ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-29 15:43:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

move this outside the auth block. If SSO is enabled, it should be checked whether authorized or not

Browse Source
This commit is contained in:
Grant Limberg 2021-06-04 09:46:31 -07:00
parent bc901d613d
commit 287c19e822
No known key found for this signature in database
GPG Key ID: 2BA62CCABBB4095A
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
controller/EmbeddedNetworkController.cpp
View File

@ -1331,6 +1331,20 @@ void EmbeddedNetworkController::_request(
// Otherwise no, we use standard auth logic.
bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false);
if (networkSSOEnabled && !memberSSOExempt) {
int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) {
Dictionary<1024> authInfo;
std::string authenticationURL = _db.getSSOAuthURL(member);
if (!authenticationURL.empty()) {
authInfo.add("aU", authenticationURL.c_str());
}
_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
return;
}
}
if (authorized) {
// Update version info and meta-data if authorized and if this is a genuine request
if (requestPacketId) {
@ -1355,22 +1369,9 @@ void EmbeddedNetworkController::_request(
ms.lastRequestMetaData = metaData;
ms.identity = identity;
}
}
if (networkSSOEnabled && !memberSSOExempt) {
int64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
if ((authenticationExpiryTime == 0) || (authenticationExpiryTime < now)) {
Dictionary<1024> authInfo;
std::string authenticationURL = _db.getSSOAuthURL(member);
if (!authenticationURL.empty()) {
authInfo.add("aU", authenticationURL.c_str());
}
_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
return;
}
}
}
} else {
// If they are not authorized, STOP!
DB::cleanMember(member);
_db.save(member,true);