Merge pull request #5602 from Ullmie02/IP-string-IP

This commit is contained in:
Bond-009 2021-04-03 00:32:43 +02:00 committed by GitHub
commit ec0ef1530c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 92 additions and 42 deletions

View File

@ -28,7 +28,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
var authorization = _authContext.GetAuthorizationInfo(requestContext);
var user = authorization.User;
return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.GetNormalizedRemoteIp(), user);
return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.GetNormalizedRemoteIp().ToString(), user);
}
public SessionInfo GetSession(object requestContext)

View File

@ -21,6 +21,7 @@ using MediaBrowser.Model.Users;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace Jellyfin.Api.Controllers
{
@ -36,6 +37,7 @@ namespace Jellyfin.Api.Controllers
private readonly IDeviceManager _deviceManager;
private readonly IAuthorizationContext _authContext;
private readonly IServerConfigurationManager _config;
private readonly ILogger _logger;
/// <summary>
/// Initializes a new instance of the <see cref="UserController"/> class.
@ -46,13 +48,15 @@ namespace Jellyfin.Api.Controllers
/// <param name="deviceManager">Instance of the <see cref="IDeviceManager"/> interface.</param>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="config">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
/// <param name="logger">Instance of the <see cref="ILogger"/> interface.</param>
public UserController(
IUserManager userManager,
ISessionManager sessionManager,
INetworkManager networkManager,
IDeviceManager deviceManager,
IAuthorizationContext authContext,
IServerConfigurationManager config)
IServerConfigurationManager config,
ILogger<UserController> logger)
{
_userManager = userManager;
_sessionManager = sessionManager;
@ -60,6 +64,7 @@ namespace Jellyfin.Api.Controllers
_deviceManager = deviceManager;
_authContext = authContext;
_config = config;
_logger = logger;
}
/// <summary>
@ -118,7 +123,7 @@ namespace Jellyfin.Api.Controllers
return NotFound("User not found");
}
var result = _userManager.GetUserDto(user, HttpContext.GetNormalizedRemoteIp());
var result = _userManager.GetUserDto(user, HttpContext.GetNormalizedRemoteIp().ToString());
return result;
}
@ -204,7 +209,7 @@ namespace Jellyfin.Api.Controllers
DeviceName = auth.Device,
Password = request.Pw,
PasswordSha1 = request.Password,
RemoteEndPoint = HttpContext.GetNormalizedRemoteIp(),
RemoteEndPoint = HttpContext.GetNormalizedRemoteIp().ToString(),
Username = request.Username
}).ConfigureAwait(false);
@ -291,7 +296,7 @@ namespace Jellyfin.Api.Controllers
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp(),
HttpContext.GetNormalizedRemoteIp().ToString(),
false).ConfigureAwait(false);
if (success == null)
@ -483,7 +488,7 @@ namespace Jellyfin.Api.Controllers
await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
}
var result = _userManager.GetUserDto(newUser, HttpContext.GetNormalizedRemoteIp());
var result = _userManager.GetUserDto(newUser, HttpContext.GetNormalizedRemoteIp().ToString());
return result;
}
@ -498,8 +503,14 @@ namespace Jellyfin.Api.Controllers
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<ForgotPasswordResult>> ForgotPassword([FromBody, Required] ForgotPasswordDto forgotPasswordRequest)
{
var ip = HttpContext.GetNormalizedRemoteIp();
var isLocal = HttpContext.IsLocal()
|| _networkManager.IsInLocalNetwork(HttpContext.GetNormalizedRemoteIp());
|| _networkManager.IsInLocalNetwork(ip);
if (isLocal)
{
_logger.LogWarning("Password reset proccess initiated from outside the local network with IP: {IP}", ip);
}
var result = await _userManager.StartForgotPasswordProcess(forgotPasswordRequest.EnteredUsername, isLocal).ConfigureAwait(false);
@ -581,7 +592,7 @@ namespace Jellyfin.Api.Controllers
var result = users
.OrderBy(u => u.Username)
.Select(i => _userManager.GetUserDto(i, HttpContext.GetNormalizedRemoteIp()));
.Select(i => _userManager.GetUserDto(i, HttpContext.GetNormalizedRemoteIp().ToString()));
return result;
}

View File

@ -434,7 +434,7 @@ namespace Jellyfin.Api.Helpers
}
}
private bool EnableAdaptiveBitrateStreaming(StreamState state, bool isLiveStream, bool enableAdaptiveBitrateStreaming, string ipAddress)
private bool EnableAdaptiveBitrateStreaming(StreamState state, bool isLiveStream, bool enableAdaptiveBitrateStreaming, IPAddress ipAddress)
{
// Within the local network this will likely do more harm than good.
if (_networkManager.IsInLocalNetwork(ipAddress))

View File

@ -1,6 +1,7 @@
using System;
using System.Globalization;
using System.Linq;
using System.Net;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
@ -179,7 +180,7 @@ namespace Jellyfin.Api.Helpers
bool enableTranscoding,
bool allowVideoStreamCopy,
bool allowAudioStreamCopy,
string ipAddress)
IPAddress ipAddress)
{
var streamBuilder = new StreamBuilder(_mediaEncoder, _logger);
@ -551,7 +552,7 @@ namespace Jellyfin.Api.Helpers
}
}
private int? GetMaxBitrate(int? clientMaxBitrate, User user, string ipAddress)
private int? GetMaxBitrate(int? clientMaxBitrate, User user, IPAddress ipAddress)
{
var maxBitrate = clientMaxBitrate;
var remoteClientMaxBitrate = user.RemoteClientBitrateLimit ?? 0;

View File

@ -84,7 +84,7 @@ namespace Jellyfin.Api.Helpers
authorization.Version,
authorization.DeviceId,
authorization.Device,
request.HttpContext.GetNormalizedRemoteIp(),
request.HttpContext.GetNormalizedRemoteIp().ToString(),
user);
if (session == null)

View File

@ -25,7 +25,7 @@ namespace MediaBrowser.Common.Extensions
/// </summary>
/// <param name="context">The HTTP context.</param>
/// <returns>The remote caller IP address.</returns>
public static string GetNormalizedRemoteIp(this HttpContext context)
public static IPAddress GetNormalizedRemoteIp(this HttpContext context)
{
// Default to the loopback address if no RemoteIpAddress is specified (i.e. during integration tests)
var ip = context.Connection.RemoteIpAddress ?? IPAddress.Loopback;
@ -35,7 +35,7 @@ namespace MediaBrowser.Common.Extensions
ip = ip.MapToIPv4();
}
return ip.ToString();
return ip;
}
}
}

View File

@ -1,4 +1,5 @@
using System.Collections.Generic;
using System.Net;
using System.Threading.Tasks;
using AutoFixture;
using AutoFixture.AutoMoq;
@ -41,7 +42,7 @@ namespace Jellyfin.Api.Tests.Auth.LocalAccessPolicy
public async Task LocalAccessOnly(bool isInLocalNetwork, bool shouldSucceed)
{
_networkManagerMock
.Setup(n => n.IsInLocalNetwork(It.IsAny<string>()))
.Setup(n => n.IsInLocalNetwork(It.IsAny<IPAddress>()))
.Returns(isInLocalNetwork);
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);

View File

@ -0,0 +1,63 @@
using System.Net;
using Jellyfin.Networking.Configuration;
using Jellyfin.Networking.Manager;
using Microsoft.Extensions.Logging.Abstractions;
using Xunit;
namespace Jellyfin.Networking.Tests
{
public class NetworkManagerTests
{
/// <summary>
/// Checks that the given IP address is in the specified network(s).
/// </summary>
/// <param name="network">Network address(es).</param>
/// <param name="value">The IP to check.</param>
[Theory]
[InlineData("192.168.2.1/24", "192.168.2.123")]
[InlineData("192.168.2.1/24, !192.168.2.122/32", "192.168.2.123")]
[InlineData("fd23:184f:2029:0::/56", "fd23:184f:2029:0:3139:7386:67d7:d517")]
[InlineData("fd23:184f:2029:0::/56, !fd23:184f:2029:0:3139:7386:67d7:d518/128", "fd23:184f:2029:0:3139:7386:67d7:d517")]
public void InNetwork_True_Success(string network, string value)
{
var ip = IPAddress.Parse(value);
var conf = new NetworkConfiguration()
{
EnableIPV6 = true,
EnableIPV4 = true,
LocalNetworkSubnets = network.Split(',')
};
using var networkManager = new NetworkManager(NetworkParseTests.GetMockConfig(conf), new NullLogger<NetworkManager>());
Assert.True(networkManager.IsInLocalNetwork(ip));
}
/// <summary>
/// Checks that thge given IP address is not in the network provided.
/// </summary>
/// <param name="network">Network address(es).</param>
/// <param name="value">The IP to check.</param>
[Theory]
[InlineData("192.168.10.0/24", "192.168.11.1")]
[InlineData("192.168.10.0/24, !192.168.10.60/32", "192.168.10.60")]
[InlineData("192.168.10.0/24", "fd23:184f:2029:0:3139:7386:67d7:d517")]
[InlineData("fd23:184f:2029:0::/56", "fd24:184f:2029:0:3139:7386:67d7:d517")]
[InlineData("fd23:184f:2029:0::/56, !fd23:184f:2029:0:3139:7386:67d7:d500/120", "fd23:184f:2029:0:3139:7386:67d7:d517")]
[InlineData("fd23:184f:2029:0::/56", "192.168.10.60")]
public void InNetwork_False_Success(string network, string value)
{
var ip = IPAddress.Parse(value);
var conf = new NetworkConfiguration()
{
EnableIPV6 = true,
EnableIPV4 = true,
LocalNetworkSubnets = network.Split(',')
};
using var nm = new NetworkManager(NetworkParseTests.GetMockConfig(conf), new NullLogger<NetworkManager>());
Assert.False(nm.IsInLocalNetwork(ip));
}
}
}

View File

@ -13,7 +13,7 @@ namespace Jellyfin.Networking.Tests
{
public class NetworkParseTests
{
private static IConfigurationManager GetMockConfig(NetworkConfiguration conf)
internal static IConfigurationManager GetMockConfig(NetworkConfiguration conf)
{
var configManager = new Mock<IConfigurationManager>
{
@ -54,32 +54,6 @@ namespace Jellyfin.Networking.Tests
Assert.Equal(nm.GetInternalBindAddresses().AsString(), value);
}
/// <summary>
/// Check that the value given is in the network provided.
/// </summary>
/// <param name="network">Network address.</param>
/// <param name="value">Value to check.</param>
[Theory]
[InlineData("192.168.10.0/24, !192.168.10.60/32", "192.168.10.60")]
public void IsInNetwork(string network, string value)
{
if (network == null)
{
throw new ArgumentNullException(nameof(network));
}
var conf = new NetworkConfiguration()
{
EnableIPV6 = true,
EnableIPV4 = true,
LocalNetworkSubnets = network.Split(',')
};
using var nm = new NetworkManager(GetMockConfig(conf), new NullLogger<NetworkManager>());
Assert.False(nm.IsInLocalNetwork(value));
}
/// <summary>
/// Checks IP address formats.
/// </summary>