New: Setting to disable authentication for local addresses

2 years ago · b154b00c61
parent 05ee4e6449
commit b154b00c61
13 changed files with 116 additions and 12 deletions
--- a/frontend/src/Settings/General/SecuritySettings.js
+++ b/frontend/src/Settings/General/SecuritySettings.js
@ -16,6 +16,11 @@ const authenticationMethodOptions = [
  { key: 'forms', value: 'Forms (Login Page)' }
 ];
 const authenticationRequiredOptions = [
  { key: 'enabled', value: 'Enabled' },
  { key: 'disabledForLocalAddresses', value: 'Disabled for Local Addresses' }
 ];
 const certificateValidationOptions = [
  { key: 'enabled', value: 'Enabled' },
  { key: 'disabledForLocalAddresses', value: 'Disabled for Local Addresses' },
@ -67,6 +72,7 @@ class SecuritySettings extends Component {
    const {
      authenticationMethod,
      authenticationRequired,
      username,
      password,
      apiKey,
@ -91,7 +97,24 @@ class SecuritySettings extends Component {
        </FormGroup>
        {
-          authenticationEnabled &&
+          authenticationEnabled ?
            <FormGroup>
              <FormLabel>Authentication Required</FormLabel>
              <FormInputGroup
                type={inputTypes.SELECT}
                name="authenticationRequired"
                values={authenticationRequiredOptions}
                helpText="Change which requests authentication is required for. Do not change unless you understand the risks."
                onChange={onInputChange}
                {...authenticationRequired}
              />
            </FormGroup> :
            null
        }
        {
          authenticationEnabled ?
            <FormGroup>
              <FormLabel>Username</FormLabel>
@ -101,11 +124,12 @@ class SecuritySettings extends Component {
                onChange={onInputChange}
                {...username}
              />
-            </FormGroup>
+            </FormGroup> :
            null
        }
        {
-          authenticationEnabled &&
+          authenticationEnabled ?
            <FormGroup>
              <FormLabel>Password</FormLabel>
@ -115,7 +139,8 @@ class SecuritySettings extends Component {
                onChange={onInputChange}
                {...password}
              />
-            </FormGroup>
+            </FormGroup> :
            null
        }
        <FormGroup>
--- a/src/NzbDrone.Automation.Test/AutomationTest.cs
+++ b/src/NzbDrone.Automation.Test/AutomationTest.cs
@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using FluentAssertions;
@ -46,7 +46,7 @@ namespace NzbDrone.Automation.Test
            _runner = new NzbDroneRunner(LogManager.GetCurrentClassLogger());
            _runner.KillAll();
-            _runner.Start();
+            _runner.Start(true);
            driver.Url = "http://localhost:8989";
--- a/src/NzbDrone.Core/Authentication/AuthenticationRequiredType.cs
+++ b/src/NzbDrone.Core/Authentication/AuthenticationRequiredType.cs
@ -0,0 +1,8 @@
 namespace NzbDrone.Core.Authentication
 {
    public enum AuthenticationRequiredType
    {
        Enabled = 0,
        DisabledForLocalAddresses = 1
    }
 }
--- a/src/NzbDrone.Core/Authentication/AuthenticationType.cs
+++ b/src/NzbDrone.Core/Authentication/AuthenticationType.cs
@ -1,9 +1,10 @@
-namespace NzbDrone.Core.Authentication
+namespace NzbDrone.Core.Authentication
 {
    public enum AuthenticationType
    {
        None = 0,
        Basic = 1,
-        Forms = 2
+        Forms = 2,
        External = 3
    }
 }
--- a/src/NzbDrone.Core/Configuration/ConfigFileProvider.cs
+++ b/src/NzbDrone.Core/Configuration/ConfigFileProvider.cs
@ -31,6 +31,7 @@ namespace NzbDrone.Core.Configuration
        bool EnableSsl { get; }
        bool LaunchBrowser { get; }
        AuthenticationType AuthenticationMethod { get; }
        AuthenticationRequiredType AuthenticationRequired { get; }
        bool AnalyticsEnabled { get; }
        string LogLevel { get; }
        string ConsoleLogLevel { get; }
@ -181,6 +182,8 @@ namespace NzbDrone.Core.Configuration
            }
        }
        public AuthenticationRequiredType AuthenticationRequired => GetValueEnum("AuthenticationRequired", AuthenticationRequiredType.Enabled);
        public bool AnalyticsEnabled => GetValueBoolean("AnalyticsEnabled", true, persist: false);
        public string Branch => GetValue("Branch", "main").ToLowerInvariant();
--- a/src/NzbDrone.Host/Startup.cs
+++ b/src/NzbDrone.Host/Startup.cs
@ -102,6 +102,8 @@ namespace NzbDrone.Host
                .PersistKeysToFileSystem(new DirectoryInfo(Configuration["dataProtectionFolder"]));
            services.AddSingleton<IAuthorizationPolicyProvider, UiAuthorizationPolicyProvider>();
            services.AddSingleton<IAuthorizationHandler, UiAuthorizationHandler>();
            services.AddAuthorization(options =>
            {
                options.AddPolicy("SignalR", policy =>
--- a/src/NzbDrone.Test.Common/NzbDroneRunner.cs
+++ b/src/NzbDrone.Test.Common/NzbDroneRunner.cs
@ -31,12 +31,12 @@ namespace NzbDrone.Test.Common
            Port = port;
        }
-        public void Start()
+        public void Start(bool enableAuth = false)
        {
            AppData = Path.Combine(TestContext.CurrentContext.TestDirectory, "_intg_" + TestBase.GetUID());
            Directory.CreateDirectory(AppData);
-            GenerateConfigFile();
+            GenerateConfigFile(enableAuth);
            string consoleExe;
            if (OsInfo.IsWindows)
@ -146,7 +146,7 @@ namespace NzbDrone.Test.Common
            }
        }
-        private void GenerateConfigFile()
+        private void GenerateConfigFile(bool enableAuth)
        {
            var configFile = Path.Combine(AppData, "config.xml");
@ -159,6 +159,8 @@ namespace NzbDrone.Test.Common
                             new XElement(nameof(ConfigFileProvider.ApiKey), apiKey),
                             new XElement(nameof(ConfigFileProvider.LogLevel), "trace"),
                             new XElement(nameof(ConfigFileProvider.AnalyticsEnabled), false),
                             new XElement(nameof(ConfigFileProvider.AuthenticationMethod), enableAuth ? "Forms" : "None"),
                             new XElement(nameof(ConfigFileProvider.AuthenticationRequired), "DisabledForLocalAddresses"),
                             new XElement(nameof(ConfigFileProvider.Port), Port)));
            var data = xDoc.ToString();
--- a/src/Sonarr.Api.V3/Config/HostConfigResource.cs
+++ b/src/Sonarr.Api.V3/Config/HostConfigResource.cs
@ -15,6 +15,7 @@ namespace Sonarr.Api.V3.Config
        public bool EnableSsl { get; set; }
        public bool LaunchBrowser { get; set; }
        public AuthenticationType AuthenticationMethod { get; set; }
        public AuthenticationRequiredType AuthenticationRequired { get; set; }
        public bool AnalyticsEnabled { get; set; }
        public string Username { get; set; }
        public string Password { get; set; }
@ -56,6 +57,7 @@ namespace Sonarr.Api.V3.Config
                EnableSsl = model.EnableSsl,
                LaunchBrowser = model.LaunchBrowser,
                AuthenticationMethod = model.AuthenticationMethod,
                AuthenticationRequired = model.AuthenticationRequired,
                AnalyticsEnabled = model.AnalyticsEnabled,
                //Username
--- a/src/Sonarr.Http/Authentication/ApiKeyAuthenticationHandler.cs
+++ b/src/Sonarr.Http/Authentication/ApiKeyAuthenticationHandler.cs
@ -13,6 +13,7 @@ namespace Sonarr.Http.Authentication
    public class ApiKeyAuthenticationOptions : AuthenticationSchemeOptions
    {
        public const string DefaultScheme = "API Key";
        public string Scheme => DefaultScheme;
        public string AuthenticationType = DefaultScheme;
--- a/src/Sonarr.Http/Authentication/AuthenticationBuilderExtensions.cs
+++ b/src/Sonarr.Http/Authentication/AuthenticationBuilderExtensions.cs
@ -22,10 +22,16 @@ namespace Sonarr.Http.Authentication
            return authenticationBuilder.AddScheme<AuthenticationSchemeOptions, NoAuthenticationHandler>(name, options => { });
        }
        public static AuthenticationBuilder AddExternal(this AuthenticationBuilder authenticationBuilder, string name)
        {
            return authenticationBuilder.AddScheme<AuthenticationSchemeOptions, NoAuthenticationHandler>(name, options => { });
        }
        public static AuthenticationBuilder AddAppAuthentication(this IServiceCollection services)
        {
            return services.AddAuthentication()
                .AddNone(AuthenticationType.None.ToString())
                .AddExternal(AuthenticationType.External.ToString())
                .AddBasic(AuthenticationType.Basic.ToString())
                .AddCookie(AuthenticationType.Forms.ToString(), options =>
                {
--- a/src/Sonarr.Http/Authentication/BypassableDenyAnonymousAuthorizationRequirement.cs
+++ b/src/Sonarr.Http/Authentication/BypassableDenyAnonymousAuthorizationRequirement.cs
@ -0,0 +1,8 @@
 using Microsoft.AspNetCore.Authorization.Infrastructure;
 namespace NzbDrone.Http.Authentication
 {
    public class BypassableDenyAnonymousAuthorizationRequirement : DenyAnonymousAuthorizationRequirement
    {
    }
 }
--- a/src/Sonarr.Http/Authentication/UiAuthorizationHandler.cs
+++ b/src/Sonarr.Http/Authentication/UiAuthorizationHandler.cs
@ -0,0 +1,45 @@
 using System.Net;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
 using NzbDrone.Core.Configuration;
 using NzbDrone.Core.Configuration.Events;
 using NzbDrone.Core.Messaging.Events;
 using Sonarr.Http.Extensions;
 namespace NzbDrone.Http.Authentication
 {
    public class UiAuthorizationHandler : AuthorizationHandler<BypassableDenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement, IHandle<ConfigSavedEvent>
    {
        private readonly IConfigFileProvider _configService;
        private static AuthenticationRequiredType _authenticationRequired;
        public UiAuthorizationHandler(IConfigFileProvider configService)
        {
            _configService = configService;
            _authenticationRequired = configService.AuthenticationRequired;
        }
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BypassableDenyAnonymousAuthorizationRequirement requirement)
        {
            if (_authenticationRequired == AuthenticationRequiredType.DisabledForLocalAddresses)
            {
                if (context.Resource is HttpContext httpContext &&
                    IPAddress.TryParse(httpContext.GetRemoteIP(), out var ipAddress) &&
                    ipAddress.IsLocalAddress())
                {
                    context.Succeed(requirement);
                }
            }
            return Task.CompletedTask;
        }
        public void Handle(ConfigSavedEvent message)
        {
            _authenticationRequired = _configService.AuthenticationRequired;
        }
    }
 }
--- a/src/Sonarr.Http/Authentication/UiAuthorizationPolicyProvider.cs
+++ b/src/Sonarr.Http/Authentication/UiAuthorizationPolicyProvider.cs
@ -29,7 +29,8 @@ namespace NzbDrone.Http.Authentication
            if (policyName.Equals(POLICY_NAME, StringComparison.OrdinalIgnoreCase))
            {
                var policy = new AuthorizationPolicyBuilder(_config.AuthenticationMethod.ToString())
-                    .RequireAuthenticatedUser();
+                    .AddRequirements(new BypassableDenyAnonymousAuthorizationRequirement());
                return Task.FromResult(policy.Build());
            }