update QR code generation by implementing POST request handling and validating input fields in the authentication method forms

gatekeeper/forms.py

@@ -1,3 +1,4 @@
+import ipaddress
 import re
 
 import pyotp
@@ -317,6 +318,25 @@ class GatekeeperIPAddressForm(forms.ModelForm):
             'description': _('Description'),
         }
 
+    def clean(self):
+        cleaned_data = super().clean()
+        address = cleaned_data.get('address')
+        prefix_length = cleaned_data.get('prefix_length')
+        if address and prefix_length is not None:
+            try:
+                ip = ipaddress.ip_address(address)
+                max_prefix = 32 if ip.version == 4 else 128
+                if prefix_length > max_prefix:
+                    self.add_error(
+                        'prefix_length',
+                        _('Prefix length for IPv%(version)d must be between 0 and %(max)d.') % {
+                            'version': ip.version, 'max': max_prefix,
+                        },
+                    )
+            except ValueError:
+                pass  # address field validation handles invalid IPs
+        return cleaned_data
+
     def __init__(self, *args, **kwargs):
         cancel_url = kwargs.pop('cancel_url', '#')
         super().__init__(*args, **kwargs)

gatekeeper/views.py

@@ -255,9 +255,12 @@ def view_generate_totp_qr(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
         return HttpResponse("Access Denied", status=403)
 
-    totp_secret = request.GET.get('secret')
-    issuer = request.GET.get('issuer', 'wireguard_webadmin')
-    name = request.GET.get('name', 'Gatekeeper')
+    if request.method != 'POST':
+        return HttpResponse("Method Not Allowed", status=405)
+
+    totp_secret = request.POST.get('secret')
+    issuer = request.POST.get('issuer', 'wireguard_webadmin')
+    name = request.POST.get('name', 'Gatekeeper')
 
     if not totp_secret:
         return HttpResponse("No secret provided", status=400)