mirror of
https://github.com/Ombi-app/Ombi.git
synced 2025-08-20 21:33:15 -07:00
feat: Add the option for header authentication to create users (#4841)
* feat: allow SSO to create new users automatically * feat: apply default user settings to SSO users * feat: add warnings to header auth toggles
This commit is contained in:
Lea
GitHub
parent
a59455eb17
commit
e6c9ce5ad0
6 changed files with 49 additions and 3 deletions
|
|
@ -15,5 +15,6 @@ namespace Ombi.Settings.Settings.Models
|
||||||
public bool EnableOAuth { get; set; } // Plex OAuth
|
public bool EnableOAuth { get; set; } // Plex OAuth
|
||||||
public bool EnableHeaderAuth { get; set; } // Header SSO
|
public bool EnableHeaderAuth { get; set; } // Header SSO
|
||||||
public string HeaderAuthVariable { get; set; } // Header SSO
|
public string HeaderAuthVariable { get; set; } // Header SSO
|
||||||
|
public bool HeaderAuthCreateUser { get; set; } // Header SSO
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -247,6 +247,7 @@ export interface IAuthenticationSettings extends ISettings {
|
||||||
enableOAuth: boolean;
|
enableOAuth: boolean;
|
||||||
enableHeaderAuth: boolean;
|
enableHeaderAuth: boolean;
|
||||||
headerAuthVariable: string;
|
headerAuthVariable: string;
|
||||||
|
headerAuthCreateUser: boolean;
|
||||||
}
|
}
|
||||||
|
|
||||||
export interface ICustomPage extends ISettings {
|
export interface ICustomPage extends ISettings {
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,9 @@
|
||||||
<div class="checkbox">
|
<div class="checkbox">
|
||||||
<mat-slide-toggle id="enableHeaderAuth" name="enableHeaderAuth" formControlName="enableHeaderAuth">Enable Authentication with Header Variable</mat-slide-toggle>
|
<mat-slide-toggle id="enableHeaderAuth" name="enableHeaderAuth" formControlName="enableHeaderAuth">Enable Authentication with Header Variable</mat-slide-toggle>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="alert warning-box">
|
||||||
|
Enabling Header Authentication will allow anyone to bypass authentication unless you are using a properly configured reverse proxy. Use with caution!
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="form-group" *ngIf="form.controls.enableHeaderAuth.value">
|
<div class="form-group" *ngIf="form.controls.enableHeaderAuth.value">
|
||||||
|
|
@ -32,6 +35,15 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group" *ngIf="form.controls.enableHeaderAuth.value">
|
||||||
|
<div class="checkbox">
|
||||||
|
<mat-slide-toggle id="headerAuthCreateUser" name="headerAuthCreateUser" formControlName="headerAuthCreateUser">SSO creates new users automatically</mat-slide-toggle>
|
||||||
|
</div>
|
||||||
|
<div class="alert warning-box" *ngIf="form.controls.headerAuthCreateUser.value">
|
||||||
|
If the user in the Header Authentication variable does not exist, a new user will be created. You can configure the default permissions for new users in the <a target="_blank" href="/Settings/UserManagement">User Management settings</a>.
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div>
|
<div>
|
||||||
|
|
|
||||||
|
|
@ -13,3 +13,10 @@
|
||||||
box-shadow: 0 5px 11px 0 rgba(255, 255, 255, 0.18), 0 4px 15px 0 rgba(255, 255, 255, 0.15);
|
box-shadow: 0 5px 11px 0 rgba(255, 255, 255, 0.18), 0 4px 15px 0 rgba(255, 255, 255, 0.15);
|
||||||
color: inherit;
|
color: inherit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
.warning-box {
|
||||||
|
margin: 16px 0;
|
||||||
|
color: white;
|
||||||
|
background-color: $ombi-background-accent;
|
||||||
|
border-color: $warn;
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@ export class AuthenticationComponent implements OnInit {
|
||||||
enableOAuth: [x.enableOAuth],
|
enableOAuth: [x.enableOAuth],
|
||||||
enableHeaderAuth: [x.enableHeaderAuth],
|
enableHeaderAuth: [x.enableHeaderAuth],
|
||||||
headerAuthVariable: [x.headerAuthVariable],
|
headerAuthVariable: [x.headerAuthVariable],
|
||||||
|
headerAuthCreateUser: [x.headerAuthCreateUser],
|
||||||
});
|
});
|
||||||
this.form.controls.enableHeaderAuth.valueChanges.subscribe(x => {
|
this.form.controls.enableHeaderAuth.valueChanges.subscribe(x => {
|
||||||
if (x) {
|
if (x) {
|
||||||
|
|
|
||||||
|
|
@ -36,13 +36,15 @@ namespace Ombi.Controllers.V1
|
||||||
public class TokenController : ControllerBase
|
public class TokenController : ControllerBase
|
||||||
{
|
{
|
||||||
public TokenController(OmbiUserManager um, ITokenRepository token,
|
public TokenController(OmbiUserManager um, ITokenRepository token,
|
||||||
IPlexOAuthManager oAuthManager, ILogger<TokenController> logger, ISettingsService<AuthenticationSettings> auth)
|
IPlexOAuthManager oAuthManager, ILogger<TokenController> logger, ISettingsService<AuthenticationSettings> auth,
|
||||||
|
ISettingsService<UserManagementSettings> userManagement)
|
||||||
{
|
{
|
||||||
_userManager = um;
|
_userManager = um;
|
||||||
_token = token;
|
_token = token;
|
||||||
_plexOAuthManager = oAuthManager;
|
_plexOAuthManager = oAuthManager;
|
||||||
_log = logger;
|
_log = logger;
|
||||||
_authSettings = auth;
|
_authSettings = auth;
|
||||||
|
_userManagementSettings = userManagement;
|
||||||
}
|
}
|
||||||
|
|
||||||
private readonly ITokenRepository _token;
|
private readonly ITokenRepository _token;
|
||||||
|
|
@ -50,6 +52,7 @@ namespace Ombi.Controllers.V1
|
||||||
private readonly IPlexOAuthManager _plexOAuthManager;
|
private readonly IPlexOAuthManager _plexOAuthManager;
|
||||||
private readonly ILogger<TokenController> _log;
|
private readonly ILogger<TokenController> _log;
|
||||||
private readonly ISettingsService<AuthenticationSettings> _authSettings;
|
private readonly ISettingsService<AuthenticationSettings> _authSettings;
|
||||||
|
private readonly ISettingsService<UserManagementSettings> _userManagementSettings;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Gets the token.
|
/// Gets the token.
|
||||||
|
|
@ -304,9 +307,30 @@ namespace Ombi.Controllers.V1
|
||||||
// Check if user exists
|
// Check if user exists
|
||||||
var user = await _userManager.FindByNameAsync(username);
|
var user = await _userManager.FindByNameAsync(username);
|
||||||
if (user == null)
|
if (user == null)
|
||||||
|
{
|
||||||
|
if (authSettings.HeaderAuthCreateUser)
|
||||||
|
{
|
||||||
|
var defaultSettings = await _userManagementSettings.GetSettingsAsync();
|
||||||
|
user = new OmbiUser {
|
||||||
|
UserName = username,
|
||||||
|
UserType = UserType.LocalUser,
|
||||||
|
StreamingCountry = defaultSettings.DefaultStreamingCountry ?? "US",
|
||||||
|
MovieRequestLimit = defaultSettings.MovieRequestLimit,
|
||||||
|
MovieRequestLimitType = defaultSettings.MovieRequestLimitType,
|
||||||
|
EpisodeRequestLimit = defaultSettings.EpisodeRequestLimit,
|
||||||
|
EpisodeRequestLimitType = defaultSettings.EpisodeRequestLimitType,
|
||||||
|
MusicRequestLimit = defaultSettings.MusicRequestLimit,
|
||||||
|
MusicRequestLimitType = defaultSettings.MusicRequestLimitType,
|
||||||
|
};
|
||||||
|
|
||||||
|
await _userManager.CreateAsync(user);
|
||||||
|
await _userManager.AddToRolesAsync(user, defaultSettings.DefaultRoles);
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
return new UnauthorizedResult();
|
return new UnauthorizedResult();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return await CreateToken(true, user);
|
return await CreateToken(true, user);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue