From 4b876f54cae7f323b50edccae83b02543c6e35c7 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 10 Jun 2020 13:33:38 +0000
Subject: [PATCH]

---
 devdocs/todo.txt                             |  3 ++-
 server/AyaNova/Controllers/AuthController.cs | 18 +++++++++++++++++-
 server/AyaNova/util/License.cs               | 15 +++++++++++++--
 3 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index 8b5c9310..5aa3802e 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -95,7 +95,8 @@ todo: RAVEN new job LicenseCheck
 
 
 
-
+TODO: do I really need to not log IP addresses on login?
+	check privacy stuff, this seems necessary for security
 
 
 TODO: restrict server so randos can't login since the client now has all the logins helpfully pre-loaded on it
diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index 25ba7360..b1c7460d 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -64,8 +64,12 @@ namespace AyaNova.Api.Controllers
         {
             //a bit different as ops users can still login if the state is opsonly 
             //so the only real barrier here would be a completely closed api
-            if (serverState.IsClosed)
+
+
+            if (serverState.IsClosed && AyaNova.Core.License.ActiveKey.IsLicensed)
+            {                            
                 return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
 
             int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
 
@@ -160,6 +164,18 @@ namespace AyaNova.Api.Controllers
                 string hashed = Hasher.hash(u.Salt, creds.Password);
                 if (hashed == u.Password)
                 {
+                    //Valid password, user is effectively authorized at this point
+
+                    //check if server closed
+                    //if it is it means we got here only because there is no license 
+                    //and only *the* manager account can login now
+                    if(serverState.IsClosed){
+                        //if not manager account then boot closed
+                        //manager account is always ID 1
+                        if(u.Id!=1){
+                             return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+                        }
+                    }
                     //Restrict auth due to server state?
                     //If we're here the server state is not closed, but it might be ops only
 
diff --git a/server/AyaNova/util/License.cs b/server/AyaNova/util/License.cs
index c44a48da..be5f20eb 100644
--- a/server/AyaNova/util/License.cs
+++ b/server/AyaNova/util/License.cs
@@ -27,8 +27,8 @@ namespace AyaNova.Core
     {
 
         //License server address
-      //  private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
-         private const string LICENSE_SERVER_URL = "http://localhost:3001/";
+        //  private const string LICENSE_SERVER_URL = "https://rockfish.ayanova.com/";
+        private const string LICENSE_SERVER_URL = "http://localhost:3001/";
 
         //Scheduleable users 
         private const string SERVICE_TECHS_FEATURE_NAME = "ServiceTechs";
@@ -130,6 +130,17 @@ namespace AyaNova.Core
                 return false;
             }
 
+            //Has any kind of valid license that is active
+            //used for auth route checking to allow for fixing this issue
+            public bool IsLicensed
+            {
+                get
+                {
+                    return !IsEmpty && !LicenseExpired;
+                }
+
+            }
+
             public bool IsEmpty
             {
                 get