authorization: don't raise config errors

Don't raise an exception if the default source is incorrect as this
disables authorization.  Fallback to moonraker.  When supplied an
invalid CORS domain warn the user and skip adding it to the list.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Eric Callahan 2024-01-27 19:46:52 -05:00
parent 43efe40cd8
commit c756a9029a
No known key found for this signature in database
GPG Key ID: 5A1EB336DFB4C71B
1 changed files with 12 additions and 6 deletions

View File

@ -82,10 +82,12 @@ class Authorization:
self.failed_logins: Dict[IPAddr, int] = {} self.failed_logins: Dict[IPAddr, int] = {}
self.fqdn_cache: Dict[IPAddr, Dict[str, Any]] = {} self.fqdn_cache: Dict[IPAddr, Dict[str, Any]] = {}
if self.default_source not in AUTH_SOURCES: if self.default_source not in AUTH_SOURCES:
raise config.error( self.server.add_warning(
"[authorization]: option 'default_source' - Invalid " "[authorization]: option 'default_source' - Invalid "
f"value '{self.default_source}'" f"value '{self.default_source}', falling back to "
"'moonraker'."
) )
self.default_source = "moonraker"
self.ldap: Optional[MoonrakerLDAP] = None self.ldap: Optional[MoonrakerLDAP] = None
if config.has_section("ldap"): if config.has_section("ldap"):
self.ldap = self.server.load_component(config, "ldap", None) self.ldap = self.server.load_component(config, "ldap", None)
@ -158,14 +160,18 @@ class Authorization:
for domain in config.getlist('cors_domains', []): for domain in config.getlist('cors_domains', []):
bad_match = re.search(r"^.+\.[^:]*\*", domain) bad_match = re.search(r"^.+\.[^:]*\*", domain)
if bad_match is not None: if bad_match is not None:
raise config.error( self.server.add_warning(
f"Unsafe CORS Domain '{domain}'. Wildcards are not" f"[authorization]: Unsafe domain '{domain}' in option "
" permitted in the top level domain.") f"'cors_domains'. Wildcards are not permitted in the"
" top level domain."
)
continue
if domain.endswith("/"): if domain.endswith("/"):
self.server.add_warning( self.server.add_warning(
f"[authorization]: Invalid domain '{domain}' in option " f"[authorization]: Invalid domain '{domain}' in option "
"'cors_domains'. Domain's cannot contain a trailing " "'cors_domains'. Domain's cannot contain a trailing "
"slash.") "slash."
)
else: else:
self.cors_domains.append( self.cors_domains.append(
domain.replace(".", "\\.").replace("*", ".*")) domain.replace(".", "\\.").replace("*", ".*"))