Make sure we can only set the ApiAlias when using the API Key

src/Ombi.Tests/TestStartup.cs

@@ -1,71 +1,71 @@
-using System;
-using Microsoft.AspNetCore.Builder;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Http.Features.Authentication;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Options;
-using Moq;
-using Ombi.Api.Emby;
-using Ombi.Api.Plex;
-using Ombi.Core.Authentication;
-using Ombi.Core.Settings;
-using Ombi.Core.Settings.Models.External;
-using Ombi.Models.Identity;
-using Ombi.Store.Context;
-using Ombi.Store.Entities;
-using Ombi.Store.Repository;
+//using System;
+//using Microsoft.AspNetCore.Builder;
+//using Microsoft.AspNetCore.Hosting;
+//using Microsoft.AspNetCore.Http;
+//using Microsoft.AspNetCore.Http.Features.Authentication;
+//using Microsoft.AspNetCore.Identity;
+//using Microsoft.Extensions.DependencyInjection;
+//using Microsoft.Extensions.Options;
+//using Moq;
+//using Ombi.Api.Emby;
+//using Ombi.Api.Plex;
+//using Ombi.Core.Authentication;
+//using Ombi.Core.Settings;
+//using Ombi.Core.Settings.Models.External;
+//using Ombi.Models.Identity;
+//using Ombi.Store.Context;
+//using Ombi.Store.Entities;
+//using Ombi.Store.Repository;
 
-namespace Ombi.Tests
-{
-    public class TestStartup
-    {
-        public IServiceProvider ConfigureServices(IServiceCollection services)
-        {
-            var _plexApi = new Mock<IPlexApi>();
-            var _embyApi = new Mock<IEmbyApi>();
-            var _tokenSettings = new Mock<IOptions<TokenAuthentication>>();
-            var _embySettings = new Mock<ISettingsService<EmbySettings>>();
-            var _plexSettings = new Mock<ISettingsService<PlexSettings>>();
-            var audit = new Mock<IAuditRepository>();
-            var tokenRepo = new Mock<ITokenRepository>();
+//namespace Ombi.Tests
+//{
+//    public class TestStartup
+//    {
+//        public IServiceProvider ConfigureServices(IServiceCollection services)
+//        {
+//            var _plexApi = new Mock<IPlexApi>();
+//            var _embyApi = new Mock<IEmbyApi>();
+//            var _tokenSettings = new Mock<IOptions<TokenAuthentication>>();
+//            var _embySettings = new Mock<ISettingsService<EmbySettings>>();
+//            var _plexSettings = new Mock<ISettingsService<PlexSettings>>();
+//            var audit = new Mock<IAuditRepository>();
+//            var tokenRepo = new Mock<ITokenRepository>();
 
-            services.AddEntityFrameworkInMemoryDatabase()
-                .AddDbContext<OmbiContext>();
-            services.AddIdentity<OmbiUser, IdentityRole>()
-                .AddEntityFrameworkStores<OmbiContext>().AddUserManager<OmbiUserManager>();
+//            services.AddEntityFrameworkInMemoryDatabase()
+//                .AddDbContext<OmbiContext>();
+//            services.AddIdentity<OmbiUser, IdentityRole>()
+//                .AddEntityFrameworkStores<OmbiContext>().AddUserManager<OmbiUserManager>();
 
-            services.AddTransient(x => _plexApi.Object);
-            services.AddTransient(x => _embyApi.Object);
-            services.AddTransient(x => _tokenSettings.Object);
-            services.AddTransient(x => _embySettings.Object);
-            services.AddTransient(x => _plexSettings.Object);
-            services.AddTransient(x => audit.Object);
-            services.AddTransient(x => tokenRepo.Object);
-            // Taken from https://github.com/aspnet/MusicStore/blob/dev/test/MusicStore.Test/ManageControllerTest.cs (and modified)
-            var context = new DefaultHttpContext();
-            context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature());
-            services.AddSingleton<IHttpContextAccessor>(h => new HttpContextAccessor { HttpContext = context });
+//            services.AddTransient(x => _plexApi.Object);
+//            services.AddTransient(x => _embyApi.Object);
+//            services.AddTransient(x => _tokenSettings.Object);
+//            services.AddTransient(x => _embySettings.Object);
+//            services.AddTransient(x => _plexSettings.Object);
+//            services.AddTransient(x => audit.Object);
+//            services.AddTransient(x => tokenRepo.Object);
+//            // Taken from https://github.com/aspnet/MusicStore/blob/dev/test/MusicStore.Test/ManageControllerTest.cs (and modified)
+//            var context = new DefaultHttpContext();
+//            context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature());
+//            services.AddSingleton<IHttpContextAccessor>(h => new HttpContextAccessor { HttpContext = context });
 
 
-            services.Configure<IdentityOptions>(options =>
-            {
-                options.Password.RequireDigit = false;
-                options.Password.RequiredLength = 1;
-                options.Password.RequireLowercase = false;
-                options.Password.RequireNonAlphanumeric = false;
-                options.Password.RequireUppercase = false;
-                options.User.AllowedUserNameCharacters = string.Empty;
-            });
+//            services.Configure<IdentityOptions>(options =>
+//            {
+//                options.Password.RequireDigit = false;
+//                options.Password.RequiredLength = 1;
+//                options.Password.RequireLowercase = false;
+//                options.Password.RequireNonAlphanumeric = false;
+//                options.Password.RequireUppercase = false;
+//                options.User.AllowedUserNameCharacters = string.Empty;
+//            });
 
-            return services.BuildServiceProvider();
+//            return services.BuildServiceProvider();
 
-        }
+//        }
 
-        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
-        {
+//        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
+//        {
             
-        }
-    }
-}
+//        }
+//    }
+//}

src/Ombi/Controllers/MusicRequestController.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Authorization;
+using System;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Ombi.Core.Engine;
 using Ombi.Core.Models.Requests;
@@ -11,6 +12,7 @@ using Ombi.Core.Models;
 using Ombi.Core.Models.UI;
 using Ombi.Store.Entities;
 using ILogger = Microsoft.Extensions.Logging.ILogger;
+using System.Linq;
 
 namespace Ombi.Controllers
 {
@@ -171,11 +173,14 @@ namespace Ombi.Controllers
         }
         private string GetApiAlias()
         {
-            if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
+            // Make sure this only applies when using the API KEY
+            if (HttpContext.Request.Headers.Keys.Contains("ApiKey", StringComparer.InvariantCultureIgnoreCase))
             {
-                return apiAlias;
+                if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
+                {
+                    return apiAlias;
+                }
             }
-
             return null;
         }
     }

src/Ombi/Controllers/RequestController.cs

@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Authorization;
+using System;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Ombi.Core.Engine;
 using Ombi.Core.Engine.Interfaces;
@@ -528,9 +529,13 @@ namespace Ombi.Controllers
 
         private string GetApiAlias()
         {
-            if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
+            // Make sure this only applies when using the API KEY
+            if (HttpContext.Request.Headers.Keys.Contains("ApiKey", StringComparer.InvariantCultureIgnoreCase))
             {
-                return apiAlias;
+                if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
+                {
+                    return apiAlias;
+                }
             }
 
             return null;