Sliding expiration for auth cookie and a little clean up

(cherry picked from commit 05ee4e644907b7f1e84589465ac9ab1848f5a766)

frontend/src/Settings/General/SecuritySettings.js

@@ -17,11 +17,6 @@ const authenticationMethodOptions = [
   { key: 'forms', value: translate('AuthForm') }
 ];
 
-const authenticationRequiredOptions = [
-  { key: 'enabled', value: 'Enabled' },
-  { key: 'disabledForLocalAddresses', value: 'Disabled for Local Addresses' }
-];
-
 const certificateValidationOptions = [
   { key: 'enabled', value: translate('Enabled') },
   { key: 'disabledForLocalAddresses', value: translate('CertValidationNoLocal') },
@@ -73,7 +68,6 @@ class SecuritySettings extends Component {
 
     const {
       authenticationMethod,
-      authenticationRequired,
       username,
       password,
       apiKey,
@@ -98,24 +92,7 @@ class SecuritySettings extends Component {
         </FormGroup>
 
         {
-          authenticationEnabled ?
-            <FormGroup>
-              <FormLabel>Authentication Required</FormLabel>
-
-              <FormInputGroup
-                type={inputTypes.SELECT}
-                name="authenticationRequired"
-                values={authenticationRequiredOptions}
-                helpText="Change which requests authentication is required for. Do not change unless you understand the risks."
-                onChange={onInputChange}
-                {...authenticationRequired}
-              />
-            </FormGroup> :
-            null
-        }
-
-        {
-          authenticationEnabled ?
+          authenticationEnabled &&
             <FormGroup>
               <FormLabel>{translate('Username')}</FormLabel>
 
@@ -125,12 +102,11 @@ class SecuritySettings extends Component {
                 onChange={onInputChange}
                 {...username}
               />
-            </FormGroup> :
-            null
+            </FormGroup>
         }
 
         {
-          authenticationEnabled ?
+          authenticationEnabled &&
             <FormGroup>
               <FormLabel>{translate('Password')}</FormLabel>
 
@@ -140,8 +116,7 @@ class SecuritySettings extends Component {
                 onChange={onInputChange}
                 {...password}
               />
-            </FormGroup> :
-            null
+            </FormGroup>
         }
 
         <FormGroup>

src/NzbDrone.Automation.Test/AutomationTest.cs

@@ -46,7 +46,7 @@ namespace NzbDrone.Automation.Test
 
             _runner = new NzbDroneRunner(LogManager.GetCurrentClassLogger(), null);
             _runner.KillAll();
-            _runner.Start(true);
+            _runner.Start();
 
             driver.Url = "http://localhost:7878";
 

src/NzbDrone.Core/Authentication/AuthenticationRequiredType.cs

@@ -1,8 +0,0 @@
-namespace NzbDrone.Core.Authentication
-{
-    public enum AuthenticationRequiredType
-    {
-        Enabled = 0,
-        DisabledForLocalAddresses = 1
-    }
-}

src/NzbDrone.Core/Authentication/AuthenticationType.cs

@@ -1,10 +1,9 @@
-namespace NzbDrone.Core.Authentication
+namespace NzbDrone.Core.Authentication
 {
     public enum AuthenticationType
     {
         None = 0,
         Basic = 1,
-        Forms = 2,
-        External = 3
+        Forms = 2
     }
 }

src/NzbDrone.Core/Configuration/ConfigFileProvider.cs

@@ -33,7 +33,6 @@ namespace NzbDrone.Core.Configuration
         bool EnableSsl { get; }
         bool LaunchBrowser { get; }
         AuthenticationType AuthenticationMethod { get; }
-        AuthenticationRequiredType AuthenticationRequired { get; }
         bool AnalyticsEnabled { get; }
         string LogLevel { get; }
         string ConsoleLogLevel { get; }
@@ -192,8 +191,6 @@ namespace NzbDrone.Core.Configuration
             }
         }
 
-        public AuthenticationRequiredType AuthenticationRequired => GetValueEnum("AuthenticationRequired", AuthenticationRequiredType.Enabled);
-
         public bool AnalyticsEnabled => GetValueBoolean("AnalyticsEnabled", true, persist: false);
 
         public string Branch => GetValue("Branch", "master").ToLowerInvariant();

src/NzbDrone.Host/Startup.cs

@@ -171,8 +171,6 @@ namespace NzbDrone.Host
                 .PersistKeysToFileSystem(new DirectoryInfo(Configuration["dataProtectionFolder"]));
 
             services.AddSingleton<IAuthorizationPolicyProvider, UiAuthorizationPolicyProvider>();
-            services.AddSingleton<IAuthorizationHandler, UiAuthorizationHandler>();
-
             services.AddAuthorization(options =>
             {
                 options.AddPolicy("SignalR", policy =>

src/NzbDrone.Test.Common/NzbDroneRunner.cs

@@ -37,12 +37,12 @@ namespace NzbDrone.Test.Common
             Port = port;
         }
 
-        public void Start(bool enableAuth = false)
+        public void Start()
         {
             AppData = Path.Combine(TestContext.CurrentContext.TestDirectory, "_intg_" + TestBase.GetUID());
             Directory.CreateDirectory(AppData);
 
-            GenerateConfigFile(enableAuth);
+            GenerateConfigFile();
 
             string consoleExe;
             if (OsInfo.IsWindows)
@@ -166,7 +166,7 @@ namespace NzbDrone.Test.Common
             }
         }
 
-        private void GenerateConfigFile(bool enableAuth)
+        private void GenerateConfigFile()
         {
             var configFile = Path.Combine(AppData, "config.xml");
 
@@ -179,8 +179,6 @@ namespace NzbDrone.Test.Common
                              new XElement(nameof(ConfigFileProvider.ApiKey), apiKey),
                              new XElement(nameof(ConfigFileProvider.LogLevel), "trace"),
                              new XElement(nameof(ConfigFileProvider.AnalyticsEnabled), false),
-                             new XElement(nameof(ConfigFileProvider.AuthenticationMethod), enableAuth ? "Forms" : "None"),
-                             new XElement(nameof(ConfigFileProvider.AuthenticationRequired), "DisabledForLocalAddresses"),
                              new XElement(nameof(ConfigFileProvider.Port), Port)));
 
             var data = xDoc.ToString();

src/Radarr.Api.V3/Config/HostConfigResource.cs

@@ -15,7 +15,6 @@ namespace Radarr.Api.V3.Config
         public bool EnableSsl { get; set; }
         public bool LaunchBrowser { get; set; }
         public AuthenticationType AuthenticationMethod { get; set; }
-        public AuthenticationRequiredType AuthenticationRequired { get; set; }
         public bool AnalyticsEnabled { get; set; }
         public string Username { get; set; }
         public string Password { get; set; }
@@ -57,7 +56,6 @@ namespace Radarr.Api.V3.Config
                 EnableSsl = model.EnableSsl,
                 LaunchBrowser = model.LaunchBrowser,
                 AuthenticationMethod = model.AuthenticationMethod,
-                AuthenticationRequired = model.AuthenticationRequired,
                 AnalyticsEnabled = model.AnalyticsEnabled,
 
                 //Username

src/Radarr.Http/Authentication/ApiKeyAuthenticationHandler.cs

@@ -13,7 +13,6 @@ namespace Radarr.Http.Authentication
     public class ApiKeyAuthenticationOptions : AuthenticationSchemeOptions
     {
         public const string DefaultScheme = "API Key";
-
         public string Scheme => DefaultScheme;
         public string AuthenticationType = DefaultScheme;
 

src/Radarr.Http/Authentication/AuthenticationBuilderExtensions.cs

@@ -22,16 +22,10 @@ namespace Radarr.Http.Authentication
             return authenticationBuilder.AddScheme<AuthenticationSchemeOptions, NoAuthenticationHandler>(name, options => { });
         }
 
-        public static AuthenticationBuilder AddExternal(this AuthenticationBuilder authenticationBuilder, string name)
-        {
-            return authenticationBuilder.AddScheme<AuthenticationSchemeOptions, NoAuthenticationHandler>(name, options => { });
-        }
-
         public static AuthenticationBuilder AddAppAuthentication(this IServiceCollection services)
         {
             return services.AddAuthentication()
                 .AddNone(AuthenticationType.None.ToString())
-                .AddExternal(AuthenticationType.External.ToString())
                 .AddBasic(AuthenticationType.Basic.ToString())
                 .AddCookie(AuthenticationType.Forms.ToString(), options =>
                 {
@@ -39,6 +33,7 @@ namespace Radarr.Http.Authentication
                     options.AccessDeniedPath = "/login?loginFailed=true";
                     options.LoginPath = "/login";
                     options.ExpireTimeSpan = TimeSpan.FromDays(7);
+                    options.SlidingExpiration = true;
                 })
                 .AddApiKey("API", options =>
                 {

src/Radarr.Http/Authentication/AuthenticationService.cs

@@ -1,5 +1,8 @@
+using System;
+using System.Net;
 using Microsoft.AspNetCore.Http;
 using NLog;
+using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
 using NzbDrone.Core.Configuration;
 using Radarr.Http.Extensions;
@@ -15,17 +18,14 @@ namespace Radarr.Http.Authentication
 
     public class AuthenticationService : IAuthenticationService
     {
-        private const string AnonymousUser = "Anonymous";
         private static readonly Logger _authLogger = LogManager.GetLogger("Auth");
         private readonly IUserService _userService;
 
-        private static string API_KEY;
         private static AuthenticationType AUTH_METHOD;
 
         public AuthenticationService(IConfigFileProvider configFileProvider, IUserService userService)
         {
             _userService = userService;
-            API_KEY = configFileProvider.ApiKey;
             AUTH_METHOD = configFileProvider.AuthenticationMethod;
         }
 

src/Radarr.Http/Authentication/UiAuthorizationPolicyProvider.cs

@@ -29,8 +29,7 @@ namespace NzbDrone.Http.Authentication
             if (policyName.Equals(POLICY_NAME, StringComparison.OrdinalIgnoreCase))
             {
                 var policy = new AuthorizationPolicyBuilder(_config.AuthenticationMethod.ToString())
-                    .AddRequirements(new BypassableDenyAnonymousAuthorizationRequirement());
-
+                    .RequireAuthenticatedUser();
                 return Task.FromResult(policy.Build());
             }
 

src/Sonarr.Http/Authentication/BypassableDenyAnonymousAuthorizationRequirement.cs

@@ -1,8 +0,0 @@
-using Microsoft.AspNetCore.Authorization.Infrastructure;
-
-namespace NzbDrone.Http.Authentication
-{
-    public class BypassableDenyAnonymousAuthorizationRequirement : DenyAnonymousAuthorizationRequirement
-    {
-    }
-}

src/Sonarr.Http/Authentication/UiAuthorizationHandler.cs

@@ -1,45 +0,0 @@
-using System.Net;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using NzbDrone.Common.Extensions;
-using NzbDrone.Core.Authentication;
-using NzbDrone.Core.Configuration;
-using NzbDrone.Core.Configuration.Events;
-using NzbDrone.Core.Messaging.Events;
-using Sonarr.Http.Extensions;
-
-namespace NzbDrone.Http.Authentication
-{
-    public class UiAuthorizationHandler : AuthorizationHandler<BypassableDenyAnonymousAuthorizationRequirement>, IAuthorizationRequirement, IHandle<ConfigSavedEvent>
-    {
-        private readonly IConfigFileProvider _configService;
-        private static AuthenticationRequiredType _authenticationRequired;
-
-        public UiAuthorizationHandler(IConfigFileProvider configService)
-        {
-            _configService = configService;
-            _authenticationRequired = configService.AuthenticationRequired;
-        }
-
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BypassableDenyAnonymousAuthorizationRequirement requirement)
-        {
-            if (_authenticationRequired == AuthenticationRequiredType.DisabledForLocalAddresses)
-            {
-                if (context.Resource is HttpContext httpContext &&
-                    IPAddress.TryParse(httpContext.GetRemoteIP(), out var ipAddress) &&
-                    ipAddress.IsLocalAddress())
-                {
-                    context.Succeed(requirement);
-                }
-            }
-
-            return Task.CompletedTask;
-        }
-
-        public void Handle(ConfigSavedEvent message)
-        {
-            _authenticationRequired = _configService.AuthenticationRequired;
-        }
-    }
-}