Auth: Apply same scope when session is created from auth token #782 #808

Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer 2024-01-14 18:53:27 +01:00
parent fed1d8ad95
commit 5dedc8a7c0
2 changed files with 22 additions and 10 deletions

View file

@ -356,6 +356,27 @@ func (m *Session) SetAuthID(id string) *Session {
return m return m
} }
// Scope returns the authorization scope as a sanitized string.
func (m *Session) Scope() string {
return clean.Scope(m.AuthScope)
}
// HasScope checks if the session has the given authorization scope.
func (m *Session) HasScope(scope string) bool {
return list.ParseAttr(m.Scope()).Contains(scope)
}
// SetScope sets a custom authentication scope.
func (m *Session) SetScope(scope string) *Session {
if scope == "" {
return m
}
m.AuthScope = clean.Scope(scope)
return m
}
// Method returns the authentication method. // Method returns the authentication method.
func (m *Session) Method() authn.MethodType { func (m *Session) Method() authn.MethodType {
return authn.Method(m.AuthMethod) return authn.Method(m.AuthMethod)
@ -793,13 +814,3 @@ func (m *Session) HttpStatus() int {
return http.StatusUnauthorized return http.StatusUnauthorized
} }
// Scope returns the authorization scope as a sanitized string.
func (m *Session) Scope() string {
return clean.Scope(m.AuthScope)
}
// HasScope checks if the session has the given authorization scope.
func (m *Session) HasScope(scope string) bool {
return list.ParseAttr(m.Scope()).Contains(scope)
}

View file

@ -126,6 +126,7 @@ func AuthLocal(user *User, f form.Login, m *Session, c *gin.Context) (authn.Prov
return authn.ProviderNone, i18n.Error(i18n.ErrInvalidCredentials) return authn.ProviderNone, i18n.Error(i18n.ErrInvalidCredentials)
} else { } else {
m.SetAuthID(authSess.AuthID) m.SetAuthID(authSess.AuthID)
m.SetScope(authSess.Scope())
m.SetMethod(authn.MethodSession) m.SetMethod(authn.MethodSession)
event.AuditInfo([]string{clientIp, "session %s", "login as %s with auth secret", "succeeded"}, m.RefID, clean.LogQuote(userName)) event.AuditInfo([]string{clientIp, "session %s", "login as %s with auth secret", "succeeded"}, m.RefID, clean.LogQuote(userName))
event.LoginInfo(clientIp, "api", userName, m.UserAgent) event.LoginInfo(clientIp, "api", userName, m.UserAgent)