This commit is contained in:
2022-03-04 19:03:57 +00:00
parent 1e7369382e
commit 9f02542244
2 changed files with 19 additions and 4 deletions

View File

@@ -676,7 +676,7 @@ namespace AyaNova.Api.Controllers
{ "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
{ "iss", "ayanova.com" }, { "iss", "ayanova.com" },
{ "id", "1"}, { "id", "1"},
{ "int","1" } { "j","1" }
}; };
return Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256); return Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
} }

View File

@@ -469,7 +469,7 @@ namespace AyaNova
context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId; context.Request.HttpContext.Items["AY_TRANSLATION_ID"] = u.translationId;
context.Request.HttpContext.Items["AY_USER_TYPE"] = u.UserType; context.Request.HttpContext.Items["AY_USER_TYPE"] = u.UserType;
var currentAuthToken=u.currentAuthToken; var currentAuthToken = u.currentAuthToken;
//turned out didn't need this for v8 migrate so far, but keeping in case it turns out to be handy down the road //turned out didn't need this for v8 migrate so far, but keeping in case it turns out to be handy down the road
// //Is import mode header set? // //Is import mode header set?
@@ -484,6 +484,21 @@ namespace AyaNova
u.currentAuthToken != JWT u.currentAuthToken != JWT
)//except "/api/v8/auth" and prelogin notify/hello routes so user can login )//except "/api/v8/auth" and prelogin notify/hello routes so user can login
{ {
//It may be a local report render request from a job
if (context.Request.Host.Host == "127.0.0.1")
{
//check if token has j value set
if (context.Request.IsLocal())
{
if (context.User.Claims.FirstOrDefault(c => c.Type == "j") != null)
{
//it's a local request, the jwt already passed earlier so we issued it and it has the correct claim set so allow it
await next.Invoke();
}
}
}
context.Response.StatusCode = 401; context.Response.StatusCode = 401;
context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2004 - Authorization token replaced by more recent login"); context.Response.Headers.Add("X-AyaNova-Authorization-Error", "E2004 - Authorization token replaced by more recent login");
await context.Response.WriteAsync("E2004 - Authorization token replaced by more recent login"); await context.Response.WriteAsync("E2004 - Authorization token replaced by more recent login");