From f1a602f5a87f666eec03b9afd3f3edfa27d337f6 Mon Sep 17 00:00:00 2001 From: Luke Pulverenti Date: Sat, 18 Oct 2014 15:02:54 -0400 Subject: disable nuget package restore --- .../HttpServer/Security/AuthService.cs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs') diff --git a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs index e5a94d5cb..a1a68586b 100644 --- a/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/MediaBrowser.Server.Implementations/HttpServer/Security/AuthService.cs @@ -68,7 +68,10 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security if (!string.IsNullOrWhiteSpace(auth.Token) || !_config.Configuration.InsecureApps2.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)) { - SessionManager.ValidateSecurityToken(auth.Token); + if (!IsValidConnectKey(auth.Token)) + { + SessionManager.ValidateSecurityToken(auth.Token); + } } } @@ -115,6 +118,16 @@ namespace MediaBrowser.Server.Implementations.HttpServer.Security } } + private bool IsValidConnectKey(string token) + { + if (!string.IsNullOrEmpty(token)) + { + return UserManager.Users.Any(u => string.Equals(token, u.ConnectAccessKey, StringComparison.OrdinalIgnoreCase) && !string.IsNullOrEmpty(u.ConnectAccessKey)); + } + + return false; + } + protected bool DoHtmlRedirectIfConfigured(IRequest req, IResponse res, bool includeRedirectParam = false) { var htmlRedirect = this.HtmlRedirect ?? AuthenticateService.HtmlRedirect; -- cgit v1.2.3