From c067fd4b62c7d05848749e888f82f81a6950fc42 Mon Sep 17 00:00:00 2001
From: Soham Kulkarni <77533095+sokumon@users.noreply.github.com>
Date: Fri, 24 Jan 2025 18:42:58 +0530
Subject: [PATCH] fix: remove whitespace from restrict ip and always check
 request_ip (#29867)

* fix: remove whitespace in restrict ip in validate

* fix: added check for request_ip

* fix: return if no restrict ip

* fix: set to localhost if none, refactor validate_ip_addr

* fix: validate ip_address cleanup and removed uncessary comments

* fix: validate ip_addr cleanup

* fix: remove unecessary check
---
 frappe/app.py                    | 2 +-
 frappe/auth.py                   | 7 +++++++
 frappe/core/doctype/user/user.py | 7 ++++++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/frappe/app.py b/frappe/app.py
index f5c5b69f88..42be683167 100644
--- a/frappe/app.py
+++ b/frappe/app.py
@@ -22,7 +22,7 @@ import frappe.rate_limiter
 import frappe.recorder
 import frappe.utils.response
 from frappe import _
-from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, validate_auth
+from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, check_request_ip, validate_auth
 from frappe.middlewares import StaticDataMiddleware
 from frappe.utils import CallbackManager, cint, get_site_name
 from frappe.utils.data import escape_html
diff --git a/frappe/auth.py b/frappe/auth.py
index c77d50ab93..ea7eb34b05 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -460,9 +460,11 @@ def validate_ip_address(user):
 
 	user_info = frappe.get_cached_doc("User", user)
 	ip_list = user_info.get_restricted_ip_list()
+
 	if not ip_list:
 		return
 
+	check_request_ip()
 	for ip in ip_list:
 		if frappe.local.request_ip.startswith(ip):
 			return
@@ -713,3 +715,8 @@ def validate_api_key_secret(api_key, api_secret, frappe_authorization_source=Non
 def validate_auth_via_hooks():
 	for auth_hook in frappe.get_hooks("auth_hooks", []):
 		frappe.get_attr(auth_hook)()
+
+
+def check_request_ip():
+	if frappe.local.request_ip is None:
+		frappe.local.request_ip = "127.0.0.1"
diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index 72cd63eda1..6b0deb3060 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -196,6 +196,8 @@ class User(Document):
 		self.validate_allowed_modules()
 		self.validate_user_image()
 		self.set_time_zone()
+		if self.restrict_ip:
+			self.validate_ip_addr()
 
 		if self.language == "Loading...":
 			self.language = None
@@ -811,6 +813,9 @@ class User(Document):
 			},
 		)
 
+	def validate_ip_addr(self):
+		self.restrict_ip = ",".join(self.get_restricted_ip_list())
+
 
 @frappe.whitelist()
 def get_timezones():
@@ -1314,7 +1319,7 @@ def get_restricted_ip_list(user):
 	if not user.restrict_ip:
 		return
 
-	return [i.strip() for i in user.restrict_ip.split(",")]
+	return [i.strip() for i in user.restrict_ip.strip().split(",")]
 
 
 @frappe.whitelist(methods=["POST"])