Make sure we can only set the ApiAlias when using the API Key

pull/2628/head^2
tidusjar 6 years ago
parent 3b91392323
commit b16ac27701

@ -1,71 +1,71 @@
using System; //using System;
using Microsoft.AspNetCore.Builder; //using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting; //using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http; //using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Http.Features.Authentication; //using Microsoft.AspNetCore.Http.Features.Authentication;
using Microsoft.AspNetCore.Identity; //using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection; //using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options; //using Microsoft.Extensions.Options;
using Moq; //using Moq;
using Ombi.Api.Emby; //using Ombi.Api.Emby;
using Ombi.Api.Plex; //using Ombi.Api.Plex;
using Ombi.Core.Authentication; //using Ombi.Core.Authentication;
using Ombi.Core.Settings; //using Ombi.Core.Settings;
using Ombi.Core.Settings.Models.External; //using Ombi.Core.Settings.Models.External;
using Ombi.Models.Identity; //using Ombi.Models.Identity;
using Ombi.Store.Context; //using Ombi.Store.Context;
using Ombi.Store.Entities; //using Ombi.Store.Entities;
using Ombi.Store.Repository; //using Ombi.Store.Repository;
namespace Ombi.Tests //namespace Ombi.Tests
{ //{
public class TestStartup // public class TestStartup
{ // {
public IServiceProvider ConfigureServices(IServiceCollection services) // public IServiceProvider ConfigureServices(IServiceCollection services)
{ // {
var _plexApi = new Mock<IPlexApi>(); // var _plexApi = new Mock<IPlexApi>();
var _embyApi = new Mock<IEmbyApi>(); // var _embyApi = new Mock<IEmbyApi>();
var _tokenSettings = new Mock<IOptions<TokenAuthentication>>(); // var _tokenSettings = new Mock<IOptions<TokenAuthentication>>();
var _embySettings = new Mock<ISettingsService<EmbySettings>>(); // var _embySettings = new Mock<ISettingsService<EmbySettings>>();
var _plexSettings = new Mock<ISettingsService<PlexSettings>>(); // var _plexSettings = new Mock<ISettingsService<PlexSettings>>();
var audit = new Mock<IAuditRepository>(); // var audit = new Mock<IAuditRepository>();
var tokenRepo = new Mock<ITokenRepository>(); // var tokenRepo = new Mock<ITokenRepository>();
services.AddEntityFrameworkInMemoryDatabase() // services.AddEntityFrameworkInMemoryDatabase()
.AddDbContext<OmbiContext>(); // .AddDbContext<OmbiContext>();
services.AddIdentity<OmbiUser, IdentityRole>() // services.AddIdentity<OmbiUser, IdentityRole>()
.AddEntityFrameworkStores<OmbiContext>().AddUserManager<OmbiUserManager>(); // .AddEntityFrameworkStores<OmbiContext>().AddUserManager<OmbiUserManager>();
services.AddTransient(x => _plexApi.Object); // services.AddTransient(x => _plexApi.Object);
services.AddTransient(x => _embyApi.Object); // services.AddTransient(x => _embyApi.Object);
services.AddTransient(x => _tokenSettings.Object); // services.AddTransient(x => _tokenSettings.Object);
services.AddTransient(x => _embySettings.Object); // services.AddTransient(x => _embySettings.Object);
services.AddTransient(x => _plexSettings.Object); // services.AddTransient(x => _plexSettings.Object);
services.AddTransient(x => audit.Object); // services.AddTransient(x => audit.Object);
services.AddTransient(x => tokenRepo.Object); // services.AddTransient(x => tokenRepo.Object);
// Taken from https://github.com/aspnet/MusicStore/blob/dev/test/MusicStore.Test/ManageControllerTest.cs (and modified) // // Taken from https://github.com/aspnet/MusicStore/blob/dev/test/MusicStore.Test/ManageControllerTest.cs (and modified)
var context = new DefaultHttpContext(); // var context = new DefaultHttpContext();
context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature()); // context.Features.Set<IHttpAuthenticationFeature>(new HttpAuthenticationFeature());
services.AddSingleton<IHttpContextAccessor>(h => new HttpContextAccessor { HttpContext = context }); // services.AddSingleton<IHttpContextAccessor>(h => new HttpContextAccessor { HttpContext = context });
services.Configure<IdentityOptions>(options => // services.Configure<IdentityOptions>(options =>
{ // {
options.Password.RequireDigit = false; // options.Password.RequireDigit = false;
options.Password.RequiredLength = 1; // options.Password.RequiredLength = 1;
options.Password.RequireLowercase = false; // options.Password.RequireLowercase = false;
options.Password.RequireNonAlphanumeric = false; // options.Password.RequireNonAlphanumeric = false;
options.Password.RequireUppercase = false; // options.Password.RequireUppercase = false;
options.User.AllowedUserNameCharacters = string.Empty; // options.User.AllowedUserNameCharacters = string.Empty;
}); // });
return services.BuildServiceProvider(); // return services.BuildServiceProvider();
} // }
public void Configure(IApplicationBuilder app, IHostingEnvironment env) // public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{ // {
} // }
} // }
} //}

@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Authorization; using System;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Ombi.Core.Engine; using Ombi.Core.Engine;
using Ombi.Core.Models.Requests; using Ombi.Core.Models.Requests;
@ -11,6 +12,7 @@ using Ombi.Core.Models;
using Ombi.Core.Models.UI; using Ombi.Core.Models.UI;
using Ombi.Store.Entities; using Ombi.Store.Entities;
using ILogger = Microsoft.Extensions.Logging.ILogger; using ILogger = Microsoft.Extensions.Logging.ILogger;
using System.Linq;
namespace Ombi.Controllers namespace Ombi.Controllers
{ {
@ -171,11 +173,14 @@ namespace Ombi.Controllers
} }
private string GetApiAlias() private string GetApiAlias()
{ {
if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias)) // Make sure this only applies when using the API KEY
if (HttpContext.Request.Headers.Keys.Contains("ApiKey", StringComparer.InvariantCultureIgnoreCase))
{ {
return apiAlias; if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
{
return apiAlias;
}
} }
return null; return null;
} }
} }

@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Authorization; using System;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Ombi.Core.Engine; using Ombi.Core.Engine;
using Ombi.Core.Engine.Interfaces; using Ombi.Core.Engine.Interfaces;
@ -528,9 +529,13 @@ namespace Ombi.Controllers
private string GetApiAlias() private string GetApiAlias()
{ {
if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias)) // Make sure this only applies when using the API KEY
if (HttpContext.Request.Headers.Keys.Contains("ApiKey", StringComparer.InvariantCultureIgnoreCase))
{ {
return apiAlias; if (HttpContext.Request.Headers.TryGetValue("ApiAlias", out var apiAlias))
{
return apiAlias;
}
} }
return null; return null;

Loading…
Cancel
Save