/// <summary>
/// Validate authenticated claims.
/// </summary>
/// <param name="claimsPrincipal">Request claims.</param>
/// <param name="ignoreSchedule">Whether to ignore parental control.</param>
/// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
/// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
/// <returns>Validated claim status.</returns>
protected bool ValidateClaims(
ClaimsPrincipal claimsPrincipal,
bool ignoreSchedule = false,
bool localAccessOnly = false,
bool requiredDownloadPermission = false)
{
// Ensure claim has userId.
var userId = ClaimHelpers.GetUserId(claimsPrincipal);
if (!userId.HasValue)
{
return(false);
}
// Ensure userId links to a valid user.
var user = _userManager.GetUserById(userId.Value);
if (user == null)
{
return(false);
}
// Ensure user is not disabled.
if (user.HasPermission(PermissionKind.IsDisabled))
{
return(false);
}
var ip = _httpContextAccessor.HttpContext.GetNormalizedRemoteIp();
var isInLocalNetwork = _networkManager.IsInLocalNetwork(ip);
// User cannot access remotely and user is remote
if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
{
return(false);
}
if (localAccessOnly && !isInLocalNetwork)
{
return(false);
}
// User attempting to access out of parental control hours.
if (!ignoreSchedule &&
!user.HasPermission(PermissionKind.IsAdministrator) &&
!user.IsParentalScheduleAllowed())
{
return(false);
}
// User attempting to download without permission.
if (requiredDownloadPermission &&
!user.HasPermission(PermissionKind.EnableContentDownloading))
{
return(false);
}
return(true);
}
public ActionResult <int> Deauthorize()
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(0);
}
return(_quickConnect.DeleteAllDevices(userId.Value));
}
public ActionResult <bool> Authorize([FromQuery, Required] string code)
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id"));
}
return(_quickConnect.AuthorizeRequest(userId.Value, code));
}
public ActionResult<UserDto> GetCurrentUser()
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (userId is null)
{
return BadRequest();
}
var user = _userManager.GetUserById(userId.Value);
if (user == null)
{
return BadRequest();
}
return _userManager.GetUserDto(user);
}
public async Task <ActionResult <bool> > Authorize([FromQuery, Required] string code)
{
var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{
return(StatusCode(StatusCodes.Status403Forbidden, "Unknown user id"));
}
try
{
return(await _quickConnect.AuthorizeRequest(userId.Value, code).ConfigureAwait(false));
}
catch (AuthenticationException)
{
return(Unauthorized("Quick connect is disabled"));
}
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
{
if (!ValidateClaims(context.User))
{
context.Fail();
return(Task.CompletedTask);
}
var userId = ClaimHelpers.GetUserId(context.User);
var user = _userManager.GetUserById(userId !.Value);
if ((requirement.RequiredAccess.HasValue && user.SyncPlayAccess == requirement.RequiredAccess) ||
user.SyncPlayAccess == SyncPlayAccess.CreateAndJoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
{
if (!ValidateClaims(context.User))
{
context.Fail();
return(Task.CompletedTask);
}
var userId = ClaimHelpers.GetUserId(context.User);
var user = _userManager.GetUserById(userId !.Value);
if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups ||
user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups ||
_syncPlayManager.IsUserActive(userId.Value))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup)
{
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups ||
user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup)
{
if (_syncPlayManager.IsUserActive(userId.Value))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}