michael.heier/jellyfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add quick connect

Browse Source
This commit is contained in:
ConfusedPolarBear 2020-04-15 14:28:42 -05:00
parent d7df890017
commit 36f3e933a2
11 changed files with 682 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CONTRIBUTORS.md
View File

@ -15,6 +15,7 @@
- [bugfixin](https://github.com/bugfixin) - [bugfixin](https://github.com/bugfixin)
- [chaosinnovator](https://github.com/chaosinnovator) - [chaosinnovator](https://github.com/chaosinnovator)
- [ckcr4lyf](https://github.com/ckcr4lyf) - [ckcr4lyf](https://github.com/ckcr4lyf)
- [ConfusedPolarBear](https://github.com/ConfusedPolarBear)
- [crankdoofus](https://github.com/crankdoofus) - [crankdoofus](https://github.com/crankdoofus)
- [crobibero](https://github.com/crobibero) - [crobibero](https://github.com/crobibero)
- [cromefire](https://github.com/cromefire) - [cromefire](https://github.com/cromefire)

3
Emby.Server.Implementations/ApplicationHost.cs
View File

@ -74,6 +74,7 @@ using MediaBrowser.Controller.Persistence;
using MediaBrowser.Controller.Playlists; using MediaBrowser.Controller.Playlists;
using MediaBrowser.Controller.Plugins; using MediaBrowser.Controller.Plugins;
using MediaBrowser.Controller.Providers; using MediaBrowser.Controller.Providers;
using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Controller.Resolvers; using MediaBrowser.Controller.Resolvers;
using MediaBrowser.Controller.Security; using MediaBrowser.Controller.Security;
using MediaBrowser.Controller.Session; using MediaBrowser.Controller.Session;
@ -857,6 +858,8 @@ namespace Emby.Server.Implementations
serviceCollection.AddSingleton(typeof(IAttachmentExtractor), typeof(MediaBrowser.MediaEncoding.Attachments.AttachmentExtractor)); serviceCollection.AddSingleton(typeof(IAttachmentExtractor), typeof(MediaBrowser.MediaEncoding.Attachments.AttachmentExtractor));
serviceCollection.AddSingleton(typeof(IQuickConnect), typeof(QuickConnect.QuickConnectManager));
_displayPreferencesRepository.Initialize(); _displayPreferencesRepository.Initialize();
var userDataRepo = new SqliteUserDataRepository(LoggerFactory.CreateLogger<SqliteUserDataRepository>(), ApplicationPaths); var userDataRepo = new SqliteUserDataRepository(LoggerFactory.CreateLogger<SqliteUserDataRepository>(), ApplicationPaths);

262
Emby.Server.Implementations/QuickConnect/QuickConnectManager.cs Normal file
View File

@ -0,0 +1,262 @@
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Security.Cryptography;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Controller.Security;
using MediaBrowser.Model.Globalization;
using MediaBrowser.Model.QuickConnect;
using MediaBrowser.Model.Serialization;
using MediaBrowser.Model.Services;
using Microsoft.Extensions.Logging;
namespace Emby.Server.Implementations.QuickConnect
{
/// <summary>
/// Quick connect implementation.
/// </summary>
public class QuickConnectManager : IQuickConnect
{
private readonly RNGCryptoServiceProvider _rng = new RNGCryptoServiceProvider();
private Dictionary<string, QuickConnectResult> _currentRequests = new Dictionary<string, QuickConnectResult>();
private ILogger _logger;
private IUserManager _userManager;
private ILocalizationManager _localizationManager;
private IJsonSerializer _jsonSerializer;
private IAuthenticationRepository _authenticationRepository;
private IAuthorizationContext _authContext;
private IServerApplicationHost _appHost;
/// <summary>
/// Initializes a new instance of the <see cref="QuickConnectManager"/> class.
/// Should only be called at server startup when a singleton is created.
/// </summary>
/// <param name="loggerFactory">Logger.</param>
/// <param name="userManager">User manager.</param>
/// <param name="localization">Localization.</param>
/// <param name="jsonSerializer">JSON serializer.</param>
/// <param name="appHost">Application host.</param>
/// <param name="authContext">Authentication context.</param>
/// <param name="authenticationRepository">Authentication repository.</param>
public QuickConnectManager(
ILoggerFactory loggerFactory,
IUserManager userManager,
ILocalizationManager localization,
IJsonSerializer jsonSerializer,
IServerApplicationHost appHost,
IAuthorizationContext authContext,
IAuthenticationRepository authenticationRepository)
{
_logger = loggerFactory.CreateLogger(nameof(QuickConnectManager));
_userManager = userManager;
_localizationManager = localization;
_jsonSerializer = jsonSerializer;
_appHost = appHost;
_authContext = authContext;
_authenticationRepository = authenticationRepository;
}
/// <inheritdoc/>
public int CodeLength { get; set; } = 6;
/// <inheritdoc/>
public string TokenNamePrefix { get; set; } = "QuickConnect-";
/// <inheritdoc/>
public QuickConnectState State { get; private set; } = QuickConnectState.Unavailable;
/// <inheritdoc/>
public int RequestExpiry { get; set; } = 30;
/// <inheritdoc/>
public void AssertActive()
{
if (State != QuickConnectState.Active)
{
throw new InvalidOperationException("Quick connect is not active on this server");
}
}
/// <inheritdoc/>
public void SetEnabled(QuickConnectState newState)
{
_logger.LogDebug("Changed quick connect state from {0} to {1}", State, newState);
State = newState;
}
/// <inheritdoc/>
public QuickConnectResult TryConnect(string friendlyName)
{
if (State != QuickConnectState.Active)
{
_logger.LogDebug("Refusing quick connect initiation request, current state is {0}", State);
return new QuickConnectResult()
{
Error = "Quick connect is not active on this server"
};
}
_logger.LogDebug("Got new quick connect request from {friendlyName}", friendlyName);
var lookup = GenerateSecureRandom();
var result = new QuickConnectResult()
{
Lookup = lookup,
Secret = GenerateSecureRandom(),
FriendlyName = friendlyName,
DateAdded = DateTime.Now,
Code = GenerateCode()
};
_currentRequests[lookup] = result;
return result;
}
/// <inheritdoc/>
public QuickConnectResult CheckRequestStatus(string secret)
{
AssertActive();
ExpireRequests();
string lookup = _currentRequests.Where(x => x.Value.Secret == secret).Select(x => x.Value.Lookup).DefaultIfEmpty(string.Empty).First();
_logger.LogDebug("Transformed private identifier {0} into public lookup {1}", secret, lookup);
if (!_currentRequests.ContainsKey(lookup))
{
throw new KeyNotFoundException("Unable to find request with provided identifier");
}
return _currentRequests[lookup];
}
/// <inheritdoc/>
public List<QuickConnectResultDto> GetCurrentRequests()
{
return GetCurrentRequestsInternal().Select(x => (QuickConnectResultDto)x).ToList();
}
/// <inheritdoc/>
public List<QuickConnectResult> GetCurrentRequestsInternal()
{
AssertActive();
ExpireRequests();
return _currentRequests.Values.ToList();
}
/// <inheritdoc/>
public string GenerateCode()
{
// TODO: output may be biased
int min = (int)Math.Pow(10, CodeLength - 1);
int max = (int)Math.Pow(10, CodeLength);
uint scale = uint.MaxValue;
while (scale == uint.MaxValue)
{
byte[] raw = new byte[4];
_rng.GetBytes(raw);
scale = BitConverter.ToUInt32(raw, 0);
}
int code = (int)(min + (max - min) * (scale / (double)uint.MaxValue));
return code.ToString(CultureInfo.InvariantCulture);
}
/// <inheritdoc/>
public bool AuthorizeRequest(IRequest request, string lookup)
{
AssertActive();
var auth = _authContext.GetAuthorizationInfo(request);
ExpireRequests();
if (!_currentRequests.ContainsKey(lookup))
{
throw new KeyNotFoundException("Unable to find request");
}
QuickConnectResult result = _currentRequests[lookup];
if (result.Authenticated)
{
throw new InvalidOperationException("Request is already authorized");
}
result.Authentication = Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture);
// Advance the time on the request so it expires sooner as the client will pick up the changes in a few seconds
result.DateAdded = result.DateAdded.Subtract(new TimeSpan(0, RequestExpiry - 1, 0));
_authenticationRepository.Create(new AuthenticationInfo
{
AppName = TokenNamePrefix + result.FriendlyName,
AccessToken = result.Authentication,
DateCreated = DateTime.UtcNow,
DeviceId = _appHost.SystemId,
DeviceName = _appHost.FriendlyName,
AppVersion = _appHost.ApplicationVersionString,
UserId = auth.UserId
});
return true;
}
/// <inheritdoc/>
public int DeleteAllDevices(Guid user)
{
var raw = _authenticationRepository.Get(new AuthenticationInfoQuery()
{
DeviceId = _appHost.SystemId,
UserId = user
});
var tokens = raw.Items.Where(x => x.AppName.StartsWith(TokenNamePrefix, StringComparison.CurrentCulture));
foreach (var token in tokens)
{
_authenticationRepository.Delete(token);
_logger.LogDebug("Deleted token {0}", token.AccessToken);
}
return tokens.Count();
}
private string GenerateSecureRandom(int length = 32)
{
var bytes = new byte[length];
_rng.GetBytes(bytes);
return string.Join(string.Empty, bytes.Select(x => x.ToString("x2", CultureInfo.InvariantCulture)));
}
private void ExpireRequests()
{
var delete = new List<string>();
var values = _currentRequests.Values.ToList();
for (int i = 0; i < _currentRequests.Count; i++)
{
if (DateTime.Now > values[i].DateAdded.AddMinutes(RequestExpiry))
{
delete.Add(values[i].Lookup);
}
}
foreach (var lookup in delete)
{
_logger.LogDebug("Removing expired request {0}", lookup);
_currentRequests.Remove(lookup);
}
}
}
}

18
Emby.Server.Implementations/Session/SessionManager.cs
View File

@ -1386,6 +1386,24 @@ namespace Emby.Server.Implementations.Session
return AuthenticateNewSessionInternal(request, false); return AuthenticateNewSessionInternal(request, false);
} }
public Task<AuthenticationResult> AuthenticateQuickConnect(AuthenticationRequest request, string token)
{
var result = _authRepo.Get(new AuthenticationInfoQuery()
{
AccessToken = token,
DeviceId = _appHost.SystemId,
Limit = 1
});
if(result.TotalRecordCount < 1)
{
throw new SecurityException("Unknown quick connect token");
}
request.UserId = result.Items[0].UserId;
return AuthenticateNewSessionInternal(request, false);
}
private async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword) private async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
{ {
CheckDisposed(); CheckDisposed();

145
MediaBrowser.Api/QuickConnect/QuickConnectService.cs Normal file
View File

@ -0,0 +1,145 @@
using System;
using System.Collections.Generic;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Model.QuickConnect;
using MediaBrowser.Model.Services;
using Microsoft.Extensions.Logging;
namespace MediaBrowser.Api.QuickConnect
{
[Route("/QuickConnect/Initiate", "GET", Summary = "Requests a new quick connect code")]
public class Initiate : IReturn<QuickConnectResult>
{
[ApiMember(Name = "FriendlyName", Description = "Device friendly name", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
public string FriendlyName { get; set; }
}
[Route("/QuickConnect/Connect", "GET", Summary = "Attempts to retrieve authentication information")]
public class Connect : IReturn<QuickConnectResult>
{
[ApiMember(Name = "Secret", Description = "Quick connect secret", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
public string Secret { get; set; }
}
[Route("/QuickConnect/List", "GET", Summary = "Lists all quick connect requests")]
[Authenticated]
public class QuickConnectList : IReturn<List<QuickConnectResultDto>>
{
}
[Route("/QuickConnect/Authorize", "POST", Summary = "Authorizes a pending quick connect request")]
[Authenticated]
public class Authorize : IReturn<QuickConnectResultDto>
{
[ApiMember(Name = "Lookup", Description = "Quick connect public lookup", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
public string Lookup { get; set; }
}
[Route("/QuickConnect/Deauthorize", "POST", Summary = "Deletes all quick connect authorization tokens for the current user")]
[Authenticated]
public class Deauthorize : IReturn<int>
{
[ApiMember(Name = "UserId", Description = "User Id", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
public Guid UserId { get; set; }
}
[Route("/QuickConnect/Status", "GET", Summary = "Gets the current quick connect state")]
public class QuickConnectStatus : IReturn<QuickConnectResult>
{
}
[Route("/QuickConnect/Available", "POST", Summary = "Enables or disables quick connect")]
[Authenticated(Roles = "Admin")]
public class Available : IReturn<QuickConnectState>
{
[ApiMember(Name = "Status", Description = "New quick connect status", IsRequired = false, DataType = "QuickConnectState", ParameterType = "query", Verb = "GET")]
public QuickConnectState Status { get; set; }
}
[Route("/QuickConnect/Activate", "POST", Summary = "Temporarily activates quick connect for the time period defined in the server configuration")]
[Authenticated]
public class Activate : IReturn<QuickConnectState>
{
}
public class QuickConnectService : BaseApiService
{
private IQuickConnect _quickConnect;
private IUserManager _userManager;
private IAuthorizationContext _authContext;
public QuickConnectService(
ILogger<QuickConnectService> logger,
IServerConfigurationManager serverConfigurationManager,
IHttpResultFactory httpResultFactory,
IUserManager userManager,
IAuthorizationContext authContext,
IQuickConnect quickConnect)
: base(logger, serverConfigurationManager, httpResultFactory)
{
_userManager = userManager;
_quickConnect = quickConnect;
_authContext = authContext;
}
public object Get(Initiate request)
{
return _quickConnect.TryConnect(request.FriendlyName);
}
public object Get(Connect request)
{
return _quickConnect.CheckRequestStatus(request.Secret);
}
public object Get(QuickConnectList request)
{
return _quickConnect.GetCurrentRequests();
}
public object Get(QuickConnectStatus request)
{
return _quickConnect.State;
}
public object Post(Deauthorize request)
{
AssertCanUpdateUser(_authContext, _userManager, request.UserId, true);
return _quickConnect.DeleteAllDevices(request.UserId);
}
public object Post(Authorize request)
{
bool result = _quickConnect.AuthorizeRequest(Request, request.Lookup);
Logger.LogInformation("Result of authorizing quick connect {0}: {1}", request.Lookup[..10], result);
return result;
}
public object Post(Activate request)
{
if (_quickConnect.State == QuickConnectState.Available)
{
_quickConnect.SetEnabled(QuickConnectState.Active);
string name = _authContext.GetAuthorizationInfo(Request).User.Name;
Logger.LogInformation("{name} enabled quick connect", name);
}
return _quickConnect.State;
}
public object Post(Available request)
{
_quickConnect.SetEnabled(request.Status);
return _quickConnect.State;
}
}
}

34
MediaBrowser.Api/UserService.cs
View File

@ -117,6 +117,17 @@ namespace MediaBrowser.Api
public string Pw { get; set; } public string Pw { get; set; }
} }
[Route("/Users/AuthenticateWithQuickConnect", "POST", Summary = "Authenticates a user")]
public class AuthenticateUserQuickConnect : IReturn<AuthenticationResult>
{
/// <summary>
/// Gets or sets the token.
/// </summary>
/// <value>The token</value>
[ApiMember(Name = "Token", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
public string Token { get; set; }
}
/// <summary> /// <summary>
/// Class UpdateUserPassword /// Class UpdateUserPassword
/// </summary> /// </summary>
@ -430,6 +441,29 @@ namespace MediaBrowser.Api
} }
} }
public async Task<object> Post(AuthenticateUserQuickConnect request)
{
var auth = _authContext.GetAuthorizationInfo(Request);
try
{
var result = await _sessionMananger.AuthenticateQuickConnect(new AuthenticationRequest
{
App = auth.Client,
AppVersion = auth.Version,
DeviceId = auth.DeviceId,
DeviceName = auth.Device
}, request.Token).ConfigureAwait(false);
return ToOptimizedResult(result);
}
catch (SecurityException e)
{
// rethrow adding IP address to message
throw new SecurityException($"[{Request.RemoteIp}] {e.Message}");
}
}
/// <summary> /// <summary>
/// Posts the specified request. /// Posts the specified request.
/// </summary> /// </summary>

91
MediaBrowser.Controller/QuickConnect/IQuickConnect.cs Normal file
View File

@ -0,0 +1,91 @@
using System;
using System.Collections.Generic;
using MediaBrowser.Model.QuickConnect;
using MediaBrowser.Model.Services;
namespace MediaBrowser.Controller.QuickConnect
{
/// <summary>
/// Quick connect standard interface.
/// </summary>
public interface IQuickConnect
{
/// <summary>
/// Gets or sets the length of user facing codes.
/// </summary>
public int CodeLength { get; set; }
/// <summary>
/// Gets or sets the string to prefix internal access tokens with.
/// </summary>
public string TokenNamePrefix { get; set; }
/// <summary>
/// Gets the current state of quick connect.
/// </summary>
public QuickConnectState State { get; }
/// <summary>
/// Gets or sets the time (in minutes) before a pending request will expire.
/// </summary>
public int RequestExpiry { get; set; }
/// <summary>
/// Assert that quick connect is currently active and throws an exception if it is not.
/// </summary>
void AssertActive();
/// <summary>
/// Changes the status of quick connect.
/// </summary>
/// <param name="newState">New state to change to</param>
void SetEnabled(QuickConnectState newState);
/// <summary>
/// Initiates a new quick connect request.
/// </summary>
/// <param name="friendlyName">Friendly device name to display in the request UI.</param>
/// <returns>A quick connect result with tokens to proceed or a descriptive error message otherwise.</returns>
QuickConnectResult TryConnect(string friendlyName);
/// <summary>
/// Checks the status of an individual request.
/// </summary>
/// <param name="secret">Unique secret identifier of the request.</param>
/// <returns>Quick connect result.</returns>
QuickConnectResult CheckRequestStatus(string secret);
/// <summary>
/// Returns all current quick connect requests as DTOs. Does not include sensitive information.
/// </summary>
/// <returns>List of all quick connect results.</returns>
List<QuickConnectResultDto> GetCurrentRequests();
/// <summary>
/// Returns all current quick connect requests (including sensitive information).
/// </summary>
/// <returns>List of all quick connect results.</returns>
List<QuickConnectResult> GetCurrentRequestsInternal();
/// <summary>
/// Authorizes a quick connect request to connect as the calling user.
/// </summary>
/// <param name="request">HTTP request object.</param>
/// <param name="lookup">Public request lookup value.</param>
/// <returns>A boolean indicating if the authorization completed successfully.</returns>
bool AuthorizeRequest(IRequest request, string lookup);
/// <summary>
/// Deletes all quick connect access tokens for the provided user.
/// </summary>
/// <param name="user">Guid of the user to delete tokens for.</param>
/// <returns>A count of the deleted tokens.</returns>
int DeleteAllDevices(Guid user);
/// <summary>
/// Generates a short code to display to the user to uniquely identify this request.
/// </summary>
/// <returns>A short, unique alphanumeric string.</returns>
string GenerateCode();
}
}

2
MediaBrowser.Controller/Session/ISessionManager.cs
View File

@ -246,6 +246,8 @@ namespace MediaBrowser.Controller.Session
/// <returns>Task{SessionInfo}.</returns> /// <returns>Task{SessionInfo}.</returns>
Task<AuthenticationResult> AuthenticateNewSession(AuthenticationRequest request); Task<AuthenticationResult> AuthenticateNewSession(AuthenticationRequest request);
public Task<AuthenticationResult> AuthenticateQuickConnect(AuthenticationRequest request, string token);
/// <summary> /// <summary>
/// Creates the new session. /// Creates the new session.
/// </summary> /// </summary>

50
MediaBrowser.Model/QuickConnect/QuickConnectResult.cs Normal file
View File

@ -0,0 +1,50 @@
using System;
namespace MediaBrowser.Model.QuickConnect
{
/// <summary>
/// Stores the result of an incoming quick connect request.
/// </summary>
public class QuickConnectResult
{
/// <summary>
/// Gets a value indicating whether this request is authorized.
/// </summary>
public bool Authenticated => !string.IsNullOrEmpty(Authentication);
/// <summary>
/// Gets or sets the secret value used to uniquely identify this request. Can be used to retrieve authentication information.
/// </summary>
public string Secret { get; set; }
/// <summary>
/// Gets or sets the public value used to uniquely identify this request. Can only be used to authorize the request.
/// </summary>
public string Lookup { get; set; }
/// <summary>
/// Gets or sets the user facing code used so the user can quickly differentiate this request from others.
/// </summary>
public string Code { get; set; }
/// <summary>
/// Gets or sets the device friendly name.
/// </summary>
public string FriendlyName { get; set; }
/// <summary>
/// Gets or sets the private access token.
/// </summary>
public string Authentication { get; set; }
/// <summary>
/// Gets or sets an error message.
/// </summary>
public string Error { get; set; }
/// <summary>
/// Gets or sets the DateTime that this request was created.
/// </summary>
public DateTime DateAdded { get; set; }
}
}

53
MediaBrowser.Model/QuickConnect/QuickConnectResultDto.cs Normal file
View File

@ -0,0 +1,53 @@
using System;
namespace MediaBrowser.Model.QuickConnect
{
/// <summary>
/// Stores the non-sensitive results of an incoming quick connect request.
/// </summary>
public class QuickConnectResultDto
{
/// <summary>
/// Gets a value indicating whether this request is authorized.
/// </summary>
public bool Authenticated { get; private set; }
/// <summary>
/// Gets the user facing code used so the user can quickly differentiate this request from others.
/// </summary>
public string Code { get; private set; }
/// <summary>
/// Gets the public value used to uniquely identify this request. Can only be used to authorize the request.
/// </summary>
public string Lookup { get; private set; }
/// <summary>
/// Gets the device friendly name.
/// </summary>
public string FriendlyName { get; private set; }
/// <summary>
/// Gets the DateTime that this request was created.
/// </summary>
public DateTime DateAdded { get; private set; }
/// <summary>
/// Cast an internal quick connect result to a DTO by removing all sensitive properties.
/// </summary>
/// <param name="result">QuickConnectResult object to cast</param>
public static implicit operator QuickConnectResultDto(QuickConnectResult result)
{
QuickConnectResultDto resultDto = new QuickConnectResultDto
{
Authenticated = result.Authenticated,
Code = result.Code,
FriendlyName = result.FriendlyName,
DateAdded = result.DateAdded,
Lookup = result.Lookup
};
return resultDto;
}
}
}

23
MediaBrowser.Model/QuickConnect/QuickConnectState.cs Normal file
View File

@ -0,0 +1,23 @@
namespace MediaBrowser.Model.QuickConnect
{
/// <summary>
/// Quick connect state.
/// </summary>
public enum QuickConnectState
{
/// <summary>
/// This feature has not been opted into and is unavailable until the server administrator chooses to opt-in.
/// </summary>
Unavailable,
/// <summary>
/// The feature is enabled for use on the server but is not currently accepting connection requests.
/// </summary>
Available,
/// <summary>
/// The feature is actively accepting connection requests.
/// </summary>
Active
}
}