Backup_Repos/Readarr
1
0
Fork 0
mirror of https://github.com/Readarr/Readarr synced 2026-01-10 17:43:41 +01:00
Code Issues Projects Releases Wiki Activity
Readarr/src/Readarr.Http/Authentication/AuthenticationController.cs
Mark McDowall 09e0c40792 Fixed: Limit redirects after login to local paths 
(cherry picked from commit 14005d8d1054eafaba808337a109d5812f3e79e6)
2024-09-23 05:41:21 +03:00

71 lines
2.5 KiB
C#
Raw Blame History

using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using NzbDrone.Common.Extensions;
using NzbDrone.Core.Authentication;
using NzbDrone.Core.Configuration;
namespace Readarr.Http.Authentication
{
[AllowAnonymous]
[ApiController]
public class AuthenticationController : Controller
{
private readonly IAuthenticationService _authService;
private readonly IConfigFileProvider _configFileProvider;
public AuthenticationController(IAuthenticationService authService, IConfigFileProvider configFileProvider)
{
_authService = authService;
_configFileProvider = configFileProvider;
}
[HttpPost("login")]
public async Task<IActionResult> Login([FromForm] LoginResource resource, [FromQuery] string returnUrl = null)
{
var user = _authService.Login(HttpContext.Request, resource.Username, resource.Password);
if (user == null)
{
return Redirect($"~/login?returnUrl={returnUrl}&loginFailed=true");
}
var claims = new List<Claim>
{
new Claim("user", user.Username),
new Claim("identifier", user.Identifier.ToString()),
new Claim("AuthType", AuthenticationType.Forms.ToString())
};
var authProperties = new AuthenticationProperties
{
IsPersistent = resource.RememberMe == "on"
};
await HttpContext.SignInAsync(AuthenticationType.Forms.ToString(), new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookies", "user", "identifier")), authProperties);
if (returnUrl.IsNullOrWhiteSpace() || !Url.IsLocalUrl(returnUrl))
{
return Redirect(_configFileProvider.UrlBase + "/");
}
if (_configFileProvider.UrlBase.IsNullOrWhiteSpace() || returnUrl.StartsWith(_configFileProvider.UrlBase))
{
return Redirect(returnUrl);
}
return Redirect(_configFileProvider.UrlBase + returnUrl);
}
[HttpGet("logout")]
public async Task<IActionResult> Logout()
{
_authService.Logout(HttpContext);
await HttpContext.SignOutAsync(AuthenticationType.Forms.ToString());
return Redirect(_configFileProvider.UrlBase + "/");
}
}
}
Reference in a new issue View git blame Copy permalink