authorization: add 'force_logins' option
When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration. Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This commit is contained in:
parent
6b9a3c656d
commit
dca7bd51cd
|
@ -71,6 +71,7 @@ class Authorization:
|
||||||
def __init__(self, config: ConfigHelper) -> None:
|
def __init__(self, config: ConfigHelper) -> None:
|
||||||
self.server = config.get_server()
|
self.server = config.get_server()
|
||||||
self.login_timeout = config.getint('login_timeout', 90)
|
self.login_timeout = config.getint('login_timeout', 90)
|
||||||
|
self.force_logins = config.getboolean('force_logins', False)
|
||||||
database: DBComp = self.server.lookup_component('database')
|
database: DBComp = self.server.lookup_component('database')
|
||||||
database.register_local_namespace('authorized_users', forbidden=True)
|
database.register_local_namespace('authorized_users', forbidden=True)
|
||||||
self.users = database.wrap_namespace('authorized_users')
|
self.users = database.wrap_namespace('authorized_users')
|
||||||
|
@ -533,6 +534,11 @@ class Authorization:
|
||||||
if key and key == self.api_key:
|
if key and key == self.api_key:
|
||||||
return self.users[API_USER]
|
return self.users[API_USER]
|
||||||
|
|
||||||
|
# If the force_logins option is enabled and at least one
|
||||||
|
# user is created this is an unauthorized request
|
||||||
|
if self.force_logins and len(self.users) > 1:
|
||||||
|
raise HTTPError(401, "Unauthorized")
|
||||||
|
|
||||||
# Check if IP is trusted
|
# Check if IP is trusted
|
||||||
trusted_user = self._check_trusted_connection(ip)
|
trusted_user = self._check_trusted_connection(ip)
|
||||||
if trusted_user is not None:
|
if trusted_user is not None:
|
||||||
|
|
Loading…
Reference in New Issue