public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes) { var req = new WebSocketSharpRequest(request, null, request.Path, _logger); var user = ValidateUser(req, authAttributes); return(user); }
private void ValidateUserAccess(User user, IRequest request, IAuthenticationAttributes authAttribtues, AuthorizationInfo auth) { if (user.Policy.IsDisabled) { throw new SecurityException("User account has been disabled.") { SecurityExceptionType = SecurityExceptionType.Unauthenticated }; } if (!user.Policy.EnableRemoteAccess && !NetworkManager.IsInLocalNetwork(request.RemoteIp)) { throw new SecurityException("User account has been disabled.") { SecurityExceptionType = SecurityExceptionType.Unauthenticated }; } if (!user.Policy.IsAdministrator && !authAttribtues.EscapeParentalControl && !user.IsParentalScheduleAllowed()) { request.Response.AddHeader("X-Application-Error-Code", "ParentalControl"); throw new SecurityException("This user account is not allowed access at this time.") { SecurityExceptionType = SecurityExceptionType.ParentalControl }; } }
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request, AuthenticationInfo tokenInfo) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return(true); } if (authAttribtues.AllowLocal && request.IsLocal) { return(true); } if (authAttribtues.AllowLocalOnly && request.IsLocal) { return(true); } if (string.IsNullOrEmpty(auth.Token)) { return(true); } if (tokenInfo != null && tokenInfo.UserId.Equals(Guid.Empty)) { return(true); } return(false); }
private void ValidateUserAccess( User user, IRequest request, IAuthenticationAttributes authAttributes, AuthorizationInfo auth) { if (user.HasPermission(PermissionKind.IsDisabled)) { throw new SecurityException("User account has been disabled."); } if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !_networkManager.IsInLocalNetwork(request.RemoteIp)) { throw new SecurityException("User account has been disabled."); } if (!user.HasPermission(PermissionKind.IsAdministrator) && !authAttributes.EscapeParentalControl && !user.IsParentalScheduleAllowed()) { request.Response.Headers.Add("X-Application-Error-Code", "ParentalControl"); throw new SecurityException("This user account is not allowed access at this time."); } }
private void ValidateUserAccess(User user, IServiceRequest request, IAuthenticationAttributes authAttribtues, AuthorizationInfo auth) { if (user.Policy.IsDisabled) { throw new SecurityException("User account has been disabled.") { SecurityExceptionType = SecurityExceptionType.Unauthenticated }; } if (!user.Policy.IsAdministrator && !authAttribtues.EscapeParentalControl && !user.IsParentalScheduleAllowed()) { request.AddResponseHeader("X-Application-Error-Code", "ParentalControl"); throw new SecurityException("This user account is not allowed access at this time.") { SecurityExceptionType = SecurityExceptionType.ParentalControl }; } if (!string.IsNullOrWhiteSpace(auth.DeviceId)) { if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId)) { throw new SecurityException("User is not allowed access from this device.") { SecurityExceptionType = SecurityExceptionType.ParentalControl }; } } }
private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return(true); } return(false); }
private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return(true); } return(_config.Configuration.InsecureApps7.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase)); }
private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues) { // This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(request); if (!IsExemptFromAuthenticationToken(auth, authAttribtues, request)) { var valid = IsValidConnectKey(auth.Token); if (!valid) { ValidateSecurityToken(request, auth.Token); } } if (authAttribtues.AllowLocalOnly && !request.IsLocal) { throw new SecurityException("Operation not found."); } var user = auth.User; if (user == null & !auth.UserId.Equals(Guid.Empty)) { throw new SecurityException("User with Id " + auth.UserId + " not found"); } if (user != null) { ValidateUserAccess(user, request, authAttribtues, auth); } var info = GetTokenInfo(request); if (!IsExemptFromRoles(auth, authAttribtues, request, info)) { var roles = authAttribtues.GetRoles(); ValidateRoles(roles, user); } if (!string.IsNullOrEmpty(auth.DeviceId) && !string.IsNullOrEmpty(auth.Client) && !string.IsNullOrEmpty(auth.Device)) { SessionManager.LogSessionActivity(auth.Client, auth.Version, auth.DeviceId, auth.Device, request.RemoteIp, user); } }
private void ValidateUser(IServiceRequest request, IAuthenticationAttributes authAttribtues) { // This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(request); if (!IsExemptFromAuthenticationToken(auth, authAttribtues)) { var valid = IsValidConnectKey(auth.Token); if (!valid) { ValidateSecurityToken(request, auth.Token); } } var user = string.IsNullOrWhiteSpace(auth.UserId) ? null : UserManager.GetUserById(auth.UserId); if (user == null & !string.IsNullOrWhiteSpace(auth.UserId)) { throw new SecurityException("User with Id " + auth.UserId + " not found"); } if (user != null) { ValidateUserAccess(user, request, authAttribtues, auth); } var info = GetTokenInfo(request); if (!IsExemptFromRoles(auth, authAttribtues, info)) { var roles = authAttribtues.GetRoles().ToList(); ValidateRoles(roles, user); } if (!string.IsNullOrWhiteSpace(auth.DeviceId) && !string.IsNullOrWhiteSpace(auth.Client) && !string.IsNullOrWhiteSpace(auth.Device)) { SessionManager.LogSessionActivity(auth.Client, auth.Version, auth.DeviceId, auth.Device, request.RemoteIp, user); } }
private bool IsExemptFromAuthenticationToken(IAuthenticationAttributes authAttribtues, IRequest request) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return(true); } if (authAttribtues.AllowLocal && request.IsLocal) { return(true); } if (authAttribtues.AllowLocalOnly && request.IsLocal) { return(true); } return(false); }
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return(true); } if (string.IsNullOrWhiteSpace(auth.Token)) { return(true); } if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId)) { return(true); } return(false); }
public void Authenticate(IServiceRequest request, IAuthenticationAttributes authAttribtues) { ValidateUser(request, authAttribtues); }
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return true; } if (string.IsNullOrWhiteSpace(auth.Token)) { return true; } if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId)) { return true; } return false; }
private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return true; } return _config.Configuration.InsecureApps9.Contains(auth.Client ?? string.Empty, StringComparer.OrdinalIgnoreCase); }
private void ValidateUser(IServiceRequest request, IAuthenticationAttributes authAttribtues) { // This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(request); if (!IsExemptFromAuthenticationToken(auth, authAttribtues)) { var valid = IsValidConnectKey(auth.Token); if (!valid) { ValidateSecurityToken(request, auth.Token); } } var user = string.IsNullOrWhiteSpace(auth.UserId) ? null : UserManager.GetUserById(auth.UserId); if (user == null & !string.IsNullOrWhiteSpace(auth.UserId)) { throw new SecurityException("User with Id " + auth.UserId + " not found"); } if (user != null) { if (user.Configuration.IsDisabled) { throw new SecurityException("User account has been disabled.") { SecurityExceptionType = SecurityExceptionType.Unauthenticated }; } if (!user.Configuration.IsAdministrator && !authAttribtues.EscapeParentalControl && !user.IsParentalScheduleAllowed()) { request.AddResponseHeader("X-Application-Error-Code", "ParentalControl"); throw new SecurityException("This user account is not allowed access at this time.") { SecurityExceptionType = SecurityExceptionType.ParentalControl }; } } if (!IsExemptFromRoles(auth, authAttribtues)) { var roles = authAttribtues.GetRoles().ToList(); ValidateRoles(roles, user); } if (!string.IsNullOrWhiteSpace(auth.DeviceId) && !string.IsNullOrWhiteSpace(auth.Client) && !string.IsNullOrWhiteSpace(auth.Device)) { SessionManager.LogSessionActivity(auth.Client, auth.Version, auth.DeviceId, auth.Device, request.RemoteIp, user); } }
private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return true; } return false; }