AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Validate Download Claim (#971)

Browse source 
* Partially complete, got some code to validate your Role. Needs to be applied to all methods and made a filter.

* Cleaned up the code on the backend to validate each call. The reason the RequireDownloadRole doesn't work is that the user still has the claim in their token so the simple validation isn't working. We need explicit checks.

* Don't allow users to download files if they have lost the claim but not refreshed token.

* Don't allow users to download files if they have lost the claim but not refreshed token.
This commit is contained in:
Joseph Milazzo 2022-01-20 07:46:59 -08:00 committed by GitHub
parent 7b9ac2faee
commit eb7e2781c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 35 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

1
API/Extensions/IdentityServiceExtensions.cs
View file

@ -4,6 +4,7 @@ using API.Constants;
using API.Data;
using API.Entities;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization.Infrastructure;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;