0ct0pu5/Moonlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improved auto admin security

Browse source 
As mentioned in issue 253
This commit is contained in:
Marcel Baumgartner 2023-08-15 15:45:12 +02:00
parent c80622c2fd
commit 31d8c3f469
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Moonlight/App/Services/UserService.cs
View file

@ -21,6 +21,7 @@ public class UserService
private readonly DateTimeService DateTimeService;
private readonly ConfigService ConfigService;
private readonly TempMailService TempMailService;
private readonly MoonlightService MoonlightService;
private readonly string JwtSecret;
@ -32,7 +33,8 @@ public class UserService
IdentityService identityService,
IpLocateService ipLocateService,
DateTimeService dateTimeService,
TempMailService tempMailService)
TempMailService tempMailService,
MoonlightService moonlightService)
{
UserRepository = userRepository;
TotpService = totpService;
@ -42,6 +44,7 @@ public class UserService
IpLocateService = ipLocateService;
DateTimeService = dateTimeService;
TempMailService = tempMailService;
MoonlightService = moonlightService;
JwtSecret = configService
.Get()
@ -67,11 +70,21 @@ public class UserService
throw new DisplayException("The email is already in use");
}
bool admin = false;
if (!UserRepository.Get().Any())
{
if ((DateTime.UtcNow - MoonlightService.StartTimestamp).TotalMinutes < 15)
admin = true;
else
throw new DisplayException("You have to register within 15 minutes after the start of moonlight to get admin permissions. Please restart moonlight in order to register as admin. Please note that this will only works once and will be deactivated after a admin has registered");
}
// Add user
var user = UserRepository.Add(new()
{
Address = "",
Admin = !UserRepository.Get().Any(),
Admin = admin,
City = "",
Country = "",
Email = email.ToLower(),