authorization: add 'force_logins' option

When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
2021-05-19 19:05:48 -04:00 · 2021-05-19 19:05:48 -04:00 · dca7bd51cd
parent 6b9a3c656d
commit dca7bd51cd
1 changed files with 6 additions and 0 deletions
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@ -71,6 +71,7 @@ class Authorization:
    def __init__(self, config: ConfigHelper) -> None:
        self.server = config.get_server()
        self.login_timeout = config.getint('login_timeout', 90)
+        self.force_logins = config.getboolean('force_logins', False)
        database: DBComp = self.server.lookup_component('database')
        database.register_local_namespace('authorized_users', forbidden=True)
        self.users = database.wrap_namespace('authorized_users')
@ -533,6 +534,11 @@ class Authorization:
        if key and key == self.api_key:
            return self.users[API_USER]

+        # If the force_logins option is enabled and at least one
+        # user is created this is an unauthorized request
+        if self.force_logins and len(self.users) > 1:
+            raise HTTPError(401, "Unauthorized")
+
        # Check if IP is trusted
        trusted_user = self._check_trusted_connection(ip)
        if trusted_user is not None: