diff options
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer')
| -rw-r--r-- | MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs index e5a94d5cb..a1a68586b 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs @@ -68,7 +68,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security if (!string.IsNullOrWhiteSpace(auth.Token) || !_config.Configuration.InsecureApps2.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)) { - SessionManager.ValidateSecurityToken(auth.Token); + if (!IsValidConnectKey(auth.Token)) + { + SessionManager.ValidateSecurityToken(auth.Token); + } } } @@ -115,6 +118,16 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security } } + private bool IsValidConnectKey(string token) + { + if (!string.IsNullOrEmpty(token)) + { + return UserManager.Users.Any(u => string.Equals(token, u.ConnectAccessKey, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(u.ConnectAccessKey)); + } + + return false; + } + protected bool DoHtmlRedirectIfConfigured(IRequest req, IResponse res, bool includeRedirectParam = false) { var htmlRedirect = this.HtmlRedirect ?? AuthenticateService.HtmlRedirect; |