diff options
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs')
| -rw-r--r-- | MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs | 42 |
1 files changed, 8 insertions, 34 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs index 19870c435..2b9ae7d09 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs @@ -42,7 +42,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security /// </summary> public string HtmlRedirect { get; set; } - public void Authenticate(IRequest req, IResponse res, object requestDto) + public void Authenticate(IRequest req, IResponse res, object requestDto, bool allowLocal) { if (HostContext.HasValidAuthSecret(req)) return; @@ -50,13 +50,13 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security //ExecuteBasic(req, res, requestDto); //first check if session is authenticated //if (res.IsClosed) return; //AuthenticateAttribute already closed the request (ie auth failed) - ValidateUser(req); + ValidateUser(req, allowLocal); } // TODO: Remove this when all clients have supported the new sescurity - private readonly List<string> _updatedClients = new List<string>(){"Dashboard"}; + private readonly List<string> _updatedClients = new List<string>() { "Dashboard", "Chromecast" }; - private void ValidateUser(IRequest req) + private void ValidateUser(IRequest req, bool allowLocal) { //This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(req); @@ -65,7 +65,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security || _config.Configuration.EnableTokenAuthentication || _updatedClients.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)) { - SessionManager.ValidateSecurityToken(auth.Token); + if (!allowLocal || !req.IsLocal) + { + SessionManager.ValidateSecurityToken(auth.Token); + } } var user = string.IsNullOrWhiteSpace(auth.UserId) @@ -96,35 +99,6 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security } } - private void ExecuteBasic(IRequest req, IResponse res, object requestDto) - { - if (AuthenticateService.AuthProviders == null) - throw new InvalidOperationException( - "The AuthService must be initialized by calling AuthService.Init to use an authenticate attribute"); - - var matchingOAuthConfigs = AuthenticateService.AuthProviders.Where(x => - this.Provider.IsNullOrEmpty() - || x.Provider == this.Provider).ToList(); - - if (matchingOAuthConfigs.Count == 0) - { - res.WriteError(req, requestDto, "No OAuth Configs found matching {0} provider" - .Fmt(this.Provider ?? "any")); - res.EndRequest(); - } - - matchingOAuthConfigs.OfType<IAuthWithRequest>() - .Each(x => x.PreAuthenticate(req, res)); - - var session = req.GetSession(); - if (session == null || !matchingOAuthConfigs.Any(x => session.IsAuthorized(x.Provider))) - { - if (this.DoHtmlRedirectIfConfigured(req, res, true)) return; - - AuthProvider.HandleFailedAuth(matchingOAuthConfigs[0], session, req, res); - } - } - protected bool DoHtmlRedirectIfConfigured(IRequest req, IResponse res, bool includeRedirectParam = false) { var htmlRedirect = this.HtmlRedirect ?? AuthenticateService.HtmlRedirect; |