetwhitelistoptionsdialog.ui
+++ b/src/gui/ipsubnetwhitelistoptionsdialog.ui
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui version="4.0">
+ <class>IPSubnetWhitelistOptionsDialog</class>
+ <widget class="QDialog" name="IPSubnetWhitelistOptionsDialog">
+  <property name="geometry">
+   <rect>
+    <x>0</x>
+    <y>0</y>
+    <width>360</width>
+    <height>450</height>
+   </rect>
+  </property>
+  <property name="windowTitle">
+   <string>List of whitelisted IP subnets</string>
+  </property>
+  <layout class="QVBoxLayout" name="verticalLayout">
+   <item>
+    <widget class="QFrame" name="whitelistedIPSubnetBox">
+     <property name="autoFillBackground">
+      <bool>true</bool>
+     </property>
+     <property name="frameShape">
+      <enum>QFrame::Panel</enum>
+     </property>
+     <property name="frameShadow">
+      <enum>QFrame::Raised</enum>
+     </property>
+     <layout class="QVBoxLayout" name="verticalLayout_21">
+      <item>
+       <widget class="QTreeView" name="whitelistedIPSubnetList">
+        <property name="rootIsDecorated">
+         <bool>false</bool>
+        </property>
+        <property name="uniformRowHeights">
+         <bool>true</bool>
+        </property>
+        <property name="itemsExpandable">
+         <bool>false</bool>
+        </property>
+        <property name="sortingEnabled">
+         <bool>true</bool>
+        </property>
+        <attribute name="headerVisible">
+         <bool>false</bool>
+        </attribute>
+       </widget>
+      </item>
+      <item>
+       <layout class="QHBoxLayout" name="horizontalLayout_18">
+        <item>
+         <widget class="QLineEdit" name="txtIPSubnet">
+          <property name="placeholderText">
+            <string>Example: 172.17.32.0/24, fdff:ffff:c8::/40</string>
+          </property>
+         </widget>
+        </item>
+        <item>
+         <widget class="QPushButton" name="buttonWhitelistIPSubnet">
+          <property name="text">
+           <string>Add subnet</string>
+          </property>
+         </widget>
+        </item>
+        <item>
+         <widget class="QPushButton" name="buttonDeleteIPSubnet">
+          <property name="text">
+           <string>Delete</string>
+          </property>
+         </widget>
+        </item>
+       </layout>
+      </item>
+     </layout>
+    </widget>
+   </item>
+   <item>
+    <widget class="QDialogButtonBox" name="buttonBox">
+     <property name="standardButtons">
+      <set>QDialogButtonBox::Cancel|QDialogButtonBox::Ok</set>
+     </property>
+    </widget>
+   </item>
+  </layout>
+ </widget>
+ <tabstops>
+  <tabstop>whitelistedIPSubnetList</tabstop>
+  <tabstop>txtIPSubnet</tabstop>
+  <tabstop>buttonWhitelistIPSubnet</tabstop>
+  <tabstop>buttonDeleteIPSubnet</tabstop>
+ </tabstops>
+ <resources/>
+ <connections>
+  <connection>
+   <sender>buttonBox</sender>
+   <signal>rejected()</signal>
+   <receiver>IPSubnetWhitelistOptionsDialog</receiver>
+   <slot>reject()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>179</x>
+     <y>427</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>179</x>
+     <y>224</y>
+    </hint>
+   </hints>
+  </connection>
+ </connections>
+</ui>
--- a/src/gui/optionsdlg.cpp
+++ b/src/gui/optionsdlg.cpp
@@ -65,6 +65,7 @@
 #include "advancedsettings.h"
 #include "rss/automatedrssdownloader.h"
 #include "banlistoptions.h"
+#include "ipsubnetwhitelistoptionsdialog.h"
 #include "guiiconprovider.h"
 #include "scanfoldersdelegate.h"

@@ -350,6 +351,8 @@ OptionsDialog::OptionsDialog(QWidget *parent)
    connect(m_ui->textWebUiUsername, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
    connect(m_ui->textWebUiPassword, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
    connect(m_ui->checkBypassLocalAuth, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
+    connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, this, &ThisType::enableApplyButton);
+    connect(m_ui->checkBypassAuthSubnetWhitelist, &QAbstractButton::toggled, m_ui->IPSubnetWhitelistButton, &QPushButton::setEnabled);
    connect(m_ui->checkDynDNS, &QGroupBox::toggled, this, &ThisType::enableApplyButton);
    connect(m_ui->comboDNSService, qComboBoxCurrentIndexChanged, this, &ThisType::enableApplyButton);
    connect(m_ui->domainNameTxt, &QLineEdit::textChanged, this, &ThisType::enableApplyButton);
@@ -655,13 +658,16 @@ void OptionsDialog::saveOptions()
        pref->setWebUiPort(m_ui->spinWebUiPort->value());
        pref->setUPnPForWebUIPort(m_ui->checkWebUIUPnP->isChecked());
        pref->setWebUiHttpsEnabled(m_ui->checkWebUiHttps->isChecked());
+        // HTTPS
        if (m_ui->checkWebUiHttps->isChecked()) {
            pref->setWebUiHttpsCertificate(m_sslCert);
            pref->setWebUiHttpsKey(m_sslKey);
        }
+        // Authentication
        pref->setWebUiUsername(webUiUsername());
        pref->setWebUiPassword(webUiPassword());
        pref->setWebUiLocalAuthEnabled(!m_ui->checkBypassLocalAuth->isChecked());
+        pref->setWebUiAuthSubnetWhitelistEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
        // DynDNS
        pref->setDynDNSEnabled(m_ui->checkDynDNS->isChecked());
        pref->setDynDNSService(m_ui->comboDNSService->currentIndex());
@@ -1052,6 +1058,8 @@ void OptionsDialog::loadOptions()
    m_ui->textWebUiUsername->setText(pref->getWebUiUsername());
    m_ui->textWebUiPassword->setText(pref->getWebUiPassword());
    m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled());
+    m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
+    m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());

    m_ui->checkDynDNS->setChecked(pref->isDynDNSEnabled());
    m_ui->comboDNSService->setCurrentIndex(static_cast<int>(pref->getDynDNSService()));
@@ -1724,7 +1732,14 @@ bool OptionsDialog::webUIAuthenticationOk()

 void OptionsDialog::on_banListButton_clicked()
 {
-    //have to call dialog window
-    BanListOptions bl(this);
-    bl.exec();
+    // call dialog window
+    if (BanListOptions(this).exec() == QDialog::Accepted)
+        enableApplyButton();
+}
+
+void OptionsDialog::on_IPSubnetWhitelistButton_clicked()
+{
+    // call dialog window
+    if (IPSubnetWhitelistOptionsDialog(this).exec() == QDialog::Accepted)
+        enableApplyButton();
 }
--- a/src/gui/optionsdlg.h
+++ b/src/gui/optionsdlg.h
@@ -99,6 +99,7 @@ private slots:
    void on_IpFilterRefreshBtn_clicked();
    void handleIPFilterParsed(bool error, int ruleCount);
    void on_banListButton_clicked();
+    void on_IPSubnetWhitelistButton_clicked();
    void on_randomButton_clicked();
    void on_addScanFolderButton_clicked();
    void on_removeScanFolderButton_clicked();
--- a/src/gui/optionsdlg.ui
+++ b/src/gui/optionsdlg.ui
@@ -3005,7 +3005,27 @@ Use ';' to split multiple entries. Can use wildcard '*'.</string>
                  <item row="4" column="0" colspan="2">
                   <widget class="QCheckBox" name="checkBypassLocalAuth">
                    <property name="text">
-                     <string>Bypass authentication for localhost</string>
+                     <string>Bypass authentication for clients on localhost</string>
+                    </property>
+                   </widget>
+                  </item>
+                  <item row="5" column="0" colspan="2">
+                   <widget class="QCheckBox" name="checkBypassAuthSubnetWhitelist">
+                    <property name="text">
+                     <string>Bypass authentication for clients in whitelisted IP subnets</string>
+                    </property>
+                   </widget>
+                  </item>
+                  <item row="6" column="1" colspan="1">
+                   <widget class="QPushButton" name="IPSubnetWhitelistButton">
+                    <property name="sizePolicy">
+                     <sizepolicy hsizetype="Fixed" vsizetype="Fixed">
+                      <horstretch>0</horstretch>
+                      <verstretch>0</verstretch>
+                     </sizepolicy>
+                    </property>
+                    <property name="text">
+                     <string>IP subnet whitelist...</string>
                    </property>
                   </widget>
                  </item>
@@ -3289,6 +3309,8 @@ Use ';' to split multiple entries. Can use wildcard '*'.</string>
  <tabstop>btnWebUiCrt</tabstop>
  <tabstop>btnWebUiKey</tabstop>
  <tabstop>checkBypassLocalAuth</tabstop>
+  <tabstop>checkBypassAuthSubnetWhitelist</tabstop>
+  <tabstop>IPSubnetWhitelistButton</tabstop>
  <tabstop>checkDynDNS</tabstop>
  <tabstop>comboDNSService</tabstop>
  <tabstop>registerDNSBtn</tabstop>