license lockout handling code for when db has more active users than license allows for
This commit is contained in:
@@ -68,6 +68,9 @@ namespace AyaNova.Api.Controllers
|
|||||||
public async Task<IActionResult> PostCreds([FromBody] AuthController.CredentialsParam creds) //if was a json body then //public JsonResult PostCreds([FromBody] string login, [FromBody] string password)
|
public async Task<IActionResult> PostCreds([FromBody] AuthController.CredentialsParam creds) //if was a json body then //public JsonResult PostCreds([FromBody] string login, [FromBody] string password)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
//NOTE: lockout or other login impacting state is processed later in ReturnUserCredsOnSuccessfulAuthentication() because many of those states need to have exceptions once the user is known
|
||||||
|
//or return alternate result of auth etc
|
||||||
|
|
||||||
|
|
||||||
#if (DEBUG)
|
#if (DEBUG)
|
||||||
|
|
||||||
@@ -160,25 +163,6 @@ namespace AyaNova.Api.Controllers
|
|||||||
if (hashed == u.Password)
|
if (hashed == u.Password)
|
||||||
{
|
{
|
||||||
|
|
||||||
//LOCKOUT??
|
|
||||||
//done here because we need to know the user in case there is an exception (superuser)
|
|
||||||
//a bit different as ops users can still login if the state is opsonly
|
|
||||||
//so the only real barrier here would be a completely closed api
|
|
||||||
|
|
||||||
//Is the server completely closed?? If so only the Super user can login
|
|
||||||
if (serverState.IsClosed && u.Id != 1)
|
|
||||||
{
|
|
||||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
|
||||||
}
|
|
||||||
|
|
||||||
//not sure if key needs attention is relevant as closed is closed
|
|
||||||
// if (u.Id!=1 && serverState.IsClosed && AyaNova.Core.License.ActiveKey.KeyDoesNotNeedAttention)
|
|
||||||
// {
|
|
||||||
// //can't login as *any* user due to some issue not license key related
|
|
||||||
// return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
|
||||||
// }
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//TWO FACTOR ENABLED??
|
//TWO FACTOR ENABLED??
|
||||||
//if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
//if 2fa enabled then need to validate it before sending token, so we're halfway there and need to send a 2fa prompt
|
||||||
@@ -286,9 +270,13 @@ namespace AyaNova.Api.Controllers
|
|||||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
//return creds and or process lockout handling here
|
||||||
private async Task<IActionResult> ReturnUserCredsOnSuccessfulAuthentication(User u)
|
private async Task<IActionResult> ReturnUserCredsOnSuccessfulAuthentication(User u)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
bool licenseLockout = false;
|
||||||
//check if server available to SuperUser account only (closed or migrate mode)
|
//check if server available to SuperUser account only (closed or migrate mode)
|
||||||
//if it is it means we got here either because there is no license
|
//if it is it means we got here either because there is no license
|
||||||
//and only *the* SuperUser account can login now or we're in migrate mode
|
//and only *the* SuperUser account can login now or we're in migrate mode
|
||||||
@@ -300,12 +288,19 @@ namespace AyaNova.Api.Controllers
|
|||||||
{
|
{
|
||||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (serverState.Reason.Contains("E1020"))
|
||||||
|
{
|
||||||
|
licenseLockout = true;//this could be an expired license or user count exceeded capacity so flag to client on login so superuser can fix it
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
//Restrict auth due to server state?
|
//Restrict auth due to server state?
|
||||||
//If we're here the server state is not closed, but it might be ops only
|
//If we're here it's the superuser or the server state is not closed, but it might be ops only
|
||||||
|
|
||||||
//If the server is ops only then this user needs to be ops or else they are not allowed in
|
//If the server is ops only then this user needs to be ops or else they are not allowed in
|
||||||
if (serverState.IsOpsOnly &&
|
if ((u.Id != 1) && serverState.IsOpsOnly &&
|
||||||
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdmin) &&
|
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdmin) &&
|
||||||
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminRestricted))
|
!u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminRestricted))
|
||||||
{
|
{
|
||||||
@@ -392,7 +387,8 @@ namespace AyaNova.Api.Controllers
|
|||||||
usertype = u.UserType,
|
usertype = u.UserType,
|
||||||
roles = ((int)u.Roles).ToString(),
|
roles = ((int)u.Roles).ToString(),
|
||||||
dlt = DownloadToken,
|
dlt = DownloadToken,
|
||||||
tfa = u.TwoFactorEnabled
|
tfa = u.TwoFactorEnabled,
|
||||||
|
l = licenseLockout
|
||||||
}));
|
}));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user