From e6c9ce5ad0056608ecda8273fb8124ed292e2942 Mon Sep 17 00:00:00 2001 From: Lea Date: Wed, 4 Jan 2023 20:23:47 +0100 Subject: [PATCH] feat: Add the option for header authentication to create users (#4841) * feat: allow SSO to create new users automatically * feat: apply default user settings to SSO users * feat: add warnings to header auth toggles --- .../Settings/Models/AuthenticationSettings.cs | 1 + .../ClientApp/src/app/interfaces/ISettings.ts | 1 + .../authentication.component.html | 12 ++++++++ .../authentication.component.scss | 9 +++++- .../authentication.component.ts | 1 + src/Ombi/Controllers/V1/TokenController.cs | 28 +++++++++++++++++-- 6 files changed, 49 insertions(+), 3 deletions(-) diff --git a/src/Ombi.Settings/Settings/Models/AuthenticationSettings.cs b/src/Ombi.Settings/Settings/Models/AuthenticationSettings.cs index ed2775480..4e40bcee7 100644 --- a/src/Ombi.Settings/Settings/Models/AuthenticationSettings.cs +++ b/src/Ombi.Settings/Settings/Models/AuthenticationSettings.cs @@ -15,5 +15,6 @@ namespace Ombi.Settings.Settings.Models public bool EnableOAuth { get; set; } // Plex OAuth public bool EnableHeaderAuth { get; set; } // Header SSO public string HeaderAuthVariable { get; set; } // Header SSO + public bool HeaderAuthCreateUser { get; set; } // Header SSO } } \ No newline at end of file diff --git a/src/Ombi/ClientApp/src/app/interfaces/ISettings.ts b/src/Ombi/ClientApp/src/app/interfaces/ISettings.ts index 759cdeb73..532b8625f 100644 --- a/src/Ombi/ClientApp/src/app/interfaces/ISettings.ts +++ b/src/Ombi/ClientApp/src/app/interfaces/ISettings.ts @@ -247,6 +247,7 @@ export interface IAuthenticationSettings extends ISettings { enableOAuth: boolean; enableHeaderAuth: boolean; headerAuthVariable: string; + headerAuthCreateUser: boolean; } export interface ICustomPage extends ISettings { diff --git a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.html b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.html index 5960c79f7..cf047a7f3 100644 --- a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.html +++ b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.html @@ -23,6 +23,9 @@
Enable Authentication with Header Variable
+
+ Enabling Header Authentication will allow anyone to bypass authentication unless you are using a properly configured reverse proxy. Use with caution! +
@@ -32,6 +35,15 @@
+
+
+ SSO creates new users automatically +
+
+ If the user in the Header Authentication variable does not exist, a new user will be created. You can configure the default permissions for new users in the User Management settings. +
+
+
diff --git a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.scss b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.scss index 4156e205a..0780a0bc0 100644 --- a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.scss +++ b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.scss @@ -12,4 +12,11 @@ ::ng-deep .dark .btn:hover { box-shadow: 0 5px 11px 0 rgba(255, 255, 255, 0.18), 0 4px 15px 0 rgba(255, 255, 255, 0.15); color: inherit; -} \ No newline at end of file +} + +.warning-box { + margin: 16px 0; + color: white; + background-color: $ombi-background-accent; + border-color: $warn; +} diff --git a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.ts b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.ts index 80135b195..0620ea97f 100644 --- a/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.ts +++ b/src/Ombi/ClientApp/src/app/settings/authentication/authentication.component.ts @@ -28,6 +28,7 @@ export class AuthenticationComponent implements OnInit { enableOAuth: [x.enableOAuth], enableHeaderAuth: [x.enableHeaderAuth], headerAuthVariable: [x.headerAuthVariable], + headerAuthCreateUser: [x.headerAuthCreateUser], }); this.form.controls.enableHeaderAuth.valueChanges.subscribe(x => { if (x) { diff --git a/src/Ombi/Controllers/V1/TokenController.cs b/src/Ombi/Controllers/V1/TokenController.cs index 657c95f91..7744a3928 100644 --- a/src/Ombi/Controllers/V1/TokenController.cs +++ b/src/Ombi/Controllers/V1/TokenController.cs @@ -36,13 +36,15 @@ namespace Ombi.Controllers.V1 public class TokenController : ControllerBase { public TokenController(OmbiUserManager um, ITokenRepository token, - IPlexOAuthManager oAuthManager, ILogger logger, ISettingsService auth) + IPlexOAuthManager oAuthManager, ILogger logger, ISettingsService auth, + ISettingsService userManagement) { _userManager = um; _token = token; _plexOAuthManager = oAuthManager; _log = logger; _authSettings = auth; + _userManagementSettings = userManagement; } private readonly ITokenRepository _token; @@ -50,6 +52,7 @@ namespace Ombi.Controllers.V1 private readonly IPlexOAuthManager _plexOAuthManager; private readonly ILogger _log; private readonly ISettingsService _authSettings; + private readonly ISettingsService _userManagementSettings; /// /// Gets the token. @@ -305,7 +308,28 @@ namespace Ombi.Controllers.V1 var user = await _userManager.FindByNameAsync(username); if (user == null) { - return new UnauthorizedResult(); + if (authSettings.HeaderAuthCreateUser) + { + var defaultSettings = await _userManagementSettings.GetSettingsAsync(); + user = new OmbiUser { + UserName = username, + UserType = UserType.LocalUser, + StreamingCountry = defaultSettings.DefaultStreamingCountry ?? "US", + MovieRequestLimit = defaultSettings.MovieRequestLimit, + MovieRequestLimitType = defaultSettings.MovieRequestLimitType, + EpisodeRequestLimit = defaultSettings.EpisodeRequestLimit, + EpisodeRequestLimitType = defaultSettings.EpisodeRequestLimitType, + MusicRequestLimit = defaultSettings.MusicRequestLimit, + MusicRequestLimitType = defaultSettings.MusicRequestLimitType, + }; + + await _userManager.CreateAsync(user); + await _userManager.AddToRolesAsync(user, defaultSettings.DefaultRoles); + } + else + { + return new UnauthorizedResult(); + } } return await CreateToken(true, user);