Is there any way that i can Restrict Check In & CheckOut Based on IP Address?

ShaonPro · October 19, 2024, 4:42pm

Is there any way that i can Restrict Check In & CheckOut Based on IP Address?
I am using Cloudflare - and i want to whitelist only my office and some more ip to check-in and checkout.

Is there any way?

Thanks

avc · October 19, 2024, 5:53pm

Hi @ShaonPro:

Check this …

Hope this helps.

ShaonPro · October 19, 2024, 6:19pm

Can you tell me from where i can add this?
in details - that would be very helpful .

Thanks

Vijayan_R · October 19, 2024, 11:52pm

First Go customize form and select employee doctype and add the custom field in that employee doctype

after update that go to server script by searching

after create server script and add the code in script and then save that and also set the allowed_checkin_ip for employee

ShaonPro · October 20, 2024, 4:52pm

@avc Hey
don’t know but there is nothing showing up.

avc · October 20, 2024, 5:03pm

Hi @ShaonPro

Try to refresh browser. If don’t works, open browser console and check if any error is shown. Share screenshot here

ShaonPro · October 20, 2024, 5:12pm

I have Updated the Script

And Added these - also added IPs
But still user can check in from other ips

ShaonPro · October 20, 2024, 5:33pm

Please Help

avc · October 20, 2024, 5:33pm

Hi @ShaonPro:

Allowed IP address should be informed on each employee document, not in “design”. Anyway, this method just works with one IP. It can be tuned to allow ip ranges, or a list of ips …

Or … try this

if frappe.request.headers.get('X-Forwarded-For'):
    ip_address = frappe.request.headers.get('X-Forwarded-For').split(',')[0]
else:
    ip_address = frappe.request.remote_addr

allowed_ips = ["103.72.212.29", "103.49.170.164"] # write here all your ips

if ip_address not in allowed_ips:
    frappe.throw("IP address not allowed")

ShaonPro · October 20, 2024, 6:24pm

i did these but still no luck.

ShaonPro · October 20, 2024, 6:51pm

@avc - User still can check in or out.

avc · October 20, 2024, 8:52pm

Hi @ShaonPro:

There are a lot of things that could be failing … show how your script is written now.
Share too how your doctype is customized, showing fieldname too.

Varun · October 23, 2024, 3:09am

Can’t you restrict the user login from unknown IPs?

avc · October 23, 2024, 5:42am

Hi @Varun:

Since “unknown” is a valid identifier for “X-Forwarded-For”, it should works … the value is not on on the allowed ip addresses.

Hope this helps.

EugeneP · November 2, 2024, 5:05pm

Hi @avc

Would I be able to get the IP on the client side with JS?

Thanks so much

avc · November 2, 2024, 9:34pm

Hi @EugeneP:

Best way is calling backend method from js, or using some external service like ipify
https://api.ipify.org?format=jsonp&callback=getip

Hope this helps.

ShaonPro · November 5, 2024, 10:14pm

Solutions For CloudFlare Users.

# Get the client's IP from Cloudflare headers, if available
if frappe.request.headers.get('CF-Connecting-IP'):
    ip_address = frappe.request.headers.get('CF-Connecting-IP')
elif frappe.request.headers.get('X-Forwarded-For'):
    ip_address = frappe.request.headers.get('X-Forwarded-For').split(',')[0]
else:
    ip_address = frappe.request.remote_addr

# Fetch the allowed IPs for the employee as a comma-separated list
allowed_ips = frappe.db.get_value("Employee", doc.employee, "custom_allowed_checkin_ip")

# Convert the list of allowed IPs into an array and strip whitespace
allowed_ips_list = [ip.strip() for ip in allowed_ips.split(',') if ip.strip()]

# Check if the current IP is in the list of allowed IPs
if ip_address not in allowed_ips_list:
    frappe.throw("IP address not allowed for check-in.")