lgladsden/jellyfin-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't remove all tokens if invalid header (#10490)

Browse Source
This commit is contained in:
Cody Robibero 2023-10-30 15:31:13 -06:00 committed by GitHub
parent b26eb7dd6b
commit 8c5fc80282
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 121 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Emby.Server.Implementations/Session/SessionManager.cs
View File

@ -1453,10 +1453,15 @@ namespace Emby.Server.Implementations.Session
return AuthenticateNewSessionInternal(request, false);
}
private async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
internal async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
{
CheckDisposed();
ArgumentException.ThrowIfNullOrEmpty(request.App);
ArgumentException.ThrowIfNullOrEmpty(request.DeviceId);
ArgumentException.ThrowIfNullOrEmpty(request.DeviceName);
ArgumentException.ThrowIfNullOrEmpty(request.AppVersion);
User user = null;
if (!request.UserId.Equals(default))
{
@ -1517,8 +1522,11 @@ namespace Emby.Server.Implementations.Session
return returnResult;
}
private async Task<string> GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
internal async Task<string> GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
{
// This should be validated above, but if it isn't don't delete all tokens.
ArgumentException.ThrowIfNullOrEmpty(deviceId);
var existing = (await _deviceManager.GetDevices(
new DeviceQuery
{

111
tests/Jellyfin.Server.Implementations.Tests/SessionManager/SessionManagerTests.cs Normal file
View File

@ -0,0 +1,111 @@
using System;
using System.Threading.Tasks;
using Jellyfin.Data.Entities;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Devices;
using MediaBrowser.Controller.Drawing;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Events;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Session;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging.Abstractions;
using Moq;
using Xunit;
namespace Jellyfin.Server.Implementations.Tests.SessionManager;
public class SessionManagerTests
{
[Theory]
[InlineData("", typeof(ArgumentException))]
[InlineData(null, typeof(ArgumentNullException))]
public async Task GetAuthorizationToken_Should_ThrowException(string deviceId, Type exceptionType)
{
await using var sessionManager = new Emby.Server.Implementations.Session.SessionManager(
NullLogger<Emby.Server.Implementations.Session.SessionManager>.Instance,
Mock.Of<IEventManager>(),
Mock.Of<IUserDataManager>(),
Mock.Of<IServerConfigurationManager>(),
Mock.Of<ILibraryManager>(),
Mock.Of<IUserManager>(),
Mock.Of<IMusicManager>(),
Mock.Of<IDtoService>(),
Mock.Of<IImageProcessor>(),
Mock.Of<IServerApplicationHost>(),
Mock.Of<IDeviceManager>(),
Mock.Of<IMediaSourceManager>(),
Mock.Of<IHostApplicationLifetime>());
await Assert.ThrowsAsync(exceptionType, () => sessionManager.GetAuthorizationToken(
new User("test", "default", "default"),
deviceId,
"app_name",
"0.0.0",
"device_name"));
}
[Theory]
[MemberData(nameof(AuthenticateNewSessionInternal_Exception_TestData))]
public async Task AuthenticateNewSessionInternal_Should_ThrowException(AuthenticationRequest authenticationRequest, Type exceptionType)
{
await using var sessionManager = new Emby.Server.Implementations.Session.SessionManager(
NullLogger<Emby.Server.Implementations.Session.SessionManager>.Instance,
Mock.Of<IEventManager>(),
Mock.Of<IUserDataManager>(),
Mock.Of<IServerConfigurationManager>(),
Mock.Of<ILibraryManager>(),
Mock.Of<IUserManager>(),
Mock.Of<IMusicManager>(),
Mock.Of<IDtoService>(),
Mock.Of<IImageProcessor>(),
Mock.Of<IServerApplicationHost>(),
Mock.Of<IDeviceManager>(),
Mock.Of<IMediaSourceManager>(),
Mock.Of<IHostApplicationLifetime>());
await Assert.ThrowsAsync(exceptionType, () => sessionManager.AuthenticateNewSessionInternal(authenticationRequest, false));
}
public static TheoryData<AuthenticationRequest, Type> AuthenticateNewSessionInternal_Exception_TestData()
{
var data = new TheoryData<AuthenticationRequest, Type>
{
{
new AuthenticationRequest { App = string.Empty, DeviceId = "device_id", DeviceName = "device_name", AppVersion = "app_version" },
typeof(ArgumentException)
},
{
new AuthenticationRequest { App = null, DeviceId = "device_id", DeviceName = "device_name", AppVersion = "app_version" },
typeof(ArgumentNullException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = string.Empty, DeviceName = "device_name", AppVersion = "app_version" },
typeof(ArgumentException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = null, DeviceName = "device_name", AppVersion = "app_version" },
typeof(ArgumentNullException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = string.Empty, AppVersion = "app_version" },
typeof(ArgumentException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = null, AppVersion = "app_version" },
typeof(ArgumentNullException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = "device_name", AppVersion = string.Empty },
typeof(ArgumentException)
},
{
new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = "device_name", AppVersion = null },
typeof(ArgumentNullException)
}
};
return data;
}
}