mirror of
https://github.com/zerotier/ZeroTierOne.git
synced 2024-12-21 13:57:49 +00:00
Fix member deauthorization time threshold bug.
This commit is contained in:
parent
5bd8968eb8
commit
15c6e2ec70
@ -697,6 +697,8 @@ unsigned int EmbeddedNetworkController::handleControlPlaneHttpPOST(
|
||||
const bool newAuth = _jB(b["authorized"],false);
|
||||
if (newAuth != _jB(member["authorized"],false)) {
|
||||
member["authorized"] = newAuth;
|
||||
member[((newAuth) ? "lastAuthorizedTime" : "lastDeauthorizedTime")] = now;
|
||||
|
||||
json ah;
|
||||
ah["a"] = newAuth;
|
||||
ah["by"] = "api";
|
||||
@ -1278,23 +1280,14 @@ void EmbeddedNetworkController::_request(
|
||||
|
||||
// Determine whether and how member is authorized
|
||||
const char *authorizedBy = (const char *)0;
|
||||
bool autoAuthorized = false;
|
||||
json autoAuthCredentialType,autoAuthCredential;
|
||||
if (_jB(member["authorized"],false)) {
|
||||
authorizedBy = "memberIsAuthorized";
|
||||
} else if (!_jB(network["private"],true)) {
|
||||
authorizedBy = "networkIsPublic";
|
||||
if (!member.count("authorized")) {
|
||||
member["authorized"] = true;
|
||||
json ah;
|
||||
ah["a"] = true;
|
||||
ah["by"] = authorizedBy;
|
||||
ah["ts"] = now;
|
||||
ah["ct"] = json();
|
||||
ah["c"] = json();
|
||||
member["authHistory"].push_back(ah);
|
||||
member["lastModified"] = now;
|
||||
json &revj = member["revision"];
|
||||
member["revision"] = (revj.is_number() ? ((uint64_t)revj + 1ULL) : 1ULL);
|
||||
}
|
||||
if (!member.count("authorized"))
|
||||
autoAuthorized = true;
|
||||
} else {
|
||||
char presentedAuth[512];
|
||||
if (metaData.get(ZT_NETWORKCONFIG_REQUEST_METADATA_KEY_AUTH,presentedAuth,sizeof(presentedAuth)) > 0) {
|
||||
@ -1329,17 +1322,9 @@ void EmbeddedNetworkController::_request(
|
||||
}
|
||||
if (usable) {
|
||||
authorizedBy = "token";
|
||||
member["authorized"] = true;
|
||||
json ah;
|
||||
ah["a"] = true;
|
||||
ah["by"] = authorizedBy;
|
||||
ah["ts"] = now;
|
||||
ah["ct"] = "token";
|
||||
ah["c"] = tstr;
|
||||
member["authHistory"].push_back(ah);
|
||||
member["lastModified"] = now;
|
||||
json &revj = member["revision"];
|
||||
member["revision"] = (revj.is_number() ? ((uint64_t)revj + 1ULL) : 1ULL);
|
||||
autoAuthorized = true;
|
||||
autoAuthCredentialType = "token";
|
||||
autoAuthCredential = tstr;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1349,6 +1334,23 @@ void EmbeddedNetworkController::_request(
|
||||
}
|
||||
}
|
||||
|
||||
// If we auto-authorized, update member record
|
||||
if ((autoAuthorized)&&(authorizedBy)) {
|
||||
member["authorized"] = true;
|
||||
member["lastAuthorizedTime"] = now;
|
||||
|
||||
json ah;
|
||||
ah["a"] = true;
|
||||
ah["by"] = authorizedBy;
|
||||
ah["ts"] = now;
|
||||
ah["ct"] = autoAuthCredentialType;
|
||||
ah["c"] = autoAuthCredential;
|
||||
member["authHistory"].push_back(ah);
|
||||
|
||||
json &revj = member["revision"];
|
||||
member["revision"] = (revj.is_number() ? ((uint64_t)revj + 1ULL) : 1ULL);
|
||||
}
|
||||
|
||||
// Log this request
|
||||
if (requestPacketId) { // only log if this is a request, not for generated pushes
|
||||
json rlEntry = json::object();
|
||||
|
@ -145,6 +145,8 @@ private:
|
||||
if (!member.count("creationTime")) member["creationTime"] = OSUtils::now();
|
||||
if (!member.count("noAutoAssignIps")) member["noAutoAssignIps"] = false;
|
||||
if (!member.count("revision")) member["revision"] = 0ULL;
|
||||
if (!member.count("lastDeauthorizedTime")) member["lastDeauthorizedTime"] = 0ULL;
|
||||
if (!member.count("lastAuthorizedTime")) member["lastAuthorizedTime"] = 0ULL;
|
||||
member["objtype"] = "member";
|
||||
}
|
||||
inline void _initNetwork(nlohmann::json &network)
|
||||
|
Loading…
Reference in New Issue
Block a user