Apply fixes from review

This commit is contained in:
crobibero 2020-08-06 17:59:48 -06:00
parent fffa94fc33
commit 05f9473544
12 changed files with 38 additions and 32 deletions

View File

@ -6,23 +6,23 @@ using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy
namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
{
/// <summary>
/// Escape schedule controls handler.
/// Ignore parental control schedule and allow before startup wizard has been completed.
/// </summary>
public class IgnoreParentalControlOrFirstTimeSetupHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
public class FirstTimeOrIgnoreParentalControlSetupHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
{
private readonly IConfigurationManager _configurationManager;
/// <summary>
/// Initializes a new instance of the <see cref="IgnoreParentalControlOrFirstTimeSetupHandler"/> class.
/// Initializes a new instance of the <see cref="FirstTimeOrIgnoreParentalControlSetupHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
public IgnoreParentalControlOrFirstTimeSetupHandler(
public FirstTimeOrIgnoreParentalControlSetupHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor,
@ -35,8 +35,14 @@ namespace Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
{
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
var validated = ValidateClaims(context.User, ignoreSchedule: true);
if (validated || !_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
if (validated)
{
context.Succeed(requirement);
}

View File

@ -0,0 +1,11 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
{
/// <summary>
/// First time setup or ignore parental controls requirement.
/// </summary>
public class FirstTimeOrIgnoreParentalControlSetupRequirement : IAuthorizationRequirement
{
}
}

View File

@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
{
/// <summary>
/// Authorization handler for requiring first time setup or elevated privileges.
/// Authorization handler for requiring first time setup or default privileges.
/// </summary>
public class FirstTimeSetupOrDefaultHandler : BaseAuthorizationHandler<FirstTimeSetupOrDefaultRequirement>
{
@ -32,18 +32,18 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement firstTimeSetupOrElevatedRequirement)
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement firstTimeSetupOrDefaultRequirement)
{
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{
context.Succeed(firstTimeSetupOrElevatedRequirement);
context.Succeed(firstTimeSetupOrDefaultRequirement);
return Task.CompletedTask;
}
var validated = ValidateClaims(context.User);
if (validated)
{
context.Succeed(firstTimeSetupOrElevatedRequirement);
context.Succeed(firstTimeSetupOrDefaultRequirement);
}
else
{

View File

@ -3,7 +3,7 @@ using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
{
/// <summary>
/// The authorization requirement, requiring incomplete first time setup or elevated privileges, for the authorization handler.
/// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
/// </summary>
public class FirstTimeSetupOrDefaultRequirement : IAuthorizationRequirement
{

View File

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy
{
/// <summary>
/// Escape schedule controls requirement.
/// </summary>
public class IgnoreParentalControlOrFirstTimeSetupRequirement : IAuthorizationRequirement
{
}
}

View File

@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
{
/// <summary>
/// Local access handler.
/// Local access or require elevated privileges handler.
/// </summary>
public class LocalAccessOrRequiresElevationHandler : BaseAuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
{
@ -30,7 +30,6 @@ namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
{
var validated = ValidateClaims(context.User, localAccessOnly: true);
if (validated || context.User.IsInRole(UserRoles.Administrator))
{
context.Succeed(requirement);

View File

@ -3,7 +3,7 @@
namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
{
/// <summary>
/// The local access authorization requirement.
/// The local access or elevated privileges authorization requirement.
/// </summary>
public class LocalAccessOrRequiresElevationRequirement : IAuthorizationRequirement
{

View File

@ -48,6 +48,6 @@ namespace Jellyfin.Api.Constants
/// <summary>
/// Policy name for escaping schedule controls or requiring first time setup.
/// </summary>
public const string IgnoreParentalControlOrFirstTimeSetup = "IgnoreParentalControlOrFirstTimeSetup";
public const string FirstTimeSetupOrIgnoreParentalControl = "FirstTimeSetupOrIgnoreParentalControl";
}
}

View File

@ -131,6 +131,7 @@ namespace Jellyfin.Api.Controllers
/// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Users/{userId}/Images/{itemType}")]
[HttpDelete("Users/{userId}/Images/{itemType}/{index?}", Name = "DeleteUserImage_2")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
[ProducesResponseType(StatusCodes.Status204NoContent)]

View File

@ -59,7 +59,7 @@ namespace Jellyfin.Api.Controllers
/// <response code="200">Information retrieved.</response>
/// <returns>A <see cref="SystemInfo"/> with info about the system.</returns>
[HttpGet("Info")]
[Authorize(Policy = Policies.IgnoreParentalControlOrFirstTimeSetup)]
[Authorize(Policy = Policies.FirstTimeSetupOrIgnoreParentalControl)]
[ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<SystemInfo>> GetSystemInfo()
{

View File

@ -8,7 +8,7 @@ namespace Jellyfin.Api.Models.StartupDtos
/// <summary>
/// Gets or sets UI language culture.
/// </summary>
public string UICulture { get; set; } = null!;
public string? UICulture { get; set; }
/// <summary>
/// Gets or sets the metadata country code.

View File

@ -7,9 +7,9 @@ using Jellyfin.Api;
using Jellyfin.Api.Auth;
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Auth.DownloadPolicy;
using Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
using Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy;
using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
using Jellyfin.Api.Auth.LocalAccessPolicy;
@ -47,7 +47,7 @@ namespace Jellyfin.Server.Extensions
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrDefaultHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlOrFirstTimeSetupHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeOrIgnoreParentalControlSetupHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
@ -89,11 +89,11 @@ namespace Jellyfin.Server.Extensions
policy.AddRequirements(new IgnoreParentalControlRequirement());
});
options.AddPolicy(
Policies.IgnoreParentalControlOrFirstTimeSetup,
Policies.FirstTimeSetupOrIgnoreParentalControl,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new IgnoreParentalControlOrFirstTimeSetupRequirement());
policy.AddRequirements(new FirstTimeOrIgnoreParentalControlSetupRequirement());
});
options.AddPolicy(
Policies.LocalAccessOnly,