Merge pull request #191 from ahivert/fix-178

fix: keep only the first ip to match postgres inet type

README.md

@@ -163,7 +163,7 @@ DJANGO_REST_PASSWORDRESET_IP_ADDRESS_HEADER = 'HTTP_X_FORWARDED_FOR'
 The same is true for the user agent:
 
 ```python
-HTTP_USER_AGENT_HEADER = 'HTTP_USER_AGENT'
+DJANGO_REST_PASSWORDRESET_HTTP_USER_AGENT_HEADER = 'HTTP_USER_AGENT'
 ```
 
 ## Custom Token Generator

django_rest_passwordreset/views.py

@@ -99,7 +99,7 @@ def generate_token_for_email(email, user_agent='', ip_address=''):
             return ResetPasswordToken.objects.create(
                 user=user,
                 user_agent=user_agent,
-                ip_address=ip_address,
+                ip_address=ip_address.split(",")[0],
             )
 
 

tests/test/test_auth_test_case.py

@@ -447,6 +447,19 @@ def test_clear_expired_tokens(self):
         # there should be zero tokens
         self.assertEqual(ResetPasswordToken.objects.all().count(), 0)
 
+    def test_generate_token_for_email_with_multiple_ip_address(self):
+        """
+        Test generating tokens with multiple ip address will keep only the first
+        one to match inet type
+        https://www.postgresql.org/docs/current/datatype-net-types.html#DATATYPE-INET
+        https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#syntax
+        """
+        # request a new token with multiple ips
+        generate_token_for_email(email="[email protected]", ip_address="1.1.1.1, 2.2.2.2")
+
+        # there should be one token with only the first ip adress
+        self.assertEqual(ResetPasswordToken.objects.get().ip_address, "1.1.1.1")
+
     def test_generate_token_for_email(self):
         """ Tests generating tokens for a specific email address programmatically """