license lockout handling code for when db has more active users than license allows for
This commit is contained in:
@@ -68,6 +68,9 @@ namespace AyaNova.Api.Controllers
|
||||
public async Task<IActionResult> PostCreds([FromBody] AuthController.CredentialsParam creds) //if was a json body then //public JsonResult PostCreds([FromBody] string login, [FromBody] string password)
|
||||
{
|
||||
|
||||
//NOTE: lockout or other login impacting state is processed later in ReturnUserCredsOnSuccessfulAuthentication() because many of those states need to have exceptions once the user is known
|
||||
//or return alternate result of auth etc
|
||||
|
||||
|
||||
#if (DEBUG)
|
||||
|
||||
@@ -160,25 +163,6 @@ namespace AyaNova.Api.Controllers
|
||||
if (hashed == u.Password)
|
||||
{
|
||||
|
||||
//LOCKOUT??
|
||||
//done here because we need to know the user in case there is an exception (superuser)
|
||||
//a bit different as ops users can still login if the state is opsonly
|
||||
//so the only real barrier here would be a completely closed api
|
||||
|
||||
//Is the server completely closed?? If so only the Super user can login
|
||||
if (serverState.IsClosed && u.Id != 1)
|
||||
{
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
}
|
||||
|
||||
//not sure if key needs attention is relevant as closed is closed
|
||||
// if (u.Id!=1 && serverState.IsClosed && AyaNova.Core.License.ActiveKey.KeyDoesNotNeedAttention)
|
||||
// {
|
||||
// //can't login as *any* user due to some issue not license key related
|
||||
// return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
// }
|
||||
|
||||
|
||||
|
||||
//TWO FACTOR ENABLED??
|
||||
//if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
||||
@@ -286,9 +270,13 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
|
||||
|
||||
|
||||
//return creds and or process lockout handling here
|
||||
private async Task<IActionResult> ReturnUserCredsOnSuccessfulAuthentication(User u)
|
||||
{
|
||||
|
||||
bool licenseLockout = false;
|
||||
//check if server available to SuperUser account only (closed or migrate mode)
|
||||
//if it is it means we got here either because there is no license
|
||||
//and only *the* SuperUser account can login now or we're in migrate mode
|
||||
@@ -300,12 +288,19 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
}
|
||||
else
|
||||
{
|
||||
if (serverState.Reason.Contains("E1020"))
|
||||
{
|
||||
licenseLockout = true;//this could be an expired license or user count exceeded capacity so flag to client on login so superuser can fix it
|
||||
}
|
||||
}
|
||||
}
|
||||
//Restrict auth due to server state?
|
||||
//If we're here the server state is not closed, but it might be ops only
|
||||
//If we're here it's the superuser or the server state is not closed, but it might be ops only
|
||||
|
||||
//If the server is ops only then this user needs to be ops or else they are not allowed in
|
||||
if (serverState.IsOpsOnly &&
|
||||
if ((u.Id != 1) && serverState.IsOpsOnly &&
|
||||
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdmin) &&
|
||||
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminRestricted))
|
||||
{
|
||||
@@ -392,7 +387,8 @@ namespace AyaNova.Api.Controllers
|
||||
usertype = u.UserType,
|
||||
roles = ((int)u.Roles).ToString(),
|
||||
dlt = DownloadToken,
|
||||
tfa = u.TwoFactorEnabled
|
||||
tfa = u.TwoFactorEnabled,
|
||||
l = licenseLockout
|
||||
}));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user