diff options
author | vnugent <public@vaughnnugent.com> | 2024-05-02 15:40:59 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-05-02 15:40:59 -0400 |
commit | 34ca3d09a96fb615d00e14abb4a70fe787fe1965 (patch) | |
tree | 719d3a4b0e8ecc681531f10e99979d55a223adcf /plugins/VNLib.Plugins.Essentials.Accounts | |
parent | f4b1086b4a406c759f5a0c44ade63ee9bb79c60d (diff) |
feat: Allow config to toggle strict user-agent checking
Diffstat (limited to 'plugins/VNLib.Plugins.Essentials.Accounts')
-rw-r--r-- | plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs | 6 | ||||
-rw-r--r-- | plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs index 180e30e..4c80eac 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecConfig.cs @@ -184,6 +184,12 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider [JsonPropertyName("strict_path")] public bool VerifyPath { get; set; } = true; + /// <summary> + /// Enforce strict user-agent strings for authorized users + /// </summary> + [JsonPropertyName("strict_user_agent")] + public bool StrictUserAgent { get; set; } = true; + void IOnConfigValidation.Validate() { //Validate the current instance diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs index e20ec9f..d800e3e 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs @@ -120,7 +120,7 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider else if (ClientWebAuthManager.IsSessionElevated(in session)) { //If the session stored a user-agent, make sure it matches the connection - if (!string.Equals(session.UserAgent, entity.Server.UserAgent, StringComparison.Ordinal)) + if (_config.StrictUserAgent && !string.Equals(session.UserAgent, entity.Server.UserAgent, StringComparison.Ordinal)) { _logger.Debug("Denied authorized connection from {ip} because user-agent changed", entity.TrustedRemoteIp); return ValueTask.FromResult(FileProcessArgs.Deny); |