Still IP authenticated even when IP authentication is disabled

Issue

Even though IP authentication is disabled:

I am still being recognized from an IP that is in the list and authenticated via IP:

Possible solution (galileo_search)

(Note: this solution pertains to galileo_search and we don't want to do that. Instead, we want to do this in galileo_admin.)

Need to check for that boolean here (I think)

https://gitlab.galileo.usg.edu/galileo/galileo_search/-/blob/master/app/controllers/sessions_controller.rb#L20

Possible solution (galileo_admin)

I think the problem is here: https://gitlab.galileo.usg.edu/galileo/galileo_admin/-/blob/master/app/models/institution.rb#L394

We want to remove_ips_in_cache if ip_authentication false. But on line 396, we're returning if neither of these fields is changed when the record was saved. But what if ip_authentication is already false and we add some IPs? In that case, it looks like the IPs are added without checking ip_authentication.

I can't be sure without banging on it, but that line looks fishy.

Edited Feb 19, 2021 by Brad Baxter