authorization: add 'force_logins' option

When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.

Signed-off-by:  Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
Arksine 2021-05-19 19:05:48 -04:00
parent 6b9a3c656d
commit dca7bd51cd
1 changed files with 6 additions and 0 deletions

View File

@ -71,6 +71,7 @@ class Authorization:
def __init__(self, config: ConfigHelper) -> None: def __init__(self, config: ConfigHelper) -> None:
self.server = config.get_server() self.server = config.get_server()
self.login_timeout = config.getint('login_timeout', 90) self.login_timeout = config.getint('login_timeout', 90)
self.force_logins = config.getboolean('force_logins', False)
database: DBComp = self.server.lookup_component('database') database: DBComp = self.server.lookup_component('database')
database.register_local_namespace('authorized_users', forbidden=True) database.register_local_namespace('authorized_users', forbidden=True)
self.users = database.wrap_namespace('authorized_users') self.users = database.wrap_namespace('authorized_users')
@ -533,6 +534,11 @@ class Authorization:
if key and key == self.api_key: if key and key == self.api_key:
return self.users[API_USER] return self.users[API_USER]
# If the force_logins option is enabled and at least one
# user is created this is an unauthorized request
if self.force_logins and len(self.users) > 1:
raise HTTPError(401, "Unauthorized")
# Check if IP is trusted # Check if IP is trusted
trusted_user = self._check_trusted_connection(ip) trusted_user = self._check_trusted_connection(ip)
if trusted_user is not None: if trusted_user is not None: