added toggle for matchUserAgents

api/classes/organizr.class.php

@@ -1678,9 +1678,11 @@ class Organizr
 			} else {
 				// Check if user is on same browser as token
 				if ($allTokens[$tokenKey]['browser'] !== $_SERVER ['HTTP_USER_AGENT']) {
-					$this->setLoggerChannel('Authentication')->warning('Mismatch of useragent', ['token' => $allTokens[$tokenKey]['browser'], 'browser' => $_SERVER ['HTTP_USER_AGENT']]);
-					$this->invalidToken($token);
-					return false;
+					if ($this->config['matchUserAgents']) {
+						$this->setLoggerChannel('Authentication')->warning('Mismatch of useragent', ['token' => $allTokens[$tokenKey]['browser'], 'browser' => $_SERVER ['HTTP_USER_AGENT']]);
+						$this->invalidToken($token);
+						return false;
+					}
 				}
 				if ($api) {
 					$this->setResponse(200, 'Token is valid');
@@ -2372,6 +2374,7 @@ class Organizr
 				$this->settingsOption('switch', 'lockoutSystem', ['label' => 'Inactivity Lock']),
 				$this->settingsOption('select', 'lockoutMinAuth', ['label' => 'Lockout Groups From', 'options' => $this->groupSelect()]),
 				$this->settingsOption('select', 'lockoutMaxAuth', ['label' => 'Lockout Groups To', 'options' => $this->groupSelect()]),
+				$this->settingsOption('switch', 'matchUserAgents', ['label' => 'Match UserAgent', 'help' => 'Match Browser UserAgent to Token UserAgent - Can be very aggressive on matching']),
 				$this->settingsOption('switch', 'traefikAuthEnable', ['label' => 'Enable Traefik Auth Redirect', 'help' => 'This will enable the webserver to forward errors so traefik will accept them']),
 				$this->settingsOption('input', 'traefikDomainOverride', ['label' => 'Traefik Domain for Return Override', 'help' => 'Please use a FQDN on this URL Override', 'placeholder' => 'http(s)://domain']),
 				$this->settingsOption('select', 'debugAreaAuth', ['label' => 'Minimum Authentication for Debug Area', 'options' => $this->groupSelect(), 'settings' => '{}']),

api/config/default.php

@@ -663,5 +663,6 @@ return [
 	'sendLogsToSlack' => false,
 	'slackLogLevel' => 'WARNING',
 	'slackLogWebhook' => '',
-	'slackLogWebHookChannel' => ''
+	'slackLogWebHookChannel' => '',
+	'matchUserAgents' => false
 ];