Added the ability to impersonate a user when using the API Key. This allows people to use the API and request as a certain user. #2363

pull/2383/head
Jamie Rees 6 years ago
parent c14f603705
commit c6a362bf2b

@ -93,10 +93,32 @@ namespace Ombi
await context.Response.WriteAsync("Invalid API Key");
}
else
{
// Check if we have a UserName header if so we can impersonate that user
if (context.Request.Headers.Keys.Contains("UserName", StringComparer.InvariantCultureIgnoreCase))
{
var username = context.Request.Headers["UserName"].FirstOrDefault();
var um = context.RequestServices.GetService<OmbiUserManager>();
var user = await um.Users.FirstOrDefaultAsync(x =>
x.UserName.Equals(username, StringComparison.InvariantCultureIgnoreCase));
if (user == null)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
await context.Response.WriteAsync("Invalid User");
await next.Invoke(context);
}
var roles = await um.GetRolesAsync(user);
var identity = new GenericIdentity(user.UserName);
var principal = new GenericPrincipal(identity, roles.ToArray());
context.User = principal;
}
else
{
var identity = new GenericIdentity("API");
var principal = new GenericPrincipal(identity, new[] { "Admin", "ApiUser" });
context.User = principal;
}
await next.Invoke(context);
}
}

Loading…
Cancel
Save