From dca7bd51cd2fe7dfa0fe6d5c8848e6cad1080460 Mon Sep 17 00:00:00 2001
From: Arksine <arksine.code@gmail.com>
Date: Wed, 19 May 2021 19:05:48 -0400
Subject: [PATCH] authorization:  add 'force_logins' option

When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
---
 moonraker/components/authorization.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index 5861351..a5b0d53 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -71,6 +71,7 @@ class Authorization:
     def __init__(self, config: ConfigHelper) -> None:
         self.server = config.get_server()
         self.login_timeout = config.getint('login_timeout', 90)
+        self.force_logins = config.getboolean('force_logins', False)
         database: DBComp = self.server.lookup_component('database')
         database.register_local_namespace('authorized_users', forbidden=True)
         self.users = database.wrap_namespace('authorized_users')
@@ -533,6 +534,11 @@ class Authorization:
         if key and key == self.api_key:
             return self.users[API_USER]
 
+        # If the force_logins option is enabled and at least one
+        # user is created this is an unauthorized request
+        if self.force_logins and len(self.users) > 1:
+            raise HTTPError(401, "Unauthorized")
+
         # Check if IP is trusted
         trusted_user = self._check_trusted_connection(ip)
         if trusted_user is not None: