Get cookie-based API remote control working again.

2025-10-26 11:27:15 +00:00 · 2020-04-21 18:38:01 -07:00 · 2020-04-21 18:38:01 -07:00 · ee4e7bd420
commit ee4e7bd420
parent 135ad17fbf
3 changed files with 49 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -163,6 +163,50 @@ Below is an example API request:

 	Get-Location

+Below are examples of using the cookie-based login API (JavaScript):
+
+	// Log in with one request, then launch remote control with another.
+	fetch("https://localhost:5001/api/Login/", {
+		method: "post",
+		credentials: "include",
+		mode: "cors",
+		body: '{"Email":"email@example.com", "Password":"P@ssword1"}',
+		headers: {
+			"Content-Type": "application/json",
+		}
+	}).then(response=>{
+		if (response.ok) {
+			fetch("https://localhost:44351/api/RemoteControl/b68c24b0-2c67-4524-ad28-dadea7a576a4", {
+				method: "get",
+				credentials: "include",
+				mode: "cors"
+			}).then(response=>{
+				if (response.ok) {
+					response.text().then(url=>{
+						window.open(url);
+					})
+				}
+			})
+		}
+	})
+
+	// Log in and launch remote control in the same request.
+	fetch("https://localhost:5001/api/RemoteControl/", {
+		method: "post",
+		credentials: "include",
+		mode: "cors",
+		body: '{"Email":"email@example.com", "Password":"P@ssword1", "DeviceID":"b68c24b0-2c67-4524-ad28-dadea7a576a4"}',
+		headers: {
+			"Content-Type": "application/json",
+		}
+	}).then(response=>{
+		if (response.ok) {
+			response.text().then(url=>{
+				window.open(url);
+			})
+		}
+	})
+
 ## Alerts
 The Alerts API gives you the ability to add monitoring and alerting functionality to your device endpoints.  This feature is intended to add basic RMM-type functionality without diverging too far from Remotely's primary purpose.

--- a/Server/API/DevicesController.cs
+++ b/Server/API/DevicesController.cs
@ -46,7 +46,7 @@ namespace Remotely.Server.API
            var device = DataService.GetDevice(orgID, id);

            if (User.Identity.IsAuthenticated &&
-                !DataService.DoesUserHaveAccessToDevice(id, User.Identity.Name))
+                !DataService.DoesUserHaveAccessToDevice(id, DataService.GetUserByName(User.Identity.Name)))
            {
                return null;
            }
--- a/Server/API/RemoteControlController.cs
+++ b/Server/API/RemoteControlController.cs
@ -54,10 +54,11 @@ namespace Remotely.Server.API
            var orgId = DataService.GetUserByName(rcRequest.Email)?.OrganizationID;

            var result = await SignInManager.PasswordSignInAsync(rcRequest.Email, rcRequest.Password, false, true);
-            if (result.Succeeded)
+            if (result.Succeeded &&
+                DataService.DoesUserHaveAccessToDevice(rcRequest.DeviceID, DataService.GetUserByName(rcRequest.Email)))
            {
                DataService.WriteEvent($"API login successful for {rcRequest.Email}.", orgId);
-                return await InitiateRemoteControl(rcRequest.DeviceID, rcRequest.Email);
+                return await InitiateRemoteControl(rcRequest.DeviceID, orgId);
            }
            else if (result.IsLockedOut)
            {
@ -82,7 +83,7 @@ namespace Remotely.Server.API
            if (targetDevice.Value != null)
            {
                if (User.Identity.IsAuthenticated &&
-                   !DataService.DoesUserHaveAccessToDevice(targetDevice.Value.ID, User.Identity.Name))
+                   !DataService.DoesUserHaveAccessToDevice(targetDevice.Value.ID, DataService.GetUserByName(User.Identity.Name)))
                {
                    return Unauthorized();
                }