Drop checking URL blacklists to block users

This simply does not work because of too many false-positives
and some bad handling of DNS lookups in the webapp

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/auth.py b/src/web/auth.py
index e20a553c42bfec58c1826d04800a90fa63cd18f2..bf7ab2dd9926d806fd8ac2750f276ff54ceccb07 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -39,14 +39,12 @@ class AuthenticationMixin(CacheMixin):
 
 
 class LoginHandler(AuthenticationMixin, base.BaseHandler):
-       @base.blacklisted
        def get(self):
                next = self.get_argument("next", None)
 
                self.render("auth/login.html", next=next,
                        incorrect=False, username=None)
 
-       @base.blacklisted
        @base.ratelimit(minutes=60, requests=5)
        def post(self):
                username = self.get_argument("username")
@@ -84,7 +82,6 @@ class LogoutHandler(AuthenticationMixin, base.BaseHandler):
 
 
 class RegisterHandler(base.BaseHandler):
-       @base.blacklisted
        def get(self):
                # Redirect logged in users away
                if self.current_user:

diff --git a/src/web/blog.py b/src/web/blog.py
index 70349f6fcefb4744aca50bd65227592d6425401c..375adfc371528f6c372f16fc6ea7251b347c2f60 100644 (file)
--- a/src/web/blog.py
+++ b/src/web/blog.py
@@ -119,7 +119,6 @@ class DraftsHandler(auth.CacheMixin, base.BaseHandler):
 
 
 class SearchHandler(auth.CacheMixin, base.BaseHandler):
-       @base.blacklisted
        def get(self):
                q = self.get_argument("q")
 

diff --git a/src/web/donate.py b/src/web/donate.py
index b22b8cad5ffba49b730cd09b763a35a83ce8a076..21f8e81c23d22d027178d50e789d7ab0dccafbaa 100644 (file)
--- a/src/web/donate.py
+++ b/src/web/donate.py
@@ -6,11 +6,6 @@ import tornado.web
 from . import base
 
 class DonateHandler(base.BaseHandler):
-       @base.blacklisted
-       def prepare(self):
-               # Makes sure that we call blacklist for everything
-               pass
-
        def get(self):
                location = self.get_remote_location()
 

diff --git a/src/web/newsletter.py b/src/web/newsletter.py
index c08478043451c7344c817bb426c03a4739e78b5c..0eb7875f6d07df3c0276b36d8833a7ff1d43942c 100644 (file)
--- a/src/web/newsletter.py
+++ b/src/web/newsletter.py
@@ -7,11 +7,6 @@ import tornado.process
 from . import base
 
 class SubscribeHandler(base.BaseHandler):
-       @base.blacklisted
-       def prepare(self):
-               # Makes sure that we call blacklist for everything
-               pass
-
        @base.ratelimit(minutes=15, requests=5)
        def post(self):
                address = self.get_argument("email")

diff --git a/src/web/nopaste.py b/src/web/nopaste.py
index d08eedbc0b2a4d01bd4134ab33d8cf16123d0913..759a5beb0c0fee7d51406d3cb8e7d9d4fe4821c7 100644 (file)
--- a/src/web/nopaste.py
+++ b/src/web/nopaste.py
@@ -9,7 +9,6 @@ from . import ui_modules
 class CreateHandler(auth.CacheMixin, base.BaseHandler):
        MODES = ("paste", "upload")
 
-       @base.blacklisted
        def get(self):
                mode = self.get_argument("mode", "paste")
                if not mode in self.MODES:
@@ -18,7 +17,6 @@ class CreateHandler(auth.CacheMixin, base.BaseHandler):
                self.render("nopaste/create.html", mode=mode,
                        max_size=self._max_size)
 
-       @base.blacklisted
        @base.ratelimit(minutes=15, requests=5)
        def post(self):
                mode = self.get_argument("mode")
@@ -68,7 +66,6 @@ class CreateHandler(auth.CacheMixin, base.BaseHandler):
 
 
 class RawHandler(base.BaseHandler):
-       @base.blacklisted
        def get(self, uid):
                entry = self.backend.nopaste.get(uid)
                if not entry:
@@ -89,7 +86,6 @@ class RawHandler(base.BaseHandler):
 
 
 class ViewHandler(auth.CacheMixin, base.BaseHandler):
-       @base.blacklisted
        def get(self, uid):
                entry = self.backend.nopaste.get(uid)
                if not entry: