Remove OriginalAuthenticationInfo and add IsAuthenticated property

2020-11-08 16:10:33 +01:00 · 2020-11-08 16:10:33 +01:00 · e78c63c4dc
commit e78c63c4dc
parent 96dcd9c87e
5 changed files with 24 additions and 18 deletions
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@ -1,6 +1,7 @@
 #pragma warning disable CS1591

 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Http;

@ -19,9 +20,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
        public AuthorizationInfo Authenticate(HttpRequest request)
        {
            var auth = _authorizationContext.GetAuthorizationInfo(request);
-            if (auth == null)
+            if (!auth.IsAuthenticated)
            {
-                throw new SecurityException("Unauthenticated request.");
+                throw new AuthenticationException("Invalid token.");
            }

            if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
@ -36,8 +36,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
        public AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext)
        {
            var auth = GetAuthorizationDictionary(requestContext);
-            var (authInfo, _) =
-                GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
+            var authInfo = GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
            return authInfo;
        }

@ -49,19 +48,13 @@ namespace Emby.Server.Implementations.HttpServer.Security
        private AuthorizationInfo GetAuthorization(HttpContext httpReq)
        {
            var auth = GetAuthorizationDictionary(httpReq);
-            var (authInfo, originalAuthInfo) =
-                GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
-
-            if (originalAuthInfo != null)
-            {
-                httpReq.Request.HttpContext.Items["OriginalAuthenticationInfo"] = originalAuthInfo;
-            }
+            var authInfo = GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);

            httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
            return authInfo;
        }

-        private (AuthorizationInfo authInfo, AuthenticationInfo originalAuthenticationInfo) GetAuthorizationInfoFromDictionary(
+        private AuthorizationInfo GetAuthorizationInfoFromDictionary(
            in Dictionary<string, string> auth,
            in IHeaderDictionary headers,
            in IQueryCollection queryString)
@ -108,13 +101,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
                Device = device,
                DeviceId = deviceId,
                Version = version,
-                Token = token
+                Token = token,
+                IsAuthenticated = false
            };

            if (string.IsNullOrWhiteSpace(token))
            {
                // Request doesn't contain a token.
-                return (null, null);
+                return authInfo;
            }

            var result = _authRepo.Get(new AuthenticationInfoQuery
@ -122,6 +116,11 @@ namespace Emby.Server.Implementations.HttpServer.Security
                AccessToken = token
            });

+            if (result.Items.Count > 0)
+            {
+                authInfo.IsAuthenticated = true;
+            }
+
            var originalAuthenticationInfo = result.Items.Count > 0 ? result.Items[0] : null;

            if (originalAuthenticationInfo != null)
@ -197,7 +196,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
                }
            }

-            return (authInfo, originalAuthenticationInfo);
+            return authInfo;
        }

        /// <summary>
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@ -1,10 +1,10 @@
 using System.Globalization;
-using System.Security.Authentication;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
--- a/MediaBrowser.Controller/Net/AuthorizationInfo.cs
+++ b/MediaBrowser.Controller/Net/AuthorizationInfo.cs
@ -53,5 +53,10 @@ namespace MediaBrowser.Controller.Net
        /// Gets or sets the user making the request.
        /// </summary>
        public User User { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether the token is authenticated.
+        /// </summary>
+        public bool IsAuthenticated { get; set; }
    }
 }
--- a/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
@ -8,6 +8,7 @@ using Jellyfin.Api.Auth;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
@ -68,14 +69,14 @@ namespace Jellyfin.Api.Tests.Auth
        }

        [Fact]
-        public async Task HandleAuthenticateAsyncShouldFailOnSecurityException()
+        public async Task HandleAuthenticateAsyncShouldFailOnAuthenticationException()
        {
            var errorMessage = _fixture.Create<string>();

            _jellyfinAuthServiceMock.Setup(
                    a => a.Authenticate(
                        It.IsAny<HttpRequest>()))
-                .Throws(new SecurityException(errorMessage));
+                .Throws(new AuthenticationException(errorMessage));

            var authenticateResult = await _sut.AuthenticateAsync();