diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index a128e9dd..e034e910 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -676,7 +676,7 @@ namespace AyaNova.Api.Controllers { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard { "iss", "ayanova.com" }, { "id", "1"}, - { "int","1" } + { "j","1" } }; return Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256); } diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs index 1ddaa04b..7f27e33f 100644 --- a/server/AyaNova/Startup.cs +++ b/server/AyaNova/Startup.cs @@ -257,7 +257,7 @@ namespace AyaNova //so in that case users need to specify an AyaNova_JWT_SECRET environment variable if (string.IsNullOrWhiteSpace(secretKey)) { - _newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details."); + _newLog.LogWarning("AYANOVA_JWT_SECRET configuration setting is missing; AyaNova will randomly generate one. Any Users who were logged in when the server restarted will need to login to get a fresh auth token. See manual 'AYANOVA_JWT_SECRET' page for details."); secretKey = Util.Hasher.GenerateSalt(); } //WAS "UNLICENSED5G*QQJ8#bQ7$Xr_@sXfHq4" @@ -469,7 +469,7 @@ namespace AyaNova context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId; context.Request.HttpContext.Items["AY_USER_TYPE"] = u.UserType; - var currentAuthToken=u.currentAuthToken; + var currentAuthToken = u.currentAuthToken; //turned out didn't need this for v8 migrate so far, but keeping in case it turns out to be handy down the road // //Is import mode header set? @@ -484,6 +484,21 @@ namespace AyaNova u.currentAuthToken != JWT )//except "/api/v8/auth" and prelogin notify/hello routes so user can login { + + //It may be a local report render request from a job + if (context.Request.Host.Host == "127.0.0.1") + { + //check if token has j value set + if (context.Request.IsLocal()) + { + if (context.User.Claims.FirstOrDefault(c => c.Type == "j") != null) + { + //it's a local request, the jwt already passed earlier so we issued it and it has the correct claim set so allow it + await next.Invoke(); + } + } + } + context.Response.StatusCode = 401; context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2004 - Authorization token replaced by more recent login"); await context.Response.WriteAsync("E2004 - Authorization token replaced by more recent login"); @@ -610,7 +625,7 @@ namespace AyaNova AyaNova.Core.License.FetchKeyAsync(apiServerState, dbContext, _newLog, true, true).Wait(); var seed = new Util.Seeder(); seed.SeedDatabaseAsync(Seeder.Level.StringToSeedLevel(ServerBootConfig.AYANOVA_SERVER_TEST_MODE_SEEDLEVEL), ServerBootConfig.AYANOVA_SERVER_TEST_MODE_TZ_OFFSET).Wait(); - // _newLog.LogInformation("Seeding completed"); + // _newLog.LogInformation("Seeding completed"); } #endif