Add registration IP (#507)

This will keep track of which IP a user has registered from, to prevent evading rangebans. It will only be shown to admins.
2018-07-10 07:14:45 +02:00 · 2018-07-10 07:14:45 +02:00 · 8644472533
parent a38e5d5b53
commit 8644472533
4 changed files with 40 additions and 3 deletions
--- a/migrations/versions/f703f911d4ae_add_registration_ip.py
+++ b/migrations/versions/f703f911d4ae_add_registration_ip.py
@ -0,0 +1,28 @@
+"""add registration IP
+
+Revision ID: f703f911d4ae
+Revises: f69d7fec88d6
+Create Date: 2018-07-09 13:04:50.652781
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'f703f911d4ae'
+down_revision = 'f69d7fec88d6'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('users', sa.Column('registration_ip', sa.Binary(), nullable=True))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('users', 'registration_ip')
+    # ### end Alembic commands ###
--- a/nyaa/models.py
+++ b/nyaa/models.py
@ -487,6 +487,7 @@ class User(db.Model):
    created_time = db.Column(db.DateTime(timezone=False), default=datetime.utcnow)
    last_login_date = db.Column(db.DateTime(timezone=False), default=None, nullable=True)
    last_login_ip = db.Column(db.Binary(length=16), default=None, nullable=True)
+    registration_ip = db.Column(db.Binary(length=16), default=None, nullable=True)

    nyaa_torrents = db.relationship('NyaaTorrent', back_populates='user', lazy='dynamic')
    nyaa_comments = db.relationship('NyaaComment', back_populates='user', lazy='dynamic')
@ -573,6 +574,11 @@ class User(db.Model):
        if self.last_login_ip:
            return str(ip_address(self.last_login_ip))

+    @property
+    def reg_ip_string(self):
+        if self.registration_ip:
+            return str(ip_address(self.registration_ip))
+
    @classmethod
    def by_id(cls, id):
        return cls.query.get(id)
--- a/nyaa/templates/user.html
+++ b/nyaa/templates/user.html
@ -36,7 +36,9 @@
 						<dd>{{ user.userstatus_str }}</dt>
 						{%- if g.user.is_superadmin -%}
 						<dt>Last login IP:</dt>
-						<dd>{{ user.ip_string }}</dd><br>
+						<dd>{{ user.ip_string }}</dd>
+						<dt>Registration IP:</dt>
+						<dd>{{ user.reg_ip_string }}</dd>
 						{%- endif -%}
 					</dl>
 				</div>
--- a/nyaa/views/account.py
+++ b/nyaa/views/account.py
@ -86,10 +86,11 @@ def register():
    if flask.request.method == 'POST' and form.validate():
        user = models.User(username=form.username.data.strip(),
                           email=form.email.data.strip(), password=form.password.data)
-        user.last_login_ip = ip_address(flask.request.remote_addr).packed
+        user.registration_ip = ip_address(flask.request.remote_addr).packed
+        user.last_login_ip = user.registration_ip
        db.session.add(user)
        db.session.commit()
-        if models.RangeBan.is_rangebanned(user.last_login_ip):
+        if models.RangeBan.is_rangebanned(user.registration_ip):
            flask.flash(flask.Markup('Your IP is blocked from creating new accounts. '
                                     'Please <a href="{}">ask a moderator</a> to manually '
                                     'activate your account <a href="{}">\'{}\'</a>.'