github/Ombi
1
0
Fork 0
mirror of https://github.com/Ombi-app/Ombi.git synced 2025-07-15 09:42:56 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added the ability to impersonate a user when using the API Key. This allows people to use the API and request as a certain user. #2363

Browse source
This commit is contained in:
Jamie Rees 2018-07-04 14:28:01 +01:00
parent c14f603705
commit c6a362bf2b
1 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/Ombi/ApiKeyMiddlewear.cs
View file

@ -94,9 +94,31 @@ namespace Ombi
}
else
{
var identity = new GenericIdentity("API");
var principal = new GenericPrincipal(identity, new[] { "Admin", "ApiUser" });
context.User = principal;
// Check if we have a UserName header if so we can impersonate that user
if (context.Request.Headers.Keys.Contains("UserName", StringComparer.InvariantCultureIgnoreCase))
{
var username = context.Request.Headers["UserName"].FirstOrDefault();
var um = context.RequestServices.GetService<OmbiUserManager>();
var user = await um.Users.FirstOrDefaultAsync(x =>
x.UserName.Equals(username, StringComparison.InvariantCultureIgnoreCase));
if (user == null)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await context.Response.WriteAsync("Invalid User");
await next.Invoke(context);
}
var roles = await um.GetRolesAsync(user);
var identity = new GenericIdentity(user.UserName);
var principal = new GenericPrincipal(identity, roles.ToArray());
context.User = principal;
}
else
{
var identity = new GenericIdentity("API");
var principal = new GenericPrincipal(identity, new[] { "Admin", "ApiUser" });
context.User = principal;
}
await next.Invoke(context);
}
}