This commit is contained in:
@@ -64,8 +64,12 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
//a bit different as ops users can still login if the state is opsonly
|
||||
//so the only real barrier here would be a completely closed api
|
||||
if (serverState.IsClosed)
|
||||
|
||||
|
||||
if (serverState.IsClosed && AyaNova.Core.License.ActiveKey.IsLicensed)
|
||||
{
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
}
|
||||
|
||||
int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
|
||||
|
||||
@@ -160,6 +164,18 @@ namespace AyaNova.Api.Controllers
|
||||
string hashed = Hasher.hash(u.Salt, creds.Password);
|
||||
if (hashed == u.Password)
|
||||
{
|
||||
//Valid password, user is effectively authorized at this point
|
||||
|
||||
//check if server closed
|
||||
//if it is it means we got here only because there is no license
|
||||
//and only *the* manager account can login now
|
||||
if(serverState.IsClosed){
|
||||
//if not manager account then boot closed
|
||||
//manager account is always ID 1
|
||||
if(u.Id!=1){
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
}
|
||||
}
|
||||
//Restrict auth due to server state?
|
||||
//If we're here the server state is not closed, but it might be ops only
|
||||
|
||||
|
||||
Reference in New Issue
Block a user