jellyfin-server/Emby.Server.Implementations/HttpServer/Security/AuthService.cs

#pragma warning disable CS1591

using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class AuthService : IAuthService
    {
        private readonly IAuthorizationContext _authorizationContext;

        public AuthService(
            IAuthorizationContext authorizationContext)
        {
            _authorizationContext = authorizationContext;
        }

        public AuthorizationInfo Authenticate(HttpRequest request)
        {
            var auth = _authorizationContext.GetAuthorizationInfo(request);
            if (auth?.User == null)
            {
                return null;
            }

            if (auth.User.HasPermission(PermissionKind.IsDisabled))
            {
                throw new SecurityException("User account has been disabled.");
            }

            return auth;
        }
    }
}
Fix more warnings 2019-11-01 17:38:54 +00:00			`#pragma warning disable CS1591`

Initial migration code 2020-05-13 02:10:35 +00:00			`using Jellyfin.Data.Enums;`
run all ajax through apiclient 2014-07-02 05:16:59 +00:00			`using MediaBrowser.Controller.Net;`
Add authentication and remove versioning 2019-11-23 15:31:02 +00:00			`using Microsoft.AspNetCore.Http;`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 04:57:18 +00:00
move classes 2016-11-04 01:18:51 +00:00			`namespace Emby.Server.Implementations.HttpServer.Security`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 04:57:18 +00:00			`{`
			`public class AuthService : IAuthService`
			`{`
Replace custom code with Asp.Net Core code 2019-07-28 21:53:19 +00:00			`private readonly IAuthorizationContext _authorizationContext;`
completed auth database 2014-07-08 01:41:03 +00:00
Replace custom code with Asp.Net Core code 2019-07-28 21:53:19 +00:00			`public AuthService(`
Remove ServiceStack and related stuff 2020-09-02 10:22:14 +00:00			`IAuthorizationContext authorizationContext)`
run all ajax through apiclient 2014-07-02 05:16:59 +00:00			`{`
Replace custom code with Asp.Net Core code 2019-07-28 21:53:19 +00:00			`_authorizationContext = authorizationContext;`
Add authentication and remove versioning 2019-11-23 15:31:02 +00:00			`}`

Add more authorization handlers, actually authorize requests 2020-06-15 18:49:54 +00:00			`public AuthorizationInfo Authenticate(HttpRequest request)`
			`{`
			`var auth = _authorizationContext.GetAuthorizationInfo(request);`
			`if (auth?.User == null)`
			`{`
			`return null;`
			`}`

			`if (auth.User.HasPermission(PermissionKind.IsDisabled))`
			`{`
			`throw new SecurityException("User account has been disabled.");`
			`}`

			`return auth;`
			`}`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 04:57:18 +00:00			`}`
			`}`