michael.heier/jellyfin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4443 from cvium/fix_auth_again_again_again

Browse Source 
Remove OriginalAuthenticationInfo and add IsAuthenticated property
This commit is contained in:
Bond-009 2020-11-08 16:58:35 +01:00 committed by GitHub
commit c8a320082f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Emby.Server.Implementations/HttpServer/Security/AuthService.cs
View File

@ -1,6 +1,7 @@
#pragma warning disable CS1591 #pragma warning disable CS1591
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
@ -19,9 +20,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
public AuthorizationInfo Authenticate(HttpRequest request) public AuthorizationInfo Authenticate(HttpRequest request)
{ {
var auth = _authorizationContext.GetAuthorizationInfo(request); var auth = _authorizationContext.GetAuthorizationInfo(request);
if (auth == null) if (!auth.IsAuthenticated)
{ {
throw new SecurityException("Unauthenticated request."); throw new AuthenticationException("Invalid token.");
} }
if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false) if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)

25
Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
View File

@ -36,8 +36,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
public AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext) public AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext)
{ {
var auth = GetAuthorizationDictionary(requestContext); var auth = GetAuthorizationDictionary(requestContext);
var (authInfo, _) = var authInfo = GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
return authInfo; return authInfo;
} }
@ -49,19 +48,13 @@ namespace Emby.Server.Implementations.HttpServer.Security
private AuthorizationInfo GetAuthorization(HttpContext httpReq) private AuthorizationInfo GetAuthorization(HttpContext httpReq)
{ {
var auth = GetAuthorizationDictionary(httpReq); var auth = GetAuthorizationDictionary(httpReq);
var (authInfo, originalAuthInfo) = var authInfo = GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
if (originalAuthInfo != null)
{
httpReq.Request.HttpContext.Items["OriginalAuthenticationInfo"] = originalAuthInfo;
}
httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo; httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
return authInfo; return authInfo;
} }
private (AuthorizationInfo authInfo, AuthenticationInfo originalAuthenticationInfo) GetAuthorizationInfoFromDictionary( private AuthorizationInfo GetAuthorizationInfoFromDictionary(
in Dictionary<string, string> auth, in Dictionary<string, string> auth,
in IHeaderDictionary headers, in IHeaderDictionary headers,
in IQueryCollection queryString) in IQueryCollection queryString)
@ -108,13 +101,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
Device = device, Device = device,
DeviceId = deviceId, DeviceId = deviceId,
Version = version, Version = version,
Token = token Token = token,
IsAuthenticated = false
}; };
if (string.IsNullOrWhiteSpace(token)) if (string.IsNullOrWhiteSpace(token))
{ {
// Request doesn't contain a token. // Request doesn't contain a token.
return (null, null); return authInfo;
} }
var result = _authRepo.Get(new AuthenticationInfoQuery var result = _authRepo.Get(new AuthenticationInfoQuery
@ -122,6 +116,11 @@ namespace Emby.Server.Implementations.HttpServer.Security
AccessToken = token AccessToken = token
}); });
if (result.Items.Count > 0)
{
authInfo.IsAuthenticated = true;
}
var originalAuthenticationInfo = result.Items.Count > 0 ? result.Items[0] : null; var originalAuthenticationInfo = result.Items.Count > 0 ? result.Items[0] : null;
if (originalAuthenticationInfo != null) if (originalAuthenticationInfo != null)
@ -197,7 +196,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
} }
} }
return (authInfo, originalAuthenticationInfo); return authInfo;
} }
/// <summary> /// <summary>

2
Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
View File

@ -1,10 +1,10 @@
using System.Globalization; using System.Globalization;
using System.Security.Authentication;
using System.Security.Claims; using System.Security.Claims;
using System.Text.Encodings.Web; using System.Text.Encodings.Web;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;

5
MediaBrowser.Controller/Net/AuthorizationInfo.cs
View File

@ -53,5 +53,10 @@ namespace MediaBrowser.Controller.Net
/// Gets or sets the user making the request. /// Gets or sets the user making the request.
/// </summary> /// </summary>
public User User { get; set; } public User User { get; set; }
/// <summary>
/// Gets or sets a value indicating whether the token is authenticated.
/// </summary>
public bool IsAuthenticated { get; set; }
} }
} }

5
tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
View File

@ -8,6 +8,7 @@ using Jellyfin.Api.Auth;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
@ -68,14 +69,14 @@ namespace Jellyfin.Api.Tests.Auth
} }
[Fact] [Fact]
public async Task HandleAuthenticateAsyncShouldFailOnSecurityException() public async Task HandleAuthenticateAsyncShouldFailOnAuthenticationException()
{ {
var errorMessage = _fixture.Create<string>(); var errorMessage = _fixture.Create<string>();
_jellyfinAuthServiceMock.Setup( _jellyfinAuthServiceMock.Setup(
a => a.Authenticate( a => a.Authenticate(
It.IsAny<HttpRequest>())) It.IsAny<HttpRequest>()))
.Throws(new SecurityException(errorMessage)); .Throws(new AuthenticationException(errorMessage));
var authenticateResult = await _sut.AuthenticateAsync(); var authenticateResult = await _sut.AuthenticateAsync();