diff --git a/Jellyfin.Api/Controllers/ActivityLogController.cs b/Jellyfin.Api/Controllers/ActivityLogController.cs
index 4ae7cf506..ec50fb022 100644
--- a/Jellyfin.Api/Controllers/ActivityLogController.cs
+++ b/Jellyfin.Api/Controllers/ActivityLogController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
using System;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities;
@@ -41,6 +40,7 @@ namespace Jellyfin.Api.Controllers
/// A containing the log entries.
[HttpGet("Entries")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "hasUserId", Justification = "Imported from ServiceStack")]
public ActionResult> GetLogEntries(
[FromQuery] int? startIndex,
[FromQuery] int? limit,
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
new file mode 100644
index 000000000..697a0baf4
--- /dev/null
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -0,0 +1,81 @@
+using System.ComponentModel.DataAnnotations;
+using System.Threading;
+using MediaBrowser.Controller.Persistence;
+using MediaBrowser.Model.Entities;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// Display Preferences Controller.
+ ///
+ [Authorize]
+ public class DisplayPreferencesController : BaseJellyfinApiController
+ {
+ private readonly IDisplayPreferencesRepository _displayPreferencesRepository;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of interface.
+ public DisplayPreferencesController(IDisplayPreferencesRepository displayPreferencesRepository)
+ {
+ _displayPreferencesRepository = displayPreferencesRepository;
+ }
+
+ ///
+ /// Get Display Preferences.
+ ///
+ /// Display preferences id.
+ /// User id.
+ /// Client.
+ /// Display preferences retrieved.
+ /// An containing the display preferences on success, or a if the display preferences could not be found.
+ [HttpGet("{DisplayPreferencesId}")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult GetDisplayPreferences(
+ [FromRoute] string displayPreferencesId,
+ [FromQuery] [Required] string userId,
+ [FromQuery] [Required] string client)
+ {
+ return _displayPreferencesRepository.GetDisplayPreferences(displayPreferencesId, userId, client);
+ }
+
+ ///
+ /// Update Display Preferences.
+ ///
+ /// Display preferences id.
+ /// User Id.
+ /// Client.
+ /// New Display Preferences object.
+ /// Display preferences updated.
+ /// An on success, or a if the display preferences could not be found.
+ [HttpPost("{DisplayPreferencesId}")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(typeof(ModelStateDictionary), StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult UpdateDisplayPreferences(
+ [FromRoute] string displayPreferencesId,
+ [FromQuery, BindRequired] string userId,
+ [FromQuery, BindRequired] string client,
+ [FromBody, BindRequired] DisplayPreferences displayPreferences)
+ {
+ if (displayPreferencesId == null)
+ {
+ // TODO - refactor so parameter doesn't exist or is actually used.
+ }
+
+ _displayPreferencesRepository.SaveDisplayPreferences(
+ displayPreferences,
+ userId,
+ client,
+ CancellationToken.None);
+
+ return Ok();
+ }
+ }
+}
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index 6a6e6a64a..dc5b0d906 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
-using System;
+using System;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
@@ -137,6 +136,7 @@ namespace Jellyfin.Api.Controllers
/// Query filters.
[HttpGet("/Items/Filters2")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "mediaTypes", Justification = "Imported from ServiceStack")]
public ActionResult GetQueryFilters(
[FromQuery] Guid? userId,
[FromQuery] string? parentId,
diff --git a/Jellyfin.Api/Controllers/ItemRefreshController.cs b/Jellyfin.Api/Controllers/ItemRefreshController.cs
index a1df22e41..6a16a89c5 100644
--- a/Jellyfin.Api/Controllers/ItemRefreshController.cs
+++ b/Jellyfin.Api/Controllers/ItemRefreshController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO;
@@ -54,6 +53,7 @@ namespace Jellyfin.Api.Controllers
[Description("Refreshes metadata for an item.")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "recursive", Justification = "Imported from ServiceStack")]
public ActionResult Post(
[FromRoute] string id,
[FromQuery] MetadataRefreshMode metadataRefreshMode = MetadataRefreshMode.None,
diff --git a/Jellyfin.Api/Controllers/LibraryStructureController.cs b/Jellyfin.Api/Controllers/LibraryStructureController.cs
index ca2905b11..62c547409 100644
--- a/Jellyfin.Api/Controllers/LibraryStructureController.cs
+++ b/Jellyfin.Api/Controllers/LibraryStructureController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@@ -56,6 +55,7 @@ namespace Jellyfin.Api.Controllers
/// An with the virtual folders.
[HttpGet]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult> GetVirtualFolders([FromQuery] string userId)
{
return _libraryManager.GetVirtualFolders(true);
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index a1f9b9e8f..01dd23c77 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Threading;
using Jellyfin.Api.Models.NotificationDtos;
@@ -45,6 +44,10 @@ namespace Jellyfin.Api.Controllers
/// An containing a list of notifications.
[HttpGet("{UserID}")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isRead", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "startIndex", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "limit", Justification = "Imported from ServiceStack")]
public ActionResult GetNotifications(
[FromRoute] string userId,
[FromQuery] bool? isRead,
@@ -62,6 +65,7 @@ namespace Jellyfin.Api.Controllers
/// An containing a summary of the users notifications.
[HttpGet("{UserID}/Summary")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult GetNotificationsSummary(
[FromRoute] string userId)
{
@@ -136,6 +140,8 @@ namespace Jellyfin.Api.Controllers
/// A .
[HttpPost("{UserID}/Read")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetRead(
[FromRoute] string userId,
[FromQuery] string ids)
@@ -152,6 +158,8 @@ namespace Jellyfin.Api.Controllers
/// A .
[HttpPost("{UserID}/Unread")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetUnread(
[FromRoute] string userId,
[FromQuery] string ids)
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index fdb2f4c35..6075544cf 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
-using System;
+using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Text.Json;
using System.Threading.Tasks;
@@ -46,6 +45,7 @@ namespace Jellyfin.Api.Controllers
/// Installed plugins returned.
/// List of currently installed plugins.
[HttpGet]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isAppStoreEnabled", Justification = "Imported from ServiceStack")]
public ActionResult> GetPlugins([FromRoute] bool? isAppStoreEnabled)
{
return Ok(_appHost.Plugins.OrderBy(p => p.Name).Select(p => p.GetPluginInfo()));
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
new file mode 100644
index 000000000..4f259536a
--- /dev/null
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -0,0 +1,474 @@
+#pragma warning disable CA1801
+
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Linq;
+using System.Threading;
+using Jellyfin.Api.Helpers;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.Session;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Session;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// The session controller.
+ ///
+ public class SessionController : BaseJellyfinApiController
+ {
+ private readonly ISessionManager _sessionManager;
+ private readonly IUserManager _userManager;
+ private readonly IAuthorizationContext _authContext;
+ private readonly IDeviceManager _deviceManager;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of interface.
+ /// Instance of interface.
+ /// Instance of interface.
+ /// Instance of interface.
+ public SessionController(
+ ISessionManager sessionManager,
+ IUserManager userManager,
+ IAuthorizationContext authContext,
+ IDeviceManager deviceManager)
+ {
+ _sessionManager = sessionManager;
+ _userManager = userManager;
+ _authContext = authContext;
+ _deviceManager = deviceManager;
+ }
+
+ ///
+ /// Gets a list of sessions.
+ ///
+ /// Filter by sessions that a given user is allowed to remote control.
+ /// Filter by device Id.
+ /// Optional. Filter by sessions that were active in the last n seconds.
+ /// List of sessions returned.
+ /// An with the available sessions.
+ [HttpGet("/Sessions")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetSessions(
+ [FromQuery] Guid controllableByUserId,
+ [FromQuery] string deviceId,
+ [FromQuery] int? activeWithinSeconds)
+ {
+ var result = _sessionManager.Sessions;
+
+ if (!string.IsNullOrEmpty(deviceId))
+ {
+ result = result.Where(i => string.Equals(i.DeviceId, deviceId, StringComparison.OrdinalIgnoreCase));
+ }
+
+ if (!controllableByUserId.Equals(Guid.Empty))
+ {
+ result = result.Where(i => i.SupportsRemoteControl);
+
+ var user = _userManager.GetUserById(controllableByUserId);
+
+ if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
+ {
+ result = result.Where(i => i.UserId.Equals(Guid.Empty) || i.ContainsUser(controllableByUserId));
+ }
+
+ if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl))
+ {
+ result = result.Where(i => !i.UserId.Equals(Guid.Empty));
+ }
+
+ if (activeWithinSeconds.HasValue && activeWithinSeconds.Value > 0)
+ {
+ var minActiveDate = DateTime.UtcNow.AddSeconds(0 - activeWithinSeconds.Value);
+ result = result.Where(i => i.LastActivityDate >= minActiveDate);
+ }
+
+ result = result.Where(i =>
+ {
+ if (!string.IsNullOrWhiteSpace(i.DeviceId))
+ {
+ if (!_deviceManager.CanAccessDevice(user, i.DeviceId))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ });
+ }
+
+ return Ok(result);
+ }
+
+ ///
+ /// Instructs a session to browse to an item or view.
+ ///
+ /// The session Id.
+ /// The type of item to browse to.
+ /// The Id of the item.
+ /// The name of the item.
+ /// Instruction sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/Viewing")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult DisplayContent(
+ [FromRoute] string id,
+ [FromQuery] string itemType,
+ [FromQuery] string itemId,
+ [FromQuery] string itemName)
+ {
+ var command = new BrowseRequest
+ {
+ ItemId = itemId,
+ ItemName = itemName,
+ ItemType = itemType
+ };
+
+ _sessionManager.SendBrowseCommand(
+ RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+ id,
+ command,
+ CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Instructs a session to play an item.
+ ///
+ /// The session id.
+ /// The ids of the items to play, comma delimited.
+ /// The starting position of the first item.
+ /// The type of play command to issue (PlayNow, PlayNext, PlayLast). Clients who have not yet implemented play next and play last may play now.
+ /// The .
+ /// Instruction sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/Playing")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult Play(
+ [FromRoute] string id,
+ [FromQuery] Guid[] itemIds,
+ [FromQuery] long? startPositionTicks,
+ [FromQuery] PlayCommand playCommand,
+ [FromBody, Required] PlayRequest playRequest)
+ {
+ if (playRequest == null)
+ {
+ throw new ArgumentException("Request Body may not be null");
+ }
+
+ playRequest.ItemIds = itemIds;
+ playRequest.StartPositionTicks = startPositionTicks;
+ playRequest.PlayCommand = playCommand;
+
+ _sessionManager.SendPlayCommand(
+ RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+ id,
+ playRequest,
+ CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Issues a playstate command to a client.
+ ///
+ /// The session id.
+ /// The .
+ /// Playstate command sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/Playing/{command}")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult SendPlaystateCommand(
+ [FromRoute] string id,
+ [FromBody] PlaystateRequest playstateRequest)
+ {
+ _sessionManager.SendPlaystateCommand(
+ RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+ id,
+ playstateRequest,
+ CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Issues a system command to a client.
+ ///
+ /// The session id.
+ /// The command to send.
+ /// System command sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/System/{Command}")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult SendSystemCommand(
+ [FromRoute] string id,
+ [FromRoute] string command)
+ {
+ var name = command;
+ if (Enum.TryParse(name, true, out GeneralCommandType commandType))
+ {
+ name = commandType.ToString();
+ }
+
+ var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+ var generalCommand = new GeneralCommand
+ {
+ Name = name,
+ ControllingUserId = currentSession.UserId
+ };
+
+ _sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Issues a general command to a client.
+ ///
+ /// The session id.
+ /// The command to send.
+ /// General command sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/Command/{Command}")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult SendGeneralCommand(
+ [FromRoute] string id,
+ [FromRoute] string command)
+ {
+ var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+
+ var generalCommand = new GeneralCommand
+ {
+ Name = command,
+ ControllingUserId = currentSession.UserId
+ };
+
+ _sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Issues a full general command to a client.
+ ///
+ /// The session id.
+ /// The .
+ /// Full general command sent to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/Command")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult SendFullGeneralCommand(
+ [FromRoute] string id,
+ [FromBody, Required] GeneralCommand command)
+ {
+ var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+
+ if (command == null)
+ {
+ throw new ArgumentException("Request body may not be null");
+ }
+
+ command.ControllingUserId = currentSession.UserId;
+
+ _sessionManager.SendGeneralCommand(
+ currentSession.Id,
+ id,
+ command,
+ CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Issues a command to a client to display a message to the user.
+ ///
+ /// The session id.
+ /// The message test.
+ /// The message header.
+ /// The message timeout. If omitted the user will have to confirm viewing the message.
+ /// Message sent.
+ /// A .
+ [HttpPost("/Sessions/{id}/Message")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult SendMessageCommand(
+ [FromRoute] string id,
+ [FromQuery] string text,
+ [FromQuery] string header,
+ [FromQuery] long? timeoutMs)
+ {
+ var command = new MessageCommand
+ {
+ Header = string.IsNullOrEmpty(header) ? "Message from Server" : header,
+ TimeoutMs = timeoutMs,
+ Text = text
+ };
+
+ _sessionManager.SendMessageCommand(RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id, id, command, CancellationToken.None);
+
+ return NoContent();
+ }
+
+ ///
+ /// Adds an additional user to a session.
+ ///
+ /// The session id.
+ /// The user id.
+ /// User added to session.
+ /// A .
+ [HttpPost("/Sessions/{id}/User/{userId}")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult AddUserToSession(
+ [FromRoute] string id,
+ [FromRoute] Guid userId)
+ {
+ _sessionManager.AddAdditionalUser(id, userId);
+ return NoContent();
+ }
+
+ ///
+ /// Removes an additional user from a session.
+ ///
+ /// The session id.
+ /// The user id.
+ /// User removed from session.
+ /// A .
+ [HttpDelete("/Sessions/{id}/User/{userId}")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult RemoveUserFromSession(
+ [FromRoute] string id,
+ [FromRoute] Guid userId)
+ {
+ _sessionManager.RemoveAdditionalUser(id, userId);
+ return NoContent();
+ }
+
+ ///
+ /// Updates capabilities for a device.
+ ///
+ /// The session id.
+ /// A list of playable media types, comma delimited. Audio, Video, Book, Photo.
+ /// A list of supported remote control commands, comma delimited.
+ /// Determines whether media can be played remotely..
+ /// Determines whether sync is supported.
+ /// Determines whether the device supports a unique identifier.
+ /// Capabilities posted.
+ /// A .
+ [HttpPost("/Sessions/Capabilities")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult PostCapabilities(
+ [FromQuery] string id,
+ [FromQuery] string playableMediaTypes,
+ [FromQuery] string supportedCommands,
+ [FromQuery] bool supportsMediaControl,
+ [FromQuery] bool supportsSync,
+ [FromQuery] bool supportsPersistentIdentifier = true)
+ {
+ if (string.IsNullOrWhiteSpace(id))
+ {
+ id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+ }
+
+ _sessionManager.ReportCapabilities(id, new ClientCapabilities
+ {
+ PlayableMediaTypes = RequestHelpers.Split(playableMediaTypes, ',', true),
+ SupportedCommands = RequestHelpers.Split(supportedCommands, ',', true),
+ SupportsMediaControl = supportsMediaControl,
+ SupportsSync = supportsSync,
+ SupportsPersistentIdentifier = supportsPersistentIdentifier
+ });
+ return NoContent();
+ }
+
+ ///
+ /// Updates capabilities for a device.
+ ///
+ /// The session id.
+ /// The .
+ /// Capabilities updated.
+ /// A .
+ [HttpPost("/Sessions/Capabilities/Full")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult PostFullCapabilities(
+ [FromQuery] string id,
+ [FromBody, Required] ClientCapabilities capabilities)
+ {
+ if (string.IsNullOrWhiteSpace(id))
+ {
+ id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+ }
+
+ _sessionManager.ReportCapabilities(id, capabilities);
+
+ return NoContent();
+ }
+
+ ///
+ /// Reports that a session is viewing an item.
+ ///
+ /// The session id.
+ /// The item id.
+ /// Session reported to server.
+ /// A .
+ [HttpPost("/Sessions/Viewing")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult ReportViewing(
+ [FromQuery] string sessionId,
+ [FromQuery] string itemId)
+ {
+ string session = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+
+ _sessionManager.ReportNowViewingItem(session, itemId);
+ return NoContent();
+ }
+
+ ///
+ /// Reports that a session has ended.
+ ///
+ /// Session end reported to server.
+ /// A .
+ [HttpPost("/Sessions/Logout")]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ public ActionResult ReportSessionEnded()
+ {
+ AuthorizationInfo auth = _authContext.GetAuthorizationInfo(Request);
+
+ _sessionManager.Logout(auth.Token);
+ return NoContent();
+ }
+
+ ///
+ /// Get all auth providers.
+ ///
+ /// Auth providers retrieved.
+ /// An with the auth providers.
+ [HttpGet("/Auth/Providers")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetAuthProviders()
+ {
+ return _userManager.GetAuthenticationProviders();
+ }
+
+ ///
+ /// Get all password reset providers.
+ ///
+ /// Password reset providers retrieved.
+ /// An with the password reset providers.
+ [HttpGet("/Auto/PasswordResetProviders")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetPasswordResetProviders()
+ {
+ return _userManager.GetPasswordResetProviders();
+ }
+ }
+}
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 69b83379d..74ec5f9b5 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -1,8 +1,7 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@@ -251,9 +250,9 @@ namespace Jellyfin.Api.Controllers
[HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
public async Task GetSubtitlePlaylist(
[FromRoute] Guid id,
- // TODO: 'int index' is never used: CA1801 is disabled
[FromRoute] int index,
[FromRoute] string mediaSourceId,
[FromQuery, Required] int segmentLength)
diff --git a/Jellyfin.Api/Controllers/SuggestionsController.cs b/Jellyfin.Api/Controllers/SuggestionsController.cs
new file mode 100644
index 000000000..e1a99a138
--- /dev/null
+++ b/Jellyfin.Api/Controllers/SuggestionsController.cs
@@ -0,0 +1,87 @@
+using System;
+using System.Linq;
+using Jellyfin.Api.Extensions;
+using Jellyfin.Api.Helpers;
+using MediaBrowser.Controller.Dto;
+using MediaBrowser.Controller.Entities;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Entities;
+using MediaBrowser.Model.Querying;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// The suggestions controller.
+ ///
+ public class SuggestionsController : BaseJellyfinApiController
+ {
+ private readonly IDtoService _dtoService;
+ private readonly IUserManager _userManager;
+ private readonly ILibraryManager _libraryManager;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ public SuggestionsController(
+ IDtoService dtoService,
+ IUserManager userManager,
+ ILibraryManager libraryManager)
+ {
+ _dtoService = dtoService;
+ _userManager = userManager;
+ _libraryManager = libraryManager;
+ }
+
+ ///
+ /// Gets suggestions.
+ ///
+ /// The user id.
+ /// The media types.
+ /// The type.
+ /// Whether to enable the total record count.
+ /// Optional. The start index.
+ /// Optional. The limit.
+ /// Suggestions returned.
+ /// A with the suggestions.
+ [HttpGet("/Users/{userId}/Suggestions")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetSuggestions(
+ [FromRoute] Guid userId,
+ [FromQuery] string? mediaType,
+ [FromQuery] string? type,
+ [FromQuery] bool enableTotalRecordCount,
+ [FromQuery] int? startIndex,
+ [FromQuery] int? limit)
+ {
+ var user = !userId.Equals(Guid.Empty) ? _userManager.GetUserById(userId) : null;
+
+ var dtoOptions = new DtoOptions().AddClientFields(Request);
+ var result = _libraryManager.GetItemsResult(new InternalItemsQuery(user)
+ {
+ OrderBy = new[] { ItemSortBy.Random }.Select(i => new ValueTuple(i, SortOrder.Descending)).ToArray(),
+ MediaTypes = RequestHelpers.Split(mediaType!, ',', true),
+ IncludeItemTypes = RequestHelpers.Split(type!, ',', true),
+ IsVirtualItem = false,
+ StartIndex = startIndex,
+ Limit = limit,
+ DtoOptions = dtoOptions,
+ EnableTotalRecordCount = enableTotalRecordCount,
+ Recursive = true
+ });
+
+ var dtoList = _dtoService.GetBaseItemDtos(result.Items, dtoOptions, user);
+
+ return new QueryResult
+ {
+ TotalRecordCount = result.TotalRecordCount,
+ Items = dtoList
+ };
+ }
+ }
+}
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
new file mode 100644
index 000000000..68ab5813c
--- /dev/null
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -0,0 +1,552 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
+using System.Linq;
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
+using Jellyfin.Api.Models.UserDtos;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.Session;
+using MediaBrowser.Model.Configuration;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Users;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// User controller.
+ ///
+ [Route("/Users")]
+ public class UserController : BaseJellyfinApiController
+ {
+ private readonly IUserManager _userManager;
+ private readonly ISessionManager _sessionManager;
+ private readonly INetworkManager _networkManager;
+ private readonly IDeviceManager _deviceManager;
+ private readonly IAuthorizationContext _authContext;
+ private readonly IServerConfigurationManager _config;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ public UserController(
+ IUserManager userManager,
+ ISessionManager sessionManager,
+ INetworkManager networkManager,
+ IDeviceManager deviceManager,
+ IAuthorizationContext authContext,
+ IServerConfigurationManager config)
+ {
+ _userManager = userManager;
+ _sessionManager = sessionManager;
+ _networkManager = networkManager;
+ _deviceManager = deviceManager;
+ _authContext = authContext;
+ _config = config;
+ }
+
+ ///
+ /// Gets a list of users.
+ ///
+ /// Optional filter by IsHidden=true or false.
+ /// Optional filter by IsDisabled=true or false.
+ /// Optional filter by IsGuest=true or false.
+ /// Users returned.
+ /// An containing the users.
+ [HttpGet]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
+ public ActionResult> GetUsers(
+ [FromQuery] bool? isHidden,
+ [FromQuery] bool? isDisabled,
+ [FromQuery] bool? isGuest)
+ {
+ var users = Get(isHidden, isDisabled, false, false);
+ return Ok(users);
+ }
+
+ ///
+ /// Gets a list of publicly visible users for display on a login screen.
+ ///
+ /// Public users returned.
+ /// An containing the public users.
+ [HttpGet("Public")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetPublicUsers()
+ {
+ // If the startup wizard hasn't been completed then just return all users
+ if (!_config.Configuration.IsStartupWizardCompleted)
+ {
+ return Ok(Get(false, false, false, false));
+ }
+
+ return Ok(Get(false, false, true, true));
+ }
+
+ ///
+ /// Gets a user by Id.
+ ///
+ /// The user id.
+ /// User returned.
+ /// User not found.
+ /// An with information about the user or a if the user was not found.
+ [HttpGet("{id}")]
+ [Authorize(Policy = Policies.IgnoreSchedule)]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult GetUserById([FromRoute] Guid id)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ var result = _userManager.GetUserDto(user, HttpContext.Connection.RemoteIpAddress.ToString());
+ return result;
+ }
+
+ ///
+ /// Deletes a user.
+ ///
+ /// The user id.
+ /// User deleted.
+ /// User not found.
+ /// A indicating success or a if the user was not found.
+ [HttpDelete("{id}")]
+ [Authorize(Policy = Policies.RequiresElevation)]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult DeleteUser([FromRoute] Guid id)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ _sessionManager.RevokeUserTokens(user.Id, null);
+ _userManager.DeleteUser(user);
+ return NoContent();
+ }
+
+ ///
+ /// Authenticates a user.
+ ///
+ /// The user id.
+ /// The password as plain text.
+ /// The password sha1-hash.
+ /// User authenticated.
+ /// Sha1-hashed password only is not allowed.
+ /// User not found.
+ /// A containing an .
+ [HttpPost("{id}/Authenticate")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public async Task> AuthenticateUser(
+ [FromRoute, Required] Guid id,
+ [FromQuery, BindRequired] string pw,
+ [FromQuery, BindRequired] string password)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (!string.IsNullOrEmpty(password) && string.IsNullOrEmpty(pw))
+ {
+ return Forbid("Only sha1 password is not allowed.");
+ }
+
+ // Password should always be null
+ AuthenticateUserByName request = new AuthenticateUserByName
+ {
+ Username = user.Username,
+ Password = null,
+ Pw = pw
+ };
+ return await AuthenticateUserByName(request).ConfigureAwait(false);
+ }
+
+ ///
+ /// Authenticates a user by name.
+ ///
+ /// The request.
+ /// User authenticated.
+ /// A containing an with information about the new session.
+ [HttpPost("AuthenticateByName")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> AuthenticateUserByName([FromBody, BindRequired] AuthenticateUserByName request)
+ {
+ var auth = _authContext.GetAuthorizationInfo(Request);
+
+ try
+ {
+ var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest
+ {
+ App = auth.Client,
+ AppVersion = auth.Version,
+ DeviceId = auth.DeviceId,
+ DeviceName = auth.Device,
+ Password = request.Pw,
+ PasswordSha1 = request.Password,
+ RemoteEndPoint = HttpContext.Connection.RemoteIpAddress.ToString(),
+ Username = request.Username
+ }).ConfigureAwait(false);
+
+ return result;
+ }
+ catch (SecurityException e)
+ {
+ // rethrow adding IP address to message
+ throw new SecurityException($"[{HttpContext.Connection.RemoteIpAddress}] {e.Message}", e);
+ }
+ }
+
+ ///
+ /// Updates a user's password.
+ ///
+ /// The user id.
+ /// The request.
+ /// Password successfully reset.
+ /// User is not allowed to update the password.
+ /// User not found.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}/Password")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public async Task UpdateUserPassword(
+ [FromRoute] Guid id,
+ [FromBody] UpdateUserPassword request)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+ {
+ return Forbid("User is not allowed to update the password.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (request.ResetPassword)
+ {
+ await _userManager.ResetPassword(user).ConfigureAwait(false);
+ }
+ else
+ {
+ var success = await _userManager.AuthenticateUser(
+ user.Username,
+ request.CurrentPw,
+ request.CurrentPw,
+ HttpContext.Connection.RemoteIpAddress.ToString(),
+ false).ConfigureAwait(false);
+
+ if (success == null)
+ {
+ return Forbid("Invalid user or password entered.");
+ }
+
+ await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
+
+ var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
+
+ _sessionManager.RevokeUserTokens(user.Id, currentToken);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user's easy password.
+ ///
+ /// The user id.
+ /// The request.
+ /// Password successfully reset.
+ /// User is not allowed to update the password.
+ /// User not found.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}/EasyPassword")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult UpdateUserEasyPassword(
+ [FromRoute] Guid id,
+ [FromBody] UpdateUserEasyPassword request)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+ {
+ return Forbid("User is not allowed to update the easy password.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (request.ResetPassword)
+ {
+ _userManager.ResetEasyPassword(user);
+ }
+ else
+ {
+ _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user.
+ ///
+ /// The user id.
+ /// The updated user model.
+ /// User updated.
+ /// User information was not supplied.
+ /// User update forbidden.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public async Task UpdateUser(
+ [FromRoute] Guid id,
+ [FromBody] UserDto updateUser)
+ {
+ if (updateUser == null)
+ {
+ return BadRequest();
+ }
+
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+ {
+ return Forbid("User update not allowed.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
+ {
+ await _userManager.UpdateUserAsync(user).ConfigureAwait(false);
+ _userManager.UpdateConfiguration(user.Id, updateUser.Configuration);
+ }
+ else
+ {
+ await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
+ _userManager.UpdateConfiguration(updateUser.Id, updateUser.Configuration);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user policy.
+ ///
+ /// The user id.
+ /// The new user policy.
+ /// User policy updated.
+ /// User policy was not supplied.
+ /// User policy update forbidden.
+ /// A indicating success or a or a on failure..
+ [HttpPost("{id}/Policy")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public ActionResult UpdateUserPolicy(
+ [FromRoute] Guid id,
+ [FromBody] UserPolicy newPolicy)
+ {
+ if (newPolicy == null)
+ {
+ return BadRequest();
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ // If removing admin access
+ if (!(newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator)))
+ {
+ if (_userManager.Users.Count(i => i.HasPermission(PermissionKind.IsAdministrator)) == 1)
+ {
+ return Forbid("There must be at least one user in the system with administrative access.");
+ }
+ }
+
+ // If disabling
+ if (newPolicy.IsDisabled && user.HasPermission(PermissionKind.IsAdministrator))
+ {
+ return Forbid("Administrators cannot be disabled.");
+ }
+
+ // If disabling
+ if (newPolicy.IsDisabled && !user.HasPermission(PermissionKind.IsDisabled))
+ {
+ if (_userManager.Users.Count(i => !i.HasPermission(PermissionKind.IsDisabled)) == 1)
+ {
+ return Forbid("There must be at least one enabled user in the system.");
+ }
+
+ var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
+ _sessionManager.RevokeUserTokens(user.Id, currentToken);
+ }
+
+ _userManager.UpdatePolicy(id, newPolicy);
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user configuration.
+ ///
+ /// The user id.
+ /// The new user configuration.
+ /// User configuration updated.
+ /// User configuration update forbidden.
+ /// A indicating success.
+ [HttpPost("{id}/Configuration")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public ActionResult UpdateUserConfiguration(
+ [FromRoute] Guid id,
+ [FromBody] UserConfiguration userConfig)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+ {
+ return Forbid("User configuration update not allowed");
+ }
+
+ _userManager.UpdateConfiguration(id, userConfig);
+
+ return NoContent();
+ }
+
+ ///
+ /// Creates a user.
+ ///
+ /// The create user by name request body.
+ /// User created.
+ /// An of the new user.
+ [HttpPost("/Users/New")]
+ [Authorize(Policy = Policies.RequiresElevation)]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> CreateUserByName([FromBody] CreateUserByName request)
+ {
+ var newUser = _userManager.CreateUser(request.Name);
+
+ // no need to authenticate password for new user
+ if (request.Password != null)
+ {
+ await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
+ }
+
+ var result = _userManager.GetUserDto(newUser, HttpContext.Connection.RemoteIpAddress.ToString());
+
+ return result;
+ }
+
+ ///
+ /// Initiates the forgot password process for a local user.
+ ///
+ /// The entered username.
+ /// Password reset process started.
+ /// A containing a .
+ [HttpPost("ForgotPassword")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> ForgotPassword([FromBody] string enteredUsername)
+ {
+ var isLocal = HttpContext.Connection.RemoteIpAddress.Equals(HttpContext.Connection.LocalIpAddress)
+ || _networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString());
+
+ var result = await _userManager.StartForgotPasswordProcess(enteredUsername, isLocal).ConfigureAwait(false);
+
+ return result;
+ }
+
+ ///
+ /// Redeems a forgot password pin.
+ ///
+ /// The pin.
+ /// Pin reset process started.
+ /// A containing a .
+ [HttpPost("ForgotPassword/Pin")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> ForgotPasswordPin([FromBody] string pin)
+ {
+ var result = await _userManager.RedeemPasswordResetPin(pin).ConfigureAwait(false);
+ return result;
+ }
+
+ private IEnumerable Get(bool? isHidden, bool? isDisabled, bool filterByDevice, bool filterByNetwork)
+ {
+ var users = _userManager.Users;
+
+ if (isDisabled.HasValue)
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == isDisabled.Value);
+ }
+
+ if (isHidden.HasValue)
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == isHidden.Value);
+ }
+
+ if (filterByDevice)
+ {
+ var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
+
+ if (!string.IsNullOrWhiteSpace(deviceId))
+ {
+ users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
+ }
+ }
+
+ if (filterByNetwork)
+ {
+ if (!_networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString()))
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
+ }
+ }
+
+ var result = users
+ .OrderBy(u => u.Username)
+ .Select(i => _userManager.GetUserDto(i, HttpContext.Connection.RemoteIpAddress.ToString()));
+
+ return result;
+ }
+ }
+}
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 9f4d34f9c..2ff40a8a5 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -1,4 +1,8 @@
using System;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.Session;
+using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Helpers
{
@@ -25,5 +29,49 @@ namespace Jellyfin.Api.Helpers
? value.Split(new[] { separator }, StringSplitOptions.RemoveEmptyEntries)
: value.Split(separator);
}
+
+ ///
+ /// Checks if the user can update an entry.
+ ///
+ /// Instance of the interface.
+ /// The .
+ /// The user id.
+ /// Whether to restrict the user preferences.
+ /// A whether the user can update the entry.
+ internal static bool AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences)
+ {
+ var auth = authContext.GetAuthorizationInfo(requestContext);
+
+ var authenticatedUser = auth.User;
+
+ // If they're going to update the record of another user, they must be an administrator
+ if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
+ || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+ internal static SessionInfo GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
+ {
+ var authorization = authContext.GetAuthorizationInfo(request);
+ var user = authorization.User;
+ var session = sessionManager.LogSessionActivity(
+ authorization.Client,
+ authorization.Version,
+ authorization.DeviceId,
+ authorization.Device,
+ request.HttpContext.Connection.RemoteIpAddress.ToString(),
+ user);
+
+ if (session == null)
+ {
+ throw new ArgumentException("Session not found.");
+ }
+
+ return session;
+ }
}
}
diff --git a/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs b/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs
new file mode 100644
index 000000000..393627435
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The authenticate user by name request body.
+ ///
+ public class AuthenticateUserByName
+ {
+ ///
+ /// Gets or sets the username.
+ ///
+ public string? Username { get; set; }
+
+ ///
+ /// Gets or sets the plain text password.
+ ///
+ public string? Pw { get; set; }
+
+ ///
+ /// Gets or sets the sha1-hashed password.
+ ///
+ public string? Password { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
new file mode 100644
index 000000000..1c88d3628
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
@@ -0,0 +1,18 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The create user by name request body.
+ ///
+ public class CreateUserByName
+ {
+ ///
+ /// Gets or sets the username.
+ ///
+ public string? Name { get; set; }
+
+ ///
+ /// Gets or sets the password.
+ ///
+ public string? Password { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs b/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs
new file mode 100644
index 000000000..0a173ea1a
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The update user easy password request body.
+ ///
+ public class UpdateUserEasyPassword
+ {
+ ///
+ /// Gets or sets the new sha1-hashed password.
+ ///
+ public string? NewPassword { get; set; }
+
+ ///
+ /// Gets or sets the new password.
+ ///
+ public string? NewPw { get; set; }
+
+ ///
+ /// Gets or sets a value indicating whether to reset the password.
+ ///
+ public bool ResetPassword { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs b/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs
new file mode 100644
index 000000000..8288dbbc4
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs
@@ -0,0 +1,28 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The update user password request body.
+ ///
+ public class UpdateUserPassword
+ {
+ ///
+ /// Gets or sets the current sha1-hashed password.
+ ///
+ public string? CurrentPassword { get; set; }
+
+ ///
+ /// Gets or sets the current plain text password.
+ ///
+ public string? CurrentPw { get; set; }
+
+ ///
+ /// Gets or sets the new plain text password.
+ ///
+ public string? NewPw { get; set; }
+
+ ///
+ /// Gets or sets a value indicating whether to reset the password.
+ ///
+ public bool ResetPassword { get; set; }
+ }
+}
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index dbd5ba416..aad61d042 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -215,6 +215,31 @@ namespace Jellyfin.Server.Extensions
Format = "string"
})
});
+
+ /*
+ * Support BlurHash dictionary
+ */
+ options.MapType>>(() =>
+ new OpenApiSchema
+ {
+ Type = "object",
+ Properties = typeof(ImageType).GetEnumNames().ToDictionary(
+ name => name,
+ name => new OpenApiSchema
+ {
+ Type = "object", Properties = new Dictionary
+ {
+ {
+ "string",
+ new OpenApiSchema
+ {
+ Type = "string",
+ Format = "string"
+ }
+ }
+ }
+ })
+ });
}
}
}
diff --git a/MediaBrowser.Api/DisplayPreferencesService.cs b/MediaBrowser.Api/DisplayPreferencesService.cs
deleted file mode 100644
index 62c4ff43f..000000000
--- a/MediaBrowser.Api/DisplayPreferencesService.cs
+++ /dev/null
@@ -1,101 +0,0 @@
-using System.Threading;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Persistence;
-using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.Serialization;
-using MediaBrowser.Model.Services;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api
-{
- ///
- /// Class UpdateDisplayPreferences
- ///
- [Route("/DisplayPreferences/{DisplayPreferencesId}", "POST", Summary = "Updates a user's display preferences for an item")]
- public class UpdateDisplayPreferences : DisplayPreferences, IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "DisplayPreferencesId", Description = "DisplayPreferences Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string DisplayPreferencesId { get; set; }
-
- [ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string UserId { get; set; }
- }
-
- [Route("/DisplayPreferences/{Id}", "GET", Summary = "Gets a user's display preferences for an item")]
- public class GetDisplayPreferences : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
- public string Id { get; set; }
-
- [ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
- public string UserId { get; set; }
-
- [ApiMember(Name = "Client", Description = "Client", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
- public string Client { get; set; }
- }
-
- ///
- /// Class DisplayPreferencesService
- ///
- [Authenticated]
- public class DisplayPreferencesService : BaseApiService
- {
- ///
- /// The _display preferences manager
- ///
- private readonly IDisplayPreferencesRepository _displayPreferencesManager;
- ///
- /// The _json serializer
- ///
- private readonly IJsonSerializer _jsonSerializer;
-
- ///
- /// Initializes a new instance of the class.
- ///
- /// The json serializer.
- /// The display preferences manager.
- public DisplayPreferencesService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- IJsonSerializer jsonSerializer,
- IDisplayPreferencesRepository displayPreferencesManager)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _jsonSerializer = jsonSerializer;
- _displayPreferencesManager = displayPreferencesManager;
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- public object Get(GetDisplayPreferences request)
- {
- var result = _displayPreferencesManager.GetDisplayPreferences(request.Id, request.UserId, request.Client);
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public void Post(UpdateDisplayPreferences request)
- {
- // Serialize to json and then back so that the core doesn't see the request dto type
- var displayPreferences = _jsonSerializer.DeserializeFromString(_jsonSerializer.SerializeToString(request));
-
- _displayPreferencesManager.SaveDisplayPreferences(displayPreferences, request.UserId, request.Client, CancellationToken.None);
- }
- }
-}
diff --git a/MediaBrowser.Api/Sessions/SessionService.cs b/MediaBrowser.Api/Sessions/SessionService.cs
deleted file mode 100644
index d986eea65..000000000
--- a/MediaBrowser.Api/Sessions/SessionService.cs
+++ /dev/null
@@ -1,499 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading;
-using System.Threading.Tasks;
-using Jellyfin.Data.Enums;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Session;
-using MediaBrowser.Model.Dto;
-using MediaBrowser.Model.Services;
-using MediaBrowser.Model.Session;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api.Sessions
-{
- ///
- /// Class GetSessions.
- ///
- [Route("/Sessions", "GET", Summary = "Gets a list of sessions")]
- [Authenticated]
- public class GetSessions : IReturn
- {
- [ApiMember(Name = "ControllableByUserId", Description = "Filter by sessions that a given user is allowed to remote control.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
- public Guid ControllableByUserId { get; set; }
-
- [ApiMember(Name = "DeviceId", Description = "Filter by device Id.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "GET")]
- public string DeviceId { get; set; }
-
- public int? ActiveWithinSeconds { get; set; }
- }
-
- ///
- /// Class DisplayContent.
- ///
- [Route("/Sessions/{Id}/Viewing", "POST", Summary = "Instructs a session to browse to an item or view")]
- [Authenticated]
- public class DisplayContent : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- ///
- /// Artist, Genre, Studio, Person, or any kind of BaseItem
- ///
- /// The type of the item.
- [ApiMember(Name = "ItemType", Description = "The type of item to browse to.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string ItemType { get; set; }
-
- ///
- /// Artist name, genre name, item Id, etc
- ///
- /// The item identifier.
- [ApiMember(Name = "ItemId", Description = "The Id of the item.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string ItemId { get; set; }
-
- ///
- /// Gets or sets the name of the item.
- ///
- /// The name of the item.
- [ApiMember(Name = "ItemName", Description = "The name of the item.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string ItemName { get; set; }
- }
-
- [Route("/Sessions/{Id}/Playing", "POST", Summary = "Instructs a session to play an item")]
- [Authenticated]
- public class Play : PlayRequest
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
- }
-
- [Route("/Sessions/{Id}/Playing/{Command}", "POST", Summary = "Issues a playstate command to a client")]
- [Authenticated]
- public class SendPlaystateCommand : PlaystateRequest, IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
- }
-
- [Route("/Sessions/{Id}/System/{Command}", "POST", Summary = "Issues a system command to a client")]
- [Authenticated]
- public class SendSystemCommand : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- ///
- /// Gets or sets the command.
- ///
- /// The play command.
- [ApiMember(Name = "Command", Description = "The command to send.", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Command { get; set; }
- }
-
- [Route("/Sessions/{Id}/Command/{Command}", "POST", Summary = "Issues a system command to a client")]
- [Authenticated]
- public class SendGeneralCommand : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- ///
- /// Gets or sets the command.
- ///
- /// The play command.
- [ApiMember(Name = "Command", Description = "The command to send.", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Command { get; set; }
- }
-
- [Route("/Sessions/{Id}/Command", "POST", Summary = "Issues a system command to a client")]
- [Authenticated]
- public class SendFullGeneralCommand : GeneralCommand, IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
- }
-
- [Route("/Sessions/{Id}/Message", "POST", Summary = "Issues a command to a client to display a message to the user")]
- [Authenticated]
- public class SendMessageCommand : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- [ApiMember(Name = "Text", Description = "The message text.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string Text { get; set; }
-
- [ApiMember(Name = "Header", Description = "The message header.", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string Header { get; set; }
-
- [ApiMember(Name = "TimeoutMs", Description = "The message timeout. If omitted the user will have to confirm viewing the message.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
- public long? TimeoutMs { get; set; }
- }
-
- [Route("/Sessions/{Id}/Users/{UserId}", "POST", Summary = "Adds an additional user to a session")]
- [Authenticated]
- public class AddUserToSession : IReturnVoid
- {
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- [ApiMember(Name = "UserId", Description = "UserId Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string UserId { get; set; }
- }
-
- [Route("/Sessions/{Id}/Users/{UserId}", "DELETE", Summary = "Removes an additional user from a session")]
- [Authenticated]
- public class RemoveUserFromSession : IReturnVoid
- {
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string Id { get; set; }
-
- [ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string UserId { get; set; }
- }
-
- [Route("/Sessions/Capabilities", "POST", Summary = "Updates capabilities for a device")]
- [Authenticated]
- public class PostCapabilities : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string Id { get; set; }
-
- [ApiMember(Name = "PlayableMediaTypes", Description = "A list of playable media types, comma delimited. Audio, Video, Book, Photo.", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string PlayableMediaTypes { get; set; }
-
- [ApiMember(Name = "SupportedCommands", Description = "A list of supported remote control commands, comma delimited", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string SupportedCommands { get; set; }
-
- [ApiMember(Name = "SupportsMediaControl", Description = "Determines whether media can be played remotely.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
- public bool SupportsMediaControl { get; set; }
-
- [ApiMember(Name = "SupportsSync", Description = "Determines whether sync is supported.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
- public bool SupportsSync { get; set; }
-
- [ApiMember(Name = "SupportsPersistentIdentifier", Description = "Determines whether the device supports a unique identifier.", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "POST")]
- public bool SupportsPersistentIdentifier { get; set; }
-
- public PostCapabilities()
- {
- SupportsPersistentIdentifier = true;
- }
- }
-
- [Route("/Sessions/Capabilities/Full", "POST", Summary = "Updates capabilities for a device")]
- [Authenticated]
- public class PostFullCapabilities : ClientCapabilities, IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Session Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string Id { get; set; }
- }
-
- [Route("/Sessions/Viewing", "POST", Summary = "Reports that a session is viewing an item")]
- [Authenticated]
- public class ReportViewing : IReturnVoid
- {
- [ApiMember(Name = "SessionId", IsRequired = false, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string SessionId { get; set; }
-
- [ApiMember(Name = "ItemId", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string ItemId { get; set; }
- }
-
- [Route("/Sessions/Logout", "POST", Summary = "Reports that a session has ended")]
- [Authenticated]
- public class ReportSessionEnded : IReturnVoid
- {
- }
-
- [Route("/Auth/Providers", "GET")]
- [Authenticated(Roles = "Admin")]
- public class GetAuthProviders : IReturn
- {
- }
-
- [Route("/Auth/PasswordResetProviders", "GET")]
- [Authenticated(Roles = "Admin")]
- public class GetPasswordResetProviders : IReturn
- {
- }
-
- ///
- /// Class SessionsService.
- ///
- public class SessionService : BaseApiService
- {
- ///
- /// The session manager.
- ///
- private readonly ISessionManager _sessionManager;
-
- private readonly IUserManager _userManager;
- private readonly IAuthorizationContext _authContext;
- private readonly IDeviceManager _deviceManager;
- private readonly ISessionContext _sessionContext;
-
- public SessionService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- ISessionManager sessionManager,
- IUserManager userManager,
- IAuthorizationContext authContext,
- IDeviceManager deviceManager,
- ISessionContext sessionContext)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _sessionManager = sessionManager;
- _userManager = userManager;
- _authContext = authContext;
- _deviceManager = deviceManager;
- _sessionContext = sessionContext;
- }
-
- public object Get(GetAuthProviders request)
- {
- return _userManager.GetAuthenticationProviders();
- }
-
- public object Get(GetPasswordResetProviders request)
- {
- return _userManager.GetPasswordResetProviders();
- }
-
- public void Post(ReportSessionEnded request)
- {
- var auth = _authContext.GetAuthorizationInfo(Request);
-
- _sessionManager.Logout(auth.Token);
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- /// System.Object.
- public object Get(GetSessions request)
- {
- var result = _sessionManager.Sessions;
-
- if (!string.IsNullOrEmpty(request.DeviceId))
- {
- result = result.Where(i => string.Equals(i.DeviceId, request.DeviceId, StringComparison.OrdinalIgnoreCase));
- }
-
- if (!request.ControllableByUserId.Equals(Guid.Empty))
- {
- result = result.Where(i => i.SupportsRemoteControl);
-
- var user = _userManager.GetUserById(request.ControllableByUserId);
-
- if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
- {
- result = result.Where(i => i.UserId.Equals(Guid.Empty) || i.ContainsUser(request.ControllableByUserId));
- }
-
- if (!user.HasPermission(PermissionKind.EnableSharedDeviceControl))
- {
- result = result.Where(i => !i.UserId.Equals(Guid.Empty));
- }
-
- if (request.ActiveWithinSeconds.HasValue && request.ActiveWithinSeconds.Value > 0)
- {
- var minActiveDate = DateTime.UtcNow.AddSeconds(0 - request.ActiveWithinSeconds.Value);
- result = result.Where(i => i.LastActivityDate >= minActiveDate);
- }
-
- result = result.Where(i =>
- {
- var deviceId = i.DeviceId;
-
- if (!string.IsNullOrWhiteSpace(deviceId))
- {
- if (!_deviceManager.CanAccessDevice(user, deviceId))
- {
- return false;
- }
- }
-
- return true;
- });
- }
-
- return ToOptimizedResult(result.ToArray());
- }
-
- public Task Post(SendPlaystateCommand request)
- {
- return _sessionManager.SendPlaystateCommand(GetSession(_sessionContext).Id, request.Id, request, CancellationToken.None);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public Task Post(DisplayContent request)
- {
- var command = new BrowseRequest
- {
- ItemId = request.ItemId,
- ItemName = request.ItemName,
- ItemType = request.ItemType
- };
-
- return _sessionManager.SendBrowseCommand(GetSession(_sessionContext).Id, request.Id, command, CancellationToken.None);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public Task Post(SendSystemCommand request)
- {
- var name = request.Command;
- if (Enum.TryParse(name, true, out GeneralCommandType commandType))
- {
- name = commandType.ToString();
- }
-
- var currentSession = GetSession(_sessionContext);
- var command = new GeneralCommand
- {
- Name = name,
- ControllingUserId = currentSession.UserId
- };
-
- return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, command, CancellationToken.None);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public Task Post(SendMessageCommand request)
- {
- var command = new MessageCommand
- {
- Header = string.IsNullOrEmpty(request.Header) ? "Message from Server" : request.Header,
- TimeoutMs = request.TimeoutMs,
- Text = request.Text
- };
-
- return _sessionManager.SendMessageCommand(GetSession(_sessionContext).Id, request.Id, command, CancellationToken.None);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public Task Post(Play request)
- {
- return _sessionManager.SendPlayCommand(GetSession(_sessionContext).Id, request.Id, request, CancellationToken.None);
- }
-
- public Task Post(SendGeneralCommand request)
- {
- var currentSession = GetSession(_sessionContext);
-
- var command = new GeneralCommand
- {
- Name = request.Command,
- ControllingUserId = currentSession.UserId
- };
-
- return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, command, CancellationToken.None);
- }
-
- public Task Post(SendFullGeneralCommand request)
- {
- var currentSession = GetSession(_sessionContext);
-
- request.ControllingUserId = currentSession.UserId;
-
- return _sessionManager.SendGeneralCommand(currentSession.Id, request.Id, request, CancellationToken.None);
- }
-
- public void Post(AddUserToSession request)
- {
- _sessionManager.AddAdditionalUser(request.Id, new Guid(request.UserId));
- }
-
- public void Delete(RemoveUserFromSession request)
- {
- _sessionManager.RemoveAdditionalUser(request.Id, new Guid(request.UserId));
- }
-
- public void Post(PostCapabilities request)
- {
- if (string.IsNullOrWhiteSpace(request.Id))
- {
- request.Id = GetSession(_sessionContext).Id;
- }
-
- _sessionManager.ReportCapabilities(request.Id, new ClientCapabilities
- {
- PlayableMediaTypes = SplitValue(request.PlayableMediaTypes, ','),
- SupportedCommands = SplitValue(request.SupportedCommands, ','),
- SupportsMediaControl = request.SupportsMediaControl,
- SupportsSync = request.SupportsSync,
- SupportsPersistentIdentifier = request.SupportsPersistentIdentifier
- });
- }
-
- public void Post(PostFullCapabilities request)
- {
- if (string.IsNullOrWhiteSpace(request.Id))
- {
- request.Id = GetSession(_sessionContext).Id;
- }
-
- _sessionManager.ReportCapabilities(request.Id, request);
- }
-
- public void Post(ReportViewing request)
- {
- request.SessionId = GetSession(_sessionContext).Id;
-
- _sessionManager.ReportNowViewingItem(request.SessionId, request.ItemId);
- }
- }
-}
diff --git a/MediaBrowser.Api/SuggestionsService.cs b/MediaBrowser.Api/SuggestionsService.cs
deleted file mode 100644
index 32d3bde5c..000000000
--- a/MediaBrowser.Api/SuggestionsService.cs
+++ /dev/null
@@ -1,98 +0,0 @@
-using System;
-using System.Linq;
-using Jellyfin.Data.Entities;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Dto;
-using MediaBrowser.Controller.Entities;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Model.Dto;
-using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.Querying;
-using MediaBrowser.Model.Services;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api
-{
- [Route("/Users/{UserId}/Suggestions", "GET", Summary = "Gets items based on a query.")]
- public class GetSuggestedItems : IReturn>
- {
- public string MediaType { get; set; }
- public string Type { get; set; }
- public Guid UserId { get; set; }
- public bool EnableTotalRecordCount { get; set; }
- public int? StartIndex { get; set; }
- public int? Limit { get; set; }
-
- public string[] GetMediaTypes()
- {
- return (MediaType ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
- }
-
- public string[] GetIncludeItemTypes()
- {
- return (Type ?? string.Empty).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
- }
- }
-
- public class SuggestionsService : BaseApiService
- {
- private readonly IDtoService _dtoService;
- private readonly IAuthorizationContext _authContext;
- private readonly IUserManager _userManager;
- private readonly ILibraryManager _libraryManager;
-
- public SuggestionsService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- IDtoService dtoService,
- IAuthorizationContext authContext,
- IUserManager userManager,
- ILibraryManager libraryManager)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _dtoService = dtoService;
- _authContext = authContext;
- _userManager = userManager;
- _libraryManager = libraryManager;
- }
-
- public object Get(GetSuggestedItems request)
- {
- return GetResultItems(request);
- }
-
- private QueryResult GetResultItems(GetSuggestedItems request)
- {
- var user = !request.UserId.Equals(Guid.Empty) ? _userManager.GetUserById(request.UserId) : null;
-
- var dtoOptions = GetDtoOptions(_authContext, request);
- var result = GetItems(request, user, dtoOptions);
-
- var dtoList = _dtoService.GetBaseItemDtos(result.Items, dtoOptions, user);
-
- return new QueryResult
- {
- TotalRecordCount = result.TotalRecordCount,
- Items = dtoList
- };
- }
-
- private QueryResult GetItems(GetSuggestedItems request, User user, DtoOptions dtoOptions)
- {
- return _libraryManager.GetItemsResult(new InternalItemsQuery(user)
- {
- OrderBy = new[] { ItemSortBy.Random }.Select(i => new ValueTuple(i, SortOrder.Descending)).ToArray(),
- MediaTypes = request.GetMediaTypes(),
- IncludeItemTypes = request.GetIncludeItemTypes(),
- IsVirtualItem = false,
- StartIndex = request.StartIndex,
- Limit = request.Limit,
- DtoOptions = dtoOptions,
- EnableTotalRecordCount = request.EnableTotalRecordCount,
- Recursive = true
- });
- }
- }
-}
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
deleted file mode 100644
index 9cb9baf63..000000000
--- a/MediaBrowser.Api/UserService.cs
+++ /dev/null
@@ -1,605 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Authentication;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Session;
-using MediaBrowser.Model.Configuration;
-using MediaBrowser.Model.Dto;
-using MediaBrowser.Model.Services;
-using MediaBrowser.Model.Users;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api
-{
- ///
- /// Class GetUsers
- ///
- [Route("/Users", "GET", Summary = "Gets a list of users")]
- [Authenticated]
- public class GetUsers : IReturn
- {
- [ApiMember(Name = "IsHidden", Description = "Optional filter by IsHidden=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsHidden { get; set; }
-
- [ApiMember(Name = "IsDisabled", Description = "Optional filter by IsDisabled=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsDisabled { get; set; }
-
- [ApiMember(Name = "IsGuest", Description = "Optional filter by IsGuest=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsGuest { get; set; }
- }
-
- [Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
- public class GetPublicUsers : IReturn
- {
- }
-
- ///
- /// Class GetUser
- ///
- [Route("/Users/{Id}", "GET", Summary = "Gets a user by Id")]
- [Authenticated(EscapeParentalControl = true)]
- public class GetUser : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class DeleteUser
- ///
- [Route("/Users/{Id}", "DELETE", Summary = "Deletes a user")]
- [Authenticated(Roles = "Admin")]
- public class DeleteUser : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "DELETE")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class AuthenticateUser
- ///
- [Route("/Users/{Id}/Authenticate", "POST", Summary = "Authenticates a user")]
- public class AuthenticateUser : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
-
- [ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pw { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- [ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
- }
-
- ///
- /// Class AuthenticateUser
- ///
- [Route("/Users/AuthenticateByName", "POST", Summary = "Authenticates a user")]
- public class AuthenticateUserByName : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Username", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Username { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- [ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
-
- [ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pw { get; set; }
- }
-
- ///
- /// Class UpdateUserPassword
- ///
- [Route("/Users/{Id}/Password", "POST", Summary = "Updates a user's password")]
- [Authenticated]
- public class UpdateUserPassword : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- public Guid Id { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- public string CurrentPassword { get; set; }
-
- public string CurrentPw { get; set; }
-
- public string NewPw { get; set; }
-
- ///
- /// Gets or sets a value indicating whether [reset password].
- ///
- /// true if [reset password]; otherwise, false.
- public bool ResetPassword { get; set; }
- }
-
- ///
- /// Class UpdateUserEasyPassword
- ///
- [Route("/Users/{Id}/EasyPassword", "POST", Summary = "Updates a user's easy password")]
- [Authenticated]
- public class UpdateUserEasyPassword : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- public Guid Id { get; set; }
-
- ///
- /// Gets or sets the new password.
- ///
- /// The new password.
- public string NewPassword { get; set; }
-
- public string NewPw { get; set; }
-
- ///
- /// Gets or sets a value indicating whether [reset password].
- ///
- /// true if [reset password]; otherwise, false.
- public bool ResetPassword { get; set; }
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}", "POST", Summary = "Updates a user")]
- [Authenticated]
- public class UpdateUser : UserDto, IReturnVoid
- {
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}/Policy", "POST", Summary = "Updates a user policy")]
- [Authenticated(Roles = "admin")]
- public class UpdateUserPolicy : UserPolicy, IReturnVoid
- {
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}/Configuration", "POST", Summary = "Updates a user configuration")]
- [Authenticated]
- public class UpdateUserConfiguration : UserConfiguration, IReturnVoid
- {
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class CreateUser
- ///
- [Route("/Users/New", "POST", Summary = "Creates a user")]
- [Authenticated(Roles = "Admin")]
- public class CreateUserByName : IReturn
- {
- [ApiMember(Name = "Name", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Name { get; set; }
-
- [ApiMember(Name = "Password", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
- }
-
- [Route("/Users/ForgotPassword", "POST", Summary = "Initiates the forgot password process for a local user")]
- public class ForgotPassword : IReturn
- {
- [ApiMember(Name = "EnteredUsername", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string EnteredUsername { get; set; }
- }
-
- [Route("/Users/ForgotPassword/Pin", "POST", Summary = "Redeems a forgot password pin")]
- public class ForgotPasswordPin : IReturn
- {
- [ApiMember(Name = "Pin", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pin { get; set; }
- }
-
- ///
- /// Class UsersService
- ///
- public class UserService : BaseApiService
- {
- ///
- /// The user manager.
- ///
- private readonly IUserManager _userManager;
- private readonly ISessionManager _sessionMananger;
- private readonly INetworkManager _networkManager;
- private readonly IDeviceManager _deviceManager;
- private readonly IAuthorizationContext _authContext;
-
- public UserService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- IUserManager userManager,
- ISessionManager sessionMananger,
- INetworkManager networkManager,
- IDeviceManager deviceManager,
- IAuthorizationContext authContext)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _userManager = userManager;
- _sessionMananger = sessionMananger;
- _networkManager = networkManager;
- _deviceManager = deviceManager;
- _authContext = authContext;
- }
-
- public object Get(GetPublicUsers request)
- {
- // If the startup wizard hasn't been completed then just return all users
- if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
- {
- return Get(new GetUsers
- {
- IsDisabled = false
- });
- }
-
- return Get(new GetUsers
- {
- IsHidden = false,
- IsDisabled = false
- }, true, true);
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- /// System.Object.
- public object Get(GetUsers request)
- {
- return Get(request, false, false);
- }
-
- private object Get(GetUsers request, bool filterByDevice, bool filterByNetwork)
- {
- var users = _userManager.Users;
-
- if (request.IsDisabled.HasValue)
- {
- users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == request.IsDisabled.Value);
- }
-
- if (request.IsHidden.HasValue)
- {
- users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == request.IsHidden.Value);
- }
-
- if (filterByDevice)
- {
- var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
-
- if (!string.IsNullOrWhiteSpace(deviceId))
- {
- users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
- }
- }
-
- if (filterByNetwork)
- {
- if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
- {
- users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
- }
- }
-
- var result = users
- .OrderBy(u => u.Username)
- .Select(i => _userManager.GetUserDto(i, Request.RemoteIp))
- .ToArray();
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- /// System.Object.
- public object Get(GetUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- var result = _userManager.GetUserDto(user, Request.RemoteIp);
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Deletes the specified request.
- ///
- /// The request.
- public Task Delete(DeleteUser request)
- {
- return DeleteAsync(request);
- }
-
- public Task DeleteAsync(DeleteUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- _sessionMananger.RevokeUserTokens(user.Id, null);
- _userManager.DeleteUser(user);
- return Task.CompletedTask;
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public object Post(AuthenticateUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
- {
- throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
- }
-
- // Password should always be null
- return Post(new AuthenticateUserByName
- {
- Username = user.Username,
- Password = null,
- Pw = request.Pw
- });
- }
-
- public async Task