Exemple #1
0
        private (string ClientName, string ClientVersion) GetRequestInformation()
        {
            var clientName    = ClaimHelpers.GetClient(HttpContext.User) ?? "unknown-client";
            var clientVersion = ClaimHelpers.GetIsApiKey(HttpContext.User)
                ? "apikey"
                : ClaimHelpers.GetVersion(HttpContext.User) ?? "unknown-version";

            return(clientName, clientVersion);
        }
        /// <summary>
        /// Validate authenticated claims.
        /// </summary>
        /// <param name="claimsPrincipal">Request claims.</param>
        /// <param name="ignoreSchedule">Whether to ignore parental control.</param>
        /// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
        /// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
        /// <returns>Validated claim status.</returns>
        protected bool ValidateClaims(
            ClaimsPrincipal claimsPrincipal,
            bool ignoreSchedule             = false,
            bool localAccessOnly            = false,
            bool requiredDownloadPermission = false)
        {
            // ApiKey is currently global admin, always allow.
            var isApiKey = ClaimHelpers.GetIsApiKey(claimsPrincipal);

            if (isApiKey)
            {
                return(true);
            }

            // Ensure claim has userId.
            var userId = ClaimHelpers.GetUserId(claimsPrincipal);

            if (!userId.HasValue)
            {
                return(false);
            }

            // Ensure userId links to a valid user.
            var user = _userManager.GetUserById(userId.Value);

            if (user == null)
            {
                return(false);
            }

            // Ensure user is not disabled.
            if (user.HasPermission(PermissionKind.IsDisabled))
            {
                return(false);
            }

            var isInLocalNetwork = _httpContextAccessor.HttpContext != null &&
                                   _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());

            // User cannot access remotely and user is remote
            if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
            {
                return(false);
            }

            if (localAccessOnly && !isInLocalNetwork)
            {
                return(false);
            }

            // User attempting to access out of parental control hours.
            if (!ignoreSchedule &&
                !user.HasPermission(PermissionKind.IsAdministrator) &&
                !user.IsParentalScheduleAllowed())
            {
                return(false);
            }

            // User attempting to download without permission.
            if (requiredDownloadPermission &&
                !user.HasPermission(PermissionKind.EnableContentDownloading))
            {
                return(false);
            }

            return(true);
        }