This commit is contained in:
@@ -676,7 +676,7 @@ namespace AyaNova.Api.Controllers
|
||||
{ "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
|
||||
{ "iss", "ayanova.com" },
|
||||
{ "id", "1"},
|
||||
{ "int","1" }
|
||||
{ "j","1" }
|
||||
};
|
||||
return Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
|
||||
}
|
||||
|
||||
@@ -257,7 +257,7 @@ namespace AyaNova
|
||||
//so in that case users need to specify an AyaNova_JWT_SECRET environment variable
|
||||
if (string.IsNullOrWhiteSpace(secretKey))
|
||||
{
|
||||
_newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details.");
|
||||
_newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details.");
|
||||
secretKey = Util.Hasher.GenerateSalt();
|
||||
}
|
||||
//WAS "UNLICENSED5G*QQJ8#bQ7$Xr_@sXfHq4"
|
||||
@@ -469,7 +469,7 @@ namespace AyaNova
|
||||
context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
|
||||
context.Request.HttpContext.Items["AY_USER_TYPE"] = u.UserType;
|
||||
|
||||
var currentAuthToken=u.currentAuthToken;
|
||||
var currentAuthToken = u.currentAuthToken;
|
||||
|
||||
//turned out didn't need this for v8 migrate so far, but keeping in case it turns out to be handy down the road
|
||||
// //Is import mode header set?
|
||||
@@ -484,6 +484,21 @@ namespace AyaNova
|
||||
u.currentAuthToken != JWT
|
||||
)//except "/api/v8/auth" and prelogin notify/hello routes so user can login
|
||||
{
|
||||
|
||||
//It may be a local report render request from a job
|
||||
if (context.Request.Host.Host == "127.0.0.1")
|
||||
{
|
||||
//check if token has j value set
|
||||
if (context.Request.IsLocal())
|
||||
{
|
||||
if (context.User.Claims.FirstOrDefault(c => c.Type == "j") != null)
|
||||
{
|
||||
//it's a local request, the jwt already passed earlier so we issued it and it has the correct claim set so allow it
|
||||
await next.Invoke();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
context.Response.StatusCode = 401;
|
||||
context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2004 - Authorization token replaced by more recent login");
|
||||
await context.Response.WriteAsync("E2004 - Authorization token replaced by more recent login");
|
||||
@@ -610,7 +625,7 @@ namespace AyaNova
|
||||
AyaNova.Core.License.FetchKeyAsync(apiServerState, dbContext, _newLog, true, true).Wait();
|
||||
var seed = new Util.Seeder();
|
||||
seed.SeedDatabaseAsync(Seeder.Level.StringToSeedLevel(ServerBootConfig.AYANOVA_SERVER_TEST_MODE_SEEDLEVEL), ServerBootConfig.AYANOVA_SERVER_TEST_MODE_TZ_OFFSET).Wait();
|
||||
// _newLog.LogInformation("Seeding completed");
|
||||
// _newLog.LogInformation("Seeding completed");
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user