From 1172ece856d91d060ba5122269fc9ea55f336495 Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Fri, 3 Sep 2021 23:56:19 +0200
Subject: [PATCH] remove leading and trailing whitespace from the key

---
 .../Security/AuthorizationContext.cs          |  2 +-
 .../DefaultAuthorizationHandlerTests.cs       | 59 +++++++++++++++++--
 2 files changed, 54 insertions(+), 7 deletions(-)

diff --git a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
index e559d698a3..244abf469e 100644
--- a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
+++ b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
@@ -291,7 +291,7 @@ namespace Jellyfin.Server.Implementations.Security
                 }
                 else if (!escaped && token == '=')
                 {
-                    key = authorizationHeader[start.. i].ToString();
+                    key = authorizationHeader[start.. i].Trim().ToString();
                     start = i + 1;
                 }
             }
diff --git a/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs
index 312dffde23..ee4af34ad5 100644
--- a/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs
@@ -52,14 +52,61 @@ namespace Jellyfin.Api.Tests.Auth.DefaultAuthorizationPolicy
         }
 
         [Theory]
-        [InlineData("x=\"123,123\",y=\"123\"", "x", "123,123")]
-        [InlineData("x=\"ab\"", "x", "ab")]
-        [InlineData("param=Hörbücher", "param", "Hörbücher")]
-        [InlineData("param=%22%Hörbücher", "param", "\"%Hörbücher")]
-        public void TestAuthHeaders(string input, string key, string value)
+        [MemberData(nameof(GetParts_ValidAuthHeader_Success_Data))]
+        public void GetParts_ValidAuthHeader_Success(string input, Dictionary<string, string> parts)
         {
             var dict = AuthorizationContext.GetParts(input);
-            Assert.True(string.Equals(dict[key], value, System.StringComparison.Ordinal));
+            foreach (var (key, value) in parts)
+            {
+                Assert.Equal(dict[key], value);
+            }
+        }
+
+        private static TheoryData<string, Dictionary<string, string>> GetParts_ValidAuthHeader_Success_Data()
+        {
+            var data = new TheoryData<string, Dictionary<string, string>>();
+
+            data.Add(
+                "x=\"123,123\",y=\"123\"",
+                new Dictionary<string, string>
+                {
+                    { "x", "123,123" },
+                    { "y", "123" }
+                });
+
+            data.Add(
+                "x=\"123,123\",         y=\"123\",z=\"'hi'\"",
+                new Dictionary<string, string>
+                {
+                    { "x", "123,123" },
+                    { "y", "123" },
+                    { "z", "'hi'" }
+                });
+
+            data.Add(
+                "x=\"ab\"",
+                new Dictionary<string, string>
+                {
+                    { "x", "ab" }
+                });
+
+            data.Add(
+                "param=Hörbücher",
+                new Dictionary<string, string>
+                {
+                    { "param", "Hörbücher" }
+                }
+                );
+
+            data.Add(
+                "param=%22%Hörbücher",
+                new Dictionary<string, string>
+                {
+                    { "param", "\"%Hörbücher" }
+                }
+                );
+
+            return data;
         }
     }
 }