jellyfin/Emby.Server.Implementations/HttpServer/Security/AuthService.cs

#pragma warning disable CS1591

using System.Threading.Tasks;
using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class AuthService : IAuthService
    {
        private readonly IAuthorizationContext _authorizationContext;

        public AuthService(
            IAuthorizationContext authorizationContext)
        {
            _authorizationContext = authorizationContext;
        }

        public async Task<AuthorizationInfo> Authenticate(HttpRequest request)
        {
            var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false);

            if (!auth.HasToken)
            {
                return auth;
            }

            if (!auth.IsAuthenticated)
            {
                throw new SecurityException("Invalid token.");
            }

            if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
            {
                throw new SecurityException("User account has been disabled.");
            }

            return auth;
        }
    }
}
Fix more warnings 5 years ago			`#pragma warning disable CS1591`

Migrate authentication db to EF Core 4 years ago			`using System.Threading.Tasks;`
Initial migration code 5 years ago			`using Jellyfin.Data.Enums;`
run all ajax through apiclient 11 years ago			`using MediaBrowser.Controller.Net;`
Add authentication and remove versioning 5 years ago			`using Microsoft.AspNetCore.Http;`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 11 years ago
move classes 8 years ago			`namespace Emby.Server.Implementations.HttpServer.Security`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 11 years ago			`{`
			`public class AuthService : IAuthService`
			`{`
Replace custom code with Asp.Net Core code 5 years ago			`private readonly IAuthorizationContext _authorizationContext;`
completed auth database 10 years ago
Replace custom code with Asp.Net Core code 5 years ago			`public AuthService(`
Remove ServiceStack and related stuff 4 years ago			`IAuthorizationContext authorizationContext)`
run all ajax through apiclient 11 years ago			`{`
Replace custom code with Asp.Net Core code 5 years ago			`_authorizationContext = authorizationContext;`
Add authentication and remove versioning 5 years ago			`}`

Migrate authentication db to EF Core 4 years ago			`public async Task<AuthorizationInfo> Authenticate(HttpRequest request)`
Add more authorization handlers, actually authorize requests 4 years ago			`{`
Migrate authentication db to EF Core 4 years ago			`var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false);`
Return NoResult only when request doesn't have a token. 4 years ago
			`if (!auth.HasToken)`
			`{`
Don't throw exception on unauthenticated requests 3 years ago			`return auth;`
Return NoResult only when request doesn't have a token. 4 years ago			`}`

Remove OriginalAuthenticationInfo and add IsAuthenticated property 4 years ago			`if (!auth.IsAuthenticated)`
Move SecurityException 4 years ago			`{`
Return NoResult only when request doesn't have a token. 4 years ago			`throw new SecurityException("Invalid token.");`
Move SecurityException 4 years ago			`}`

Allow apikey to authenticate as admin 4 years ago			`if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)`
Add more authorization handlers, actually authorize requests 4 years ago			`{`
			`throw new SecurityException("User account has been disabled.");`
			`}`

			`return auth;`
			`}`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 11 years ago			`}`
			`}`