diff options
| author | Michalis Adamidis <gsnerf@gsnerf.de> | 2014-09-15 02:20:45 +0200 |
|---|---|---|
| committer | Michalis Adamidis <gsnerf@gsnerf.de> | 2014-09-15 02:20:45 +0200 |
| commit | 671d302a92f79ec9c65dbae9c46a342038bfee96 (patch) | |
| tree | 4b48ad27a1f01dff2e2e07aef8975fed2cb6d71e /MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs | |
| parent | 7690608ed578d3c1dbf3849122107af503855a81 (diff) | |
| parent | 6babe4f5103c83d75da1924027f6e13aea165085 (diff) | |
Merge branch 'master' of https://github.com/MediaBrowser/MediaBrowser
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs')
| -rw-r--r-- | MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs index ea0982491..4b699c018 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs @@ -1,5 +1,4 @@ -using System.Collections.Generic; -using MediaBrowser.Controller.Configuration; +using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Session; @@ -42,24 +41,29 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security /// </summary> public string HtmlRedirect { get; set; } - public void Authenticate(IRequest req, IResponse res, object requestDto, bool allowLocal) + public void Authenticate(IRequest request, + IResponse response, + object requestDto, + bool allowLocal, + string[] roles) { - if (HostContext.HasValidAuthSecret(req)) + if (HostContext.HasValidAuthSecret(request)) return; //ExecuteBasic(req, res, requestDto); //first check if session is authenticated //if (res.IsClosed) return; //AuthenticateAttribute already closed the request (ie auth failed) - ValidateUser(req, allowLocal); + ValidateUser(request, allowLocal, roles); } - private void ValidateUser(IRequest req, bool allowLocal) + private void ValidateUser(IRequest req, bool allowLocal, + string[] roles) { //This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(req); if (!string.IsNullOrWhiteSpace(auth.Token) - || _config.Configuration.SecureApps1.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)) + || _config.Configuration.SecureApps2.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)) { if (!allowLocal || !req.IsLocal) { @@ -73,8 +77,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security if (user == null & !string.IsNullOrWhiteSpace(auth.UserId)) { - // TODO: Re-enable - //throw new ArgumentException("User with Id " + auth.UserId + " not found"); + throw new ArgumentException("User with Id " + auth.UserId + " not found"); } if (user != null && user.Configuration.IsDisabled) @@ -82,6 +85,14 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security throw new AuthenticationException("User account has been disabled."); } + if (roles.Contains("admin", StringComparer.OrdinalIgnoreCase)) + { + if (user == null || !user.Configuration.IsAdministrator) + { + throw new ArgumentException("Administrative access is required for this request."); + } + } + if (!string.IsNullOrWhiteSpace(auth.DeviceId) && !string.IsNullOrWhiteSpace(auth.Client) && !string.IsNullOrWhiteSpace(auth.Device)) |