diff options
| author | Grant Limberg <[email protected]> | 2021-06-04 09:46:31 -0700 |
|---|---|---|
| committer | Grant Limberg <[email protected]> | 2021-06-04 09:46:31 -0700 |
| commit | 287c19e8221cf214de398b3c748dcdb4f6bda32d (patch) | |
| tree | 524f95d5d93f720ee32ab52a5009c0c031df4d7c /controller/EmbeddedNetworkController.cpp | |
| parent | bc901d613d7b8f483d0c2b88a302f61270ca4944 (diff) | |
move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not
Diffstat (limited to 'controller/EmbeddedNetworkController.cpp')
| -rw-r--r-- | controller/EmbeddedNetworkController.cpp | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp index 06bcef2a..f7dede94 100644 --- a/controller/EmbeddedNetworkController.cpp +++ b/controller/EmbeddedNetworkController.cpp @@ -1331,6 +1331,20 @@ void EmbeddedNetworkController::_request( // Otherwise no, we use standard auth logic. bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false); bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false); + + if (networkSSOEnabled && !memberSSOExempt) { + int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0); + if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) { + Dictionary<1024> authInfo; + std::string authenticationURL = _db.getSSOAuthURL(member); + if (!authenticationURL.empty()) { + authInfo.add("aU", authenticationURL.c_str()); + } + _sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes()); + return; + } + } + if (authorized) { // Update version info and meta-data if authorized and if this is a genuine request if (requestPacketId) { @@ -1355,22 +1369,9 @@ void EmbeddedNetworkController::_request( ms.lastRequestMetaData = metaData; ms.identity = identity; } - } - - if (networkSSOEnabled && !memberSSOExempt) { - int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0); - if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) { - Dictionary<1024> authInfo; - std::string authenticationURL = _db.getSSOAuthURL(member); - if (!authenticationURL.empty()) { - authInfo.add("aU", authenticationURL.c_str()); - } - _sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes()); - return; - } - } - + } } else { + // If they are not authorized, STOP! DB::cleanMember(member); _db.save(member,true); |