Merge pull request #9282 from cvium/simplify_authz

refactor: simplify authz
pull/8887/head
Cody Robibero 2 years ago committed by GitHub
commit 1c72a8e006
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,4 +1,5 @@
using System.Threading.Tasks; using System.Threading.Tasks;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
@ -29,7 +30,7 @@ namespace Jellyfin.Api.Auth.AnonymousLanAccessPolicy
/// <inheritdoc /> /// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
{ {
var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress; var ip = _httpContextAccessor.HttpContext?.GetNormalizedRemoteIp();
// Loopback will be on LAN, so we can accept null. // Loopback will be on LAN, so we can accept null.
if (ip is null || _networkManager.IsInLocalNetwork(ip)) if (ip is null || _networkManager.IsInLocalNetwork(ip))

@ -1,113 +0,0 @@
using System.Security.Claims;
using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth
{
/// <summary>
/// Base authorization handler.
/// </summary>
/// <typeparam name="T">Type of Authorization Requirement.</typeparam>
public abstract class BaseAuthorizationHandler<T> : AuthorizationHandler<T>
where T : IAuthorizationRequirement
{
private readonly IUserManager _userManager;
private readonly INetworkManager _networkManager;
private readonly IHttpContextAccessor _httpContextAccessor;
/// <summary>
/// Initializes a new instance of the <see cref="BaseAuthorizationHandler{T}"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
protected BaseAuthorizationHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
{
_userManager = userManager;
_networkManager = networkManager;
_httpContextAccessor = httpContextAccessor;
}
/// <summary>
/// Validate authenticated claims.
/// </summary>
/// <param name="claimsPrincipal">Request claims.</param>
/// <param name="ignoreSchedule">Whether to ignore parental control.</param>
/// <param name="localAccessOnly">Whether access is to be allowed locally only.</param>
/// <param name="requiredDownloadPermission">Whether validation requires download permission.</param>
/// <returns>Validated claim status.</returns>
protected bool ValidateClaims(
ClaimsPrincipal claimsPrincipal,
bool ignoreSchedule = false,
bool localAccessOnly = false,
bool requiredDownloadPermission = false)
{
// ApiKey is currently global admin, always allow.
var isApiKey = claimsPrincipal.GetIsApiKey();
if (isApiKey)
{
return true;
}
// Ensure claim has userId.
var userId = claimsPrincipal.GetUserId();
if (userId.Equals(default))
{
return false;
}
// Ensure userId links to a valid user.
var user = _userManager.GetUserById(userId);
if (user is null)
{
return false;
}
// Ensure user is not disabled.
if (user.HasPermission(PermissionKind.IsDisabled))
{
return false;
}
var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
&& _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
// User cannot access remotely and user is remote
if (!user.HasPermission(PermissionKind.EnableRemoteAccess) && !isInLocalNetwork)
{
return false;
}
if (localAccessOnly && !isInLocalNetwork)
{
return false;
}
// User attempting to access out of parental control hours.
if (!ignoreSchedule
&& !user.HasPermission(PermissionKind.IsAdministrator)
&& !user.IsParentalScheduleAllowed())
{
return false;
}
// User attempting to download without permission.
if (requiredDownloadPermission
&& !user.HasPermission(PermissionKind.EnableContentDownloading))
{
return false;
}
return true;
}
}
}

@ -1,4 +1,8 @@
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
@ -9,8 +13,12 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
/// <summary> /// <summary>
/// Default authorization handler. /// Default authorization handler.
/// </summary> /// </summary>
public class DefaultAuthorizationHandler : BaseAuthorizationHandler<DefaultAuthorizationRequirement> public class DefaultAuthorizationHandler : AuthorizationHandler<DefaultAuthorizationRequirement>
{ {
private readonly IUserManager _userManager;
private readonly INetworkManager _networkManager;
private readonly IHttpContextAccessor _httpContextAccessor;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class. /// Initializes a new instance of the <see cref="DefaultAuthorizationHandler"/> class.
/// </summary> /// </summary>
@ -21,21 +29,56 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
IUserManager userManager, IUserManager userManager,
INetworkManager networkManager, INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor) IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{ {
_userManager = userManager;
_networkManager = networkManager;
_httpContextAccessor = httpContextAccessor;
} }
/// <inheritdoc /> /// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement)
{ {
var validated = ValidateClaims(context.User); var isApiKey = context.User.GetIsApiKey();
if (validated) var userId = context.User.GetUserId();
// This likely only happens during the wizard, so skip the default checks and let any other handlers do it
if (!isApiKey && userId.Equals(default))
{
return Task.CompletedTask;
}
var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
&& _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
var user = _userManager.GetUserById(userId);
if (user is null)
{
throw new ResourceNotFoundException();
}
// User cannot access remotely and user is remote
if (!isInLocalNetwork && !user.HasPermission(PermissionKind.EnableRemoteAccess))
{
context.Fail();
return Task.CompletedTask;
}
// Admins can do everything
if (isApiKey || context.User.IsInRole(UserRoles.Administrator))
{ {
context.Succeed(requirement); context.Succeed(requirement);
return Task.CompletedTask;
} }
else
// It's not great to have this check, but parental schedule must usually be honored except in a few rare cases
if (requirement.ValidateParentalSchedule && !user.IsParentalScheduleAllowed())
{ {
context.Fail(); context.Fail();
return Task.CompletedTask;
}
// Only succeed if the requirement isn't a subclass as any subclassed requirement will handle success in its own handler
if (requirement.GetType() == typeof(DefaultAuthorizationRequirement))
{
context.Succeed(requirement);
} }
return Task.CompletedTask; return Task.CompletedTask;

@ -7,5 +7,18 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
/// </summary> /// </summary>
public class DefaultAuthorizationRequirement : IAuthorizationRequirement public class DefaultAuthorizationRequirement : IAuthorizationRequirement
{ {
/// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthorizationRequirement"/> class.
/// </summary>
/// <param name="validateParentalSchedule">A value indicating whether to validate parental schedule.</param>
public DefaultAuthorizationRequirement(bool validateParentalSchedule = true)
{
ValidateParentalSchedule = validateParentalSchedule;
}
/// <summary>
/// Gets a value indicating whether to ignore parental schedule.
/// </summary>
public bool ValidateParentalSchedule { get; }
} }
} }

@ -1,44 +0,0 @@
using System.Threading.Tasks;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.DownloadPolicy
{
/// <summary>
/// Download authorization handler.
/// </summary>
public class DownloadHandler : BaseAuthorizationHandler<DownloadRequirement>
{
/// <summary>
/// Initializes a new instance of the <see cref="DownloadHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public DownloadHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DownloadRequirement requirement)
{
var validated = ValidateClaims(context.User);
if (validated)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.DownloadPolicy
{
/// <summary>
/// The download permission requirement.
/// </summary>
public class DownloadRequirement : IAuthorizationRequirement
{
}
}

@ -1,56 +0,0 @@
using System.Threading.Tasks;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
{
/// <summary>
/// Ignore parental control schedule and allow before startup wizard has been completed.
/// </summary>
public class FirstTimeOrIgnoreParentalControlSetupHandler : BaseAuthorizationHandler<FirstTimeOrIgnoreParentalControlSetupRequirement>
{
private readonly IConfigurationManager _configurationManager;
/// <summary>
/// Initializes a new instance of the <see cref="FirstTimeOrIgnoreParentalControlSetupHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
public FirstTimeOrIgnoreParentalControlSetupHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor,
IConfigurationManager configurationManager)
: base(userManager, networkManager, httpContextAccessor)
{
_configurationManager = configurationManager;
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeOrIgnoreParentalControlSetupRequirement requirement)
{
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
var validated = ValidateClaims(context.User, ignoreSchedule: true);
if (validated)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy
{
/// <summary>
/// First time setup or ignore parental controls requirement.
/// </summary>
public class FirstTimeOrIgnoreParentalControlSetupRequirement : IAuthorizationRequirement
{
}
}

@ -1,56 +0,0 @@
using System.Threading.Tasks;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
{
/// <summary>
/// Authorization handler for requiring first time setup or default privileges.
/// </summary>
public class FirstTimeSetupOrDefaultHandler : BaseAuthorizationHandler<FirstTimeSetupOrDefaultRequirement>
{
private readonly IConfigurationManager _configurationManager;
/// <summary>
/// Initializes a new instance of the <see cref="FirstTimeSetupOrDefaultHandler" /> class.
/// </summary>
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public FirstTimeSetupOrDefaultHandler(
IConfigurationManager configurationManager,
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
_configurationManager = configurationManager;
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement requirement)
{
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
var validated = ValidateClaims(context.User);
if (validated)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
{
/// <summary>
/// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
/// </summary>
public class FirstTimeSetupOrDefaultRequirement : IAuthorizationRequirement
{
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
{
/// <summary>
/// The authorization requirement, requiring incomplete first time setup or elevated privileges, for the authorization handler.
/// </summary>
public class FirstTimeSetupOrElevatedRequirement : IAuthorizationRequirement
{
}
}

@ -1,39 +1,36 @@
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions;
using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
{ {
/// <summary> /// <summary>
/// Authorization handler for requiring first time setup or elevated privileges. /// Authorization handler for requiring first time setup or default privileges.
/// </summary> /// </summary>
public class FirstTimeSetupOrElevatedHandler : BaseAuthorizationHandler<FirstTimeSetupOrElevatedRequirement> public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
{ {
private readonly IConfigurationManager _configurationManager; private readonly IConfigurationManager _configurationManager;
private readonly IUserManager _userManager;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="FirstTimeSetupOrElevatedHandler" /> class. /// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
/// </summary> /// </summary>
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param> /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param> /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param> public FirstTimeSetupHandler(
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public FirstTimeSetupOrElevatedHandler(
IConfigurationManager configurationManager, IConfigurationManager configurationManager,
IUserManager userManager, IUserManager userManager)
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{ {
_configurationManager = configurationManager; _configurationManager = configurationManager;
_userManager = userManager;
} }
/// <inheritdoc /> /// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
{ {
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted) if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{ {
@ -41,14 +38,27 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
return Task.CompletedTask; return Task.CompletedTask;
} }
var validated = ValidateClaims(context.User); if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
if (validated && context.User.IsInRole(UserRoles.Administrator)) {
context.Fail();
return Task.CompletedTask;
}
if (!requirement.ValidateParentalSchedule)
{ {
context.Succeed(requirement); context.Succeed(requirement);
return Task.CompletedTask;
} }
else
var user = _userManager.GetUserById(context.User.GetUserId());
if (user is null)
{ {
context.Fail(); throw new ResourceNotFoundException();
}
if (user.IsParentalScheduleAllowed())
{
context.Succeed(requirement);
} }
return Task.CompletedTask; return Task.CompletedTask;

@ -0,0 +1,25 @@
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
{
/// <summary>
/// The authorization requirement, requiring incomplete first time setup or default privileges, for the authorization handler.
/// </summary>
public class FirstTimeSetupRequirement : DefaultAuthorizationRequirement
{
/// <summary>
/// Initializes a new instance of the <see cref="FirstTimeSetupRequirement"/> class.
/// </summary>
/// <param name="validateParentalSchedule">A value indicating whether to ignore parental schedule.</param>
/// <param name="requireAdmin">A value indicating whether administrator role is required.</param>
public FirstTimeSetupRequirement(bool validateParentalSchedule = false, bool requireAdmin = true) : base(validateParentalSchedule)
{
RequireAdmin = requireAdmin;
}
/// <summary>
/// Gets a value indicating whether administrator role is required.
/// </summary>
public bool RequireAdmin { get; }
}
}

@ -1,44 +0,0 @@
using System.Threading.Tasks;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
{
/// <summary>
/// Escape schedule controls handler.
/// </summary>
public class IgnoreParentalControlHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
{
/// <summary>
/// Initializes a new instance of the <see cref="IgnoreParentalControlHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public IgnoreParentalControlHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
{
var validated = ValidateClaims(context.User, ignoreSchedule: true);
if (validated)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
{
/// <summary>
/// Escape schedule controls requirement.
/// </summary>
public class IgnoreParentalControlRequirement : IAuthorizationRequirement
{
}
}

@ -1,45 +0,0 @@
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
{
/// <summary>
/// Local access or require elevated privileges handler.
/// </summary>
public class LocalAccessOrRequiresElevationHandler : BaseAuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
{
/// <summary>
/// Initializes a new instance of the <see cref="LocalAccessOrRequiresElevationHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public LocalAccessOrRequiresElevationHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
{
var validated = ValidateClaims(context.User, localAccessOnly: true);
if (validated || context.User.IsInRole(UserRoles.Administrator))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
{
/// <summary>
/// The local access or elevated privileges authorization requirement.
/// </summary>
public class LocalAccessOrRequiresElevationRequirement : IAuthorizationRequirement
{
}
}

@ -1,44 +0,0 @@
using System.Threading.Tasks;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.LocalAccessPolicy
{
/// <summary>
/// Local access handler.
/// </summary>
public class LocalAccessHandler : BaseAuthorizationHandler<LocalAccessRequirement>
{
/// <summary>
/// Initializes a new instance of the <see cref="LocalAccessHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public LocalAccessHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessRequirement requirement)
{
var validated = ValidateClaims(context.User, localAccessOnly: true);
if (validated)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.LocalAccessPolicy
{
/// <summary>
/// The local access authorization requirement.
/// </summary>
public class LocalAccessRequirement : IAuthorizationRequirement
{
}
}

@ -1,45 +0,0 @@
using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.RequiresElevationPolicy
{
/// <summary>
/// Authorization handler for requiring elevated privileges.
/// </summary>
public class RequiresElevationHandler : BaseAuthorizationHandler<RequiresElevationRequirement>
{
/// <summary>
/// Initializes a new instance of the <see cref="RequiresElevationHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public RequiresElevationHandler(
IUserManager userManager,
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
{
var validated = ValidateClaims(context.User);
if (validated && context.User.IsInRole(UserRoles.Administrator))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
}

@ -1,11 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.RequiresElevationPolicy
{
/// <summary>
/// The authorization requirement for requiring elevated privileges in the authorization handler.
/// </summary>
public class RequiresElevationRequirement : IAuthorizationRequirement
{
}
}

@ -1,20 +1,17 @@
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.SyncPlay; using MediaBrowser.Controller.SyncPlay;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
{ {
/// <summary> /// <summary>
/// Default authorization handler. /// Default authorization handler.
/// </summary> /// </summary>
public class SyncPlayAccessHandler : BaseAuthorizationHandler<SyncPlayAccessRequirement> public class SyncPlayAccessHandler : AuthorizationHandler<SyncPlayAccessRequirement>
{ {
private readonly ISyncPlayManager _syncPlayManager; private readonly ISyncPlayManager _syncPlayManager;
private readonly IUserManager _userManager; private readonly IUserManager _userManager;
@ -24,14 +21,9 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
/// </summary> /// </summary>
/// <param name="syncPlayManager">Instance of the <see cref="ISyncPlayManager"/> interface.</param> /// <param name="syncPlayManager">Instance of the <see cref="ISyncPlayManager"/> interface.</param>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param> /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
/// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
/// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
public SyncPlayAccessHandler( public SyncPlayAccessHandler(
ISyncPlayManager syncPlayManager, ISyncPlayManager syncPlayManager,
IUserManager userManager, IUserManager userManager)
INetworkManager networkManager,
IHttpContextAccessor httpContextAccessor)
: base(userManager, networkManager, httpContextAccessor)
{ {
_syncPlayManager = syncPlayManager; _syncPlayManager = syncPlayManager;
_userManager = userManager; _userManager = userManager;
@ -40,12 +32,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
/// <inheritdoc /> /// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SyncPlayAccessRequirement requirement)
{ {
if (!ValidateClaims(context.User))
{
context.Fail();
return Task.CompletedTask;
}
var userId = context.User.GetUserId(); var userId = context.User.GetUserId();
var user = _userManager.GetUserById(userId); var user = _userManager.GetUserById(userId);
if (user is null) if (user is null)
@ -55,16 +41,11 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess) if (requirement.RequiredAccess == SyncPlayAccessRequirementType.HasAccess)
{ {
if (user.SyncPlayAccess == SyncPlayUserAccessType.CreateAndJoinGroups if (user.SyncPlayAccess is SyncPlayUserAccessType.CreateAndJoinGroups or SyncPlayUserAccessType.JoinGroups
|| user.SyncPlayAccess == SyncPlayUserAccessType.JoinGroups
|| _syncPlayManager.IsUserActive(userId)) || _syncPlayManager.IsUserActive(userId))
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup) else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.CreateGroup)
{ {
@ -72,10 +53,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup) else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.JoinGroup)
{ {
@ -84,10 +61,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup) else if (requirement.RequiredAccess == SyncPlayAccessRequirementType.IsInGroup)
{ {
@ -95,14 +68,6 @@ namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
}
else
{
context.Fail();
} }
return Task.CompletedTask; return Task.CompletedTask;

@ -1,12 +1,12 @@
using Jellyfin.Data.Enums; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Microsoft.AspNetCore.Authorization; using Jellyfin.Data.Enums;
namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy namespace Jellyfin.Api.Auth.SyncPlayAccessPolicy
{ {
/// <summary> /// <summary>
/// The default authorization requirement. /// The default authorization requirement.
/// </summary> /// </summary>
public class SyncPlayAccessRequirement : IAuthorizationRequirement public class SyncPlayAccessRequirement : DefaultAuthorizationRequirement
{ {
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="SyncPlayAccessRequirement"/> class. /// Initializes a new instance of the <see cref="SyncPlayAccessRequirement"/> class.

@ -0,0 +1,43 @@
using System.Threading.Tasks;
using Jellyfin.Api.Auth.DownloadPolicy;
using Jellyfin.Api.Extensions;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
namespace Jellyfin.Api.Auth.UserPermissionPolicy
{
/// <summary>
/// Download authorization handler.
/// </summary>
public class UserPermissionHandler : AuthorizationHandler<UserPermissionRequirement>
{
private readonly IUserManager _userManager;
/// <summary>
/// Initializes a new instance of the <see cref="UserPermissionHandler"/> class.
/// </summary>
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
public UserPermissionHandler(IUserManager userManager)
{
_userManager = userManager;
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserPermissionRequirement requirement)
{
var user = _userManager.GetUserById(context.User.GetUserId());
if (user is null)
{
throw new ResourceNotFoundException();
}
if (user.HasPermission(requirement.RequiredPermission))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
}

@ -0,0 +1,26 @@
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Data.Enums;
namespace Jellyfin.Api.Auth.DownloadPolicy
{
/// <summary>
/// The user permission requirement.
/// </summary>
public class UserPermissionRequirement : DefaultAuthorizationRequirement
{
/// <summary>
/// Initializes a new instance of the <see cref="UserPermissionRequirement"/> class.
/// </summary>
/// <param name="requiredPermission">The required <see cref="PermissionKind"/>.</param>
/// <param name="validateParentalSchedule">Whether to validate the user's parental schedule.</param>
public UserPermissionRequirement(PermissionKind requiredPermission, bool validateParentalSchedule = true) : base(validateParentalSchedule)
{
RequiredPermission = requiredPermission;
}
/// <summary>
/// Gets the required user permission.
/// </summary>
public PermissionKind RequiredPermission { get; }
}
}

@ -5,11 +5,6 @@ namespace Jellyfin.Api.Constants;
/// </summary> /// </summary>
public static class Policies public static class Policies
{ {
/// <summary>
/// Policy name for default authorization.
/// </summary>
public const string DefaultAuthorization = "DefaultAuthorization";
/// <summary> /// <summary>
/// Policy name for requiring first time setup or elevated privileges. /// Policy name for requiring first time setup or elevated privileges.
/// </summary> /// </summary>

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// The artists controller. /// The artists controller.
/// </summary> /// </summary>
[Route("Artists")] [Route("Artists")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ArtistsController : BaseJellyfinApiController public class ArtistsController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -3,7 +3,6 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Channels Controller. /// Channels Controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ChannelsController : BaseJellyfinApiController public class ChannelsController : BaseJellyfinApiController
{ {
private readonly IChannelManager _channelManager; private readonly IChannelManager _channelManager;

@ -1,7 +1,6 @@
using System.Net.Mime; using System.Net.Mime;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Models.ClientLogDtos; using Jellyfin.Api.Models.ClientLogDtos;
using MediaBrowser.Controller.ClientEvent; using MediaBrowser.Controller.ClientEvent;
@ -15,7 +14,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Client log controller. /// Client log controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ClientLogController : BaseJellyfinApiController public class ClientLogController : BaseJellyfinApiController
{ {
private const int MaxDocumentSize = 1_000_000; private const int MaxDocumentSize = 1_000_000;

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using MediaBrowser.Controller.Collections; using MediaBrowser.Controller.Collections;
@ -17,7 +16,7 @@ namespace Jellyfin.Api.Controllers;
/// The collection controller. /// The collection controller.
/// </summary> /// </summary>
[Route("Collections")] [Route("Collections")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class CollectionController : BaseJellyfinApiController public class CollectionController : BaseJellyfinApiController
{ {
private readonly ICollectionManager _collectionManager; private readonly ICollectionManager _collectionManager;

@ -19,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
/// Configuration Controller. /// Configuration Controller.
/// </summary> /// </summary>
[Route("System")] [Route("System")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ConfigurationController : BaseJellyfinApiController public class ConfigurationController : BaseJellyfinApiController
{ {
private readonly IServerConfigurationManager _configurationManager; private readonly IServerConfigurationManager _configurationManager;

@ -4,7 +4,6 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Models; using Jellyfin.Api.Models;
using MediaBrowser.Common.Plugins; using MediaBrowser.Common.Plugins;
using MediaBrowser.Model.Net; using MediaBrowser.Model.Net;
@ -48,7 +47,7 @@ public class DashboardController : BaseJellyfinApiController
[HttpGet("web/ConfigurationPages")] [HttpGet("web/ConfigurationPages")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages( public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages(
[FromQuery] bool? enableInMainMenu) [FromQuery] bool? enableInMainMenu)
{ {

@ -3,7 +3,6 @@ using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Globalization; using System.Globalization;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Display Preferences Controller. /// Display Preferences Controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class DisplayPreferencesController : BaseJellyfinApiController public class DisplayPreferencesController : BaseJellyfinApiController
{ {
private readonly IDisplayPreferencesManager _displayPreferencesManager; private readonly IDisplayPreferencesManager _displayPreferencesManager;

@ -9,7 +9,6 @@ using System.Text;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.PlaybackDtos; using Jellyfin.Api.Models.PlaybackDtos;
using Jellyfin.Api.Models.StreamingDtos; using Jellyfin.Api.Models.StreamingDtos;
@ -36,7 +35,7 @@ namespace Jellyfin.Api.Controllers;
/// Dynamic hls controller. /// Dynamic hls controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class DynamicHlsController : BaseJellyfinApiController public class DynamicHlsController : BaseJellyfinApiController
{ {
private const string DefaultVodEncoderPreset = "veryfast"; private const string DefaultVodEncoderPreset = "veryfast";

@ -1,6 +1,5 @@
using System; using System;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Dto;
@ -18,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
/// Filters controller. /// Filters controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class FilterController : BaseJellyfinApiController public class FilterController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// The genres controller. /// The genres controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class GenresController : BaseJellyfinApiController public class GenresController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;
@ -132,7 +131,7 @@ public class GenresController : BaseJellyfinApiController
QueryResult<(BaseItem, ItemCounts)> result; QueryResult<(BaseItem, ItemCounts)> result;
if (parentItem is ICollectionFolder parentCollectionFolder if (parentItem is ICollectionFolder parentCollectionFolder
&& (string.Equals(parentCollectionFolder.CollectionType, CollectionType.Music, StringComparison.Ordinal) && (string.Equals(parentCollectionFolder.CollectionType, CollectionType.Music, StringComparison.Ordinal)
|| string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal))) || string.Equals(parentCollectionFolder.CollectionType, CollectionType.MusicVideos, StringComparison.Ordinal)))
{ {
result = _libraryManager.GetMusicGenres(query); result = _libraryManager.GetMusicGenres(query);
} }

@ -4,7 +4,6 @@ using System.Diagnostics.CodeAnalysis;
using System.IO; using System.IO;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Configuration;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
@ -80,7 +79,7 @@ public class HlsSegmentController : BaseJellyfinApiController
/// <response code="200">Hls video playlist returned.</response> /// <response code="200">Hls video playlist returned.</response>
/// <returns>A <see cref="FileStreamResult"/> containing the playlist.</returns> /// <returns>A <see cref="FileStreamResult"/> containing the playlist.</returns>
[HttpGet("Videos/{itemId}/hls/{playlistId}/stream.m3u8")] [HttpGet("Videos/{itemId}/hls/{playlistId}/stream.m3u8")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesPlaylistFile] [ProducesPlaylistFile]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "itemId", Justification = "Required for ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "itemId", Justification = "Required for ServiceStack")]
@ -106,7 +105,7 @@ public class HlsSegmentController : BaseJellyfinApiController
/// <response code="204">Encoding stopped successfully.</response> /// <response code="204">Encoding stopped successfully.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
[HttpDelete("Videos/ActiveEncodings")] [HttpDelete("Videos/ActiveEncodings")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult StopEncodingProcess( public ActionResult StopEncodingProcess(
[FromQuery, Required] string deviceId, [FromQuery, Required] string deviceId,

@ -88,7 +88,7 @@ public class ImageController : BaseJellyfinApiController
/// <response code="403">User does not have permission to delete the image.</response> /// <response code="403">User does not have permission to delete the image.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Users/{userId}/Images/{imageType}")] [HttpPost("Users/{userId}/Images/{imageType}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[AcceptsImageFile] [AcceptsImageFile]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -142,7 +142,7 @@ public class ImageController : BaseJellyfinApiController
/// <response code="403">User does not have permission to delete the image.</response> /// <response code="403">User does not have permission to delete the image.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Users/{userId}/Images/{imageType}/{index}")] [HttpPost("Users/{userId}/Images/{imageType}/{index}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[AcceptsImageFile] [AcceptsImageFile]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -196,7 +196,7 @@ public class ImageController : BaseJellyfinApiController
/// <response code="403">User does not have permission to delete the image.</response> /// <response code="403">User does not have permission to delete the image.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Users/{userId}/Images/{imageType}")] [HttpDelete("Users/{userId}/Images/{imageType}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
@ -240,7 +240,7 @@ public class ImageController : BaseJellyfinApiController
/// <response code="403">User does not have permission to delete the image.</response> /// <response code="403">User does not have permission to delete the image.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Users/{userId}/Images/{imageType}/{index}")] [HttpDelete("Users/{userId}/Images/{imageType}/{index}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
@ -442,7 +442,7 @@ public class ImageController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>The list of image infos on success, or <see cref="NotFoundResult"/> if item not found.</returns> /// <returns>The list of image infos on success, or <see cref="NotFoundResult"/> if item not found.</returns>
[HttpGet("Items/{itemId}/Images")] [HttpGet("Items/{itemId}/Images")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult<IEnumerable<ImageInfo>>> GetItemImageInfos([FromRoute, Required] Guid itemId) public async Task<ActionResult<IEnumerable<ImageInfo>>> GetItemImageInfos([FromRoute, Required] Guid itemId)
@ -1940,10 +1940,10 @@ public class ImageController : BaseJellyfinApiController
} }
var responseHeaders = new Dictionary<string, string> var responseHeaders = new Dictionary<string, string>
{ {
{ "transferMode.dlna.org", "Interactive" }, { "transferMode.dlna.org", "Interactive" },
{ "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" } { "realTimeInfo.dlna.org", "DLNA.ORG_TLAG=*" }
}; };
if (!imageInfo.IsLocalFile && item is not null) if (!imageInfo.IsLocalFile && item is not null)
{ {

@ -1,7 +1,6 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
@ -22,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
/// The instant mix controller. /// The instant mix controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class InstantMixController : BaseJellyfinApiController public class InstantMixController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -23,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
/// Item lookup controller. /// Item lookup controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ItemLookupController : BaseJellyfinApiController public class ItemLookupController : BaseJellyfinApiController
{ {
private readonly IProviderManager _providerManager; private readonly IProviderManager _providerManager;

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -26,7 +25,7 @@ namespace Jellyfin.Api.Controllers;
/// The items controller. /// The items controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class ItemsController : BaseJellyfinApiController public class ItemsController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -95,7 +95,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>A <see cref="FileStreamResult"/> with the original file.</returns> /// <returns>A <see cref="FileStreamResult"/> with the original file.</returns>
[HttpGet("Items/{itemId}/File")] [HttpGet("Items/{itemId}/File")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
[ProducesFile("video/*", "audio/*")] [ProducesFile("video/*", "audio/*")]
@ -116,7 +116,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="200">Critic reviews returned.</response> /// <response code="200">Critic reviews returned.</response>
/// <returns>The list of critic reviews.</returns> /// <returns>The list of critic reviews.</returns>
[HttpGet("Items/{itemId}/CriticReviews")] [HttpGet("Items/{itemId}/CriticReviews")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[Obsolete("This endpoint is obsolete.")] [Obsolete("This endpoint is obsolete.")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews() public ActionResult<QueryResult<BaseItemDto>> GetCriticReviews()
@ -134,7 +134,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>The item theme songs.</returns> /// <returns>The item theme songs.</returns>
[HttpGet("Items/{itemId}/ThemeSongs")] [HttpGet("Items/{itemId}/ThemeSongs")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<ThemeMediaResult> GetThemeSongs( public ActionResult<ThemeMediaResult> GetThemeSongs(
@ -200,7 +200,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>The item theme videos.</returns> /// <returns>The item theme videos.</returns>
[HttpGet("Items/{itemId}/ThemeVideos")] [HttpGet("Items/{itemId}/ThemeVideos")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<ThemeMediaResult> GetThemeVideos( public ActionResult<ThemeMediaResult> GetThemeVideos(
@ -266,7 +266,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>The item theme videos.</returns> /// <returns>The item theme videos.</returns>
[HttpGet("Items/{itemId}/ThemeMedia")] [HttpGet("Items/{itemId}/ThemeMedia")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<AllThemeMediaResult> GetThemeMedia( public ActionResult<AllThemeMediaResult> GetThemeMedia(
[FromRoute, Required] Guid itemId, [FromRoute, Required] Guid itemId,
@ -326,7 +326,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="401">Unauthorized access.</response> /// <response code="401">Unauthorized access.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Items/{itemId}")] [HttpDelete("Items/{itemId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status401Unauthorized)]
public ActionResult DeleteItem(Guid itemId) public ActionResult DeleteItem(Guid itemId)
@ -355,7 +355,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="401">Unauthorized access.</response> /// <response code="401">Unauthorized access.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Items")] [HttpDelete("Items")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status401Unauthorized)]
public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids) public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
@ -397,7 +397,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="200">Item counts returned.</response> /// <response code="200">Item counts returned.</response>
/// <returns>Item counts.</returns> /// <returns>Item counts.</returns>
[HttpGet("Items/Counts")] [HttpGet("Items/Counts")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<ItemCounts> GetItemCounts( public ActionResult<ItemCounts> GetItemCounts(
[FromQuery] Guid? userId, [FromQuery] Guid? userId,
@ -431,7 +431,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>Item parents.</returns> /// <returns>Item parents.</returns>
[HttpGet("Items/{itemId}/Ancestors")] [HttpGet("Items/{itemId}/Ancestors")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId) public ActionResult<IEnumerable<BaseItemDto>> GetAncestors([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
@ -518,7 +518,7 @@ public class LibraryController : BaseJellyfinApiController
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Library/Series/Added", Name = "PostAddedSeries")] [HttpPost("Library/Series/Added", Name = "PostAddedSeries")]
[HttpPost("Library/Series/Updated")] [HttpPost("Library/Series/Updated")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId) public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
{ {
@ -548,7 +548,7 @@ public class LibraryController : BaseJellyfinApiController
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Library/Movies/Added", Name = "PostAddedMovies")] [HttpPost("Library/Movies/Added", Name = "PostAddedMovies")]
[HttpPost("Library/Movies/Updated")] [HttpPost("Library/Movies/Updated")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId) public ActionResult PostUpdatedMovies([FromQuery] string? tmdbId, [FromQuery] string? imdbId)
{ {
@ -589,7 +589,7 @@ public class LibraryController : BaseJellyfinApiController
/// <response code="204">Report success.</response> /// <response code="204">Report success.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Library/Media/Updated")] [HttpPost("Library/Media/Updated")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto) public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto dto)
{ {
@ -666,7 +666,7 @@ public class LibraryController : BaseJellyfinApiController
[HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")] [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows")]
[HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")] [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies")]
[HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")] [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems( public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
[FromRoute, Required] Guid itemId, [FromRoute, Required] Guid itemId,
@ -816,32 +816,32 @@ public class LibraryController : BaseJellyfinApiController
Type = type, Type = type,
MetadataFetchers = plugins MetadataFetchers = plugins
.Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase)) .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
.SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher)) .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.MetadataFetcher))
.Select(i => new LibraryOptionInfoDto .Select(i => new LibraryOptionInfoDto
{ {
Name = i.Name, Name = i.Name,
DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary) DefaultEnabled = IsMetadataFetcherEnabledByDefault(i.Name, type, isNewLibrary)
}) })
.DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase) .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
.ToArray(), .ToArray(),
ImageFetchers = plugins ImageFetchers = plugins
.Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase)) .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
.SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher)) .SelectMany(i => i.Plugins.Where(p => p.Type == MetadataPluginType.ImageFetcher))
.Select(i => new LibraryOptionInfoDto .Select(i => new LibraryOptionInfoDto
{ {
Name = i.Name, Name = i.Name,
DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary) DefaultEnabled = IsImageFetcherEnabledByDefault(i.Name, type, isNewLibrary)
}) })
.DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase) .DistinctBy(i => i.Name, StringComparer.OrdinalIgnoreCase)
.ToArray(), .ToArray(),
SupportedImageTypes = plugins SupportedImageTypes = plugins
.Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase)) .Where(i => string.Equals(i.ItemType, type, StringComparison.OrdinalIgnoreCase))
.SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>()) .SelectMany(i => i.SupportedImageTypes ?? Array.Empty<ImageType>())
.Distinct() .Distinct()
.ToArray(), .ToArray(),
DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>() DefaultImageOptions = defaultImageOptions ?? Array.Empty<ImageOption>()
}); });
@ -934,13 +934,13 @@ public class LibraryController : BaseJellyfinApiController
if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase)) if (string.Equals(name, "TheMovieDb", StringComparison.OrdinalIgnoreCase))
{ {
return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase) return !(string.Equals(type, "Season", StringComparison.OrdinalIgnoreCase)
|| string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase) || string.Equals(type, "Episode", StringComparison.OrdinalIgnoreCase)
|| string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase)); || string.Equals(type, "MusicVideo", StringComparison.OrdinalIgnoreCase));
} }
return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase) return string.Equals(name, "TheTVDB", StringComparison.OrdinalIgnoreCase)
|| string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase) || string.Equals(name, "TheAudioDB", StringComparison.OrdinalIgnoreCase)
|| string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase); || string.Equals(name, "MusicBrainz", StringComparison.OrdinalIgnoreCase);
} }
var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions var metadataOptions = _serverConfigurationManager.Configuration.MetadataOptions
@ -948,7 +948,7 @@ public class LibraryController : BaseJellyfinApiController
.ToArray(); .ToArray();
return metadataOptions.Length == 0 return metadataOptions.Length == 0
|| metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase)); || metadataOptions.Any(i => !i.DisabledMetadataFetchers.Contains(name, StringComparison.OrdinalIgnoreCase));
} }
private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary) private bool IsImageFetcherEnabledByDefault(string name, string type, bool isNewLibrary)

@ -10,7 +10,6 @@ using System.Text;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -95,7 +94,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Info")] [HttpGet("Info")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<LiveTvInfo> GetLiveTvInfo() public ActionResult<LiveTvInfo> GetLiveTvInfo()
{ {
return _liveTvManager.GetLiveTvInfo(CancellationToken.None); return _liveTvManager.GetLiveTvInfo(CancellationToken.None);
@ -131,7 +130,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Channels")] [HttpGet("Channels")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels( public ActionResult<QueryResult<BaseItemDto>> GetLiveTvChannels(
[FromQuery] ChannelType? type, [FromQuery] ChannelType? type,
[FromQuery] Guid? userId, [FromQuery] Guid? userId,
@ -210,7 +209,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns> /// <returns>An <see cref="OkResult"/> containing the live tv channel.</returns>
[HttpGet("Channels/{channelId}")] [HttpGet("Channels/{channelId}")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId) public ActionResult<BaseItemDto> GetChannel([FromRoute, Required] Guid channelId, [FromQuery] Guid? userId)
{ {
var user = userId is null || userId.Value.Equals(default) var user = userId is null || userId.Value.Equals(default)
@ -251,7 +250,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns> /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
[HttpGet("Recordings")] [HttpGet("Recordings")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<QueryResult<BaseItemDto>> GetRecordings( public ActionResult<QueryResult<BaseItemDto>> GetRecordings(
[FromQuery] string? channelId, [FromQuery] string? channelId,
[FromQuery] Guid? userId, [FromQuery] Guid? userId,
@ -322,7 +321,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns> /// <returns>An <see cref="OkResult"/> containing the live tv recordings.</returns>
[HttpGet("Recordings/Series")] [HttpGet("Recordings/Series")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[Obsolete("This endpoint is obsolete.")] [Obsolete("This endpoint is obsolete.")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "channelId", Justification = "Imported from ServiceStack")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
@ -365,7 +364,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the recording groups.</returns> /// <returns>An <see cref="OkResult"/> containing the recording groups.</returns>
[HttpGet("Recordings/Groups")] [HttpGet("Recordings/Groups")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[Obsolete("This endpoint is obsolete.")] [Obsolete("This endpoint is obsolete.")]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId) public ActionResult<QueryResult<BaseItemDto>> GetRecordingGroups([FromQuery] Guid? userId)
@ -381,7 +380,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the recording folders.</returns> /// <returns>An <see cref="OkResult"/> containing the recording folders.</returns>
[HttpGet("Recordings/Folders")] [HttpGet("Recordings/Folders")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId) public ActionResult<QueryResult<BaseItemDto>> GetRecordingFolders([FromQuery] Guid? userId)
{ {
var user = userId is null || userId.Value.Equals(default) var user = userId is null || userId.Value.Equals(default)
@ -403,7 +402,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns> /// <returns>An <see cref="OkResult"/> containing the live tv recording.</returns>
[HttpGet("Recordings/{recordingId}")] [HttpGet("Recordings/{recordingId}")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId) public ActionResult<BaseItemDto> GetRecording([FromRoute, Required] Guid recordingId, [FromQuery] Guid? userId)
{ {
var user = userId is null || userId.Value.Equals(default) var user = userId is null || userId.Value.Equals(default)
@ -425,7 +424,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Tuners/{tunerId}/Reset")] [HttpPost("Tuners/{tunerId}/Reset")]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId) public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
{ {
await AssertUserCanManageLiveTv().ConfigureAwait(false); await AssertUserCanManageLiveTv().ConfigureAwait(false);
@ -443,7 +442,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Timers/{timerId}")] [HttpGet("Timers/{timerId}")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId) public async Task<ActionResult<TimerInfoDto>> GetTimer([FromRoute, Required] string timerId)
{ {
return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false); return await _liveTvManager.GetTimer(timerId, CancellationToken.None).ConfigureAwait(false);
@ -459,7 +458,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Timers/Defaults")] [HttpGet("Timers/Defaults")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId) public async Task<ActionResult<SeriesTimerInfoDto>> GetDefaultTimer([FromQuery] string? programId)
{ {
return string.IsNullOrEmpty(programId) return string.IsNullOrEmpty(programId)
@ -479,7 +478,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Timers")] [HttpGet("Timers")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers( public async Task<ActionResult<QueryResult<TimerInfoDto>>> GetTimers(
[FromQuery] string? channelId, [FromQuery] string? channelId,
[FromQuery] string? seriesTimerId, [FromQuery] string? seriesTimerId,
@ -533,7 +532,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpGet("Programs")] [HttpGet("Programs")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms( public async Task<ActionResult<QueryResult<BaseItemDto>>> GetLiveTvPrograms(
[FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds, [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] channelIds,
[FromQuery] Guid? userId, [FromQuery] Guid? userId,
@ -616,7 +615,7 @@ public class LiveTvController : BaseJellyfinApiController
/// </returns> /// </returns>
[HttpPost("Programs")] [HttpPost("Programs")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body) public async Task<ActionResult<QueryResult<BaseItemDto>>> GetPrograms([FromBody] GetProgramsDto body)
{ {
var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId); var user = body.UserId.Equals(default) ? null : _userManager.GetUserById(body.UserId);
@ -682,7 +681,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Recommended epgs returned.</response> /// <response code="200">Recommended epgs returned.</response>
/// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns> /// <returns>A <see cref="OkResult"/> containing the queryresult of recommended epgs.</returns>
[HttpGet("Programs/Recommended")] [HttpGet("Programs/Recommended")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms( public async Task<ActionResult<QueryResult<BaseItemDto>>> GetRecommendedPrograms(
[FromQuery] Guid? userId, [FromQuery] Guid? userId,
@ -734,7 +733,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Program returned.</response> /// <response code="200">Program returned.</response>
/// <returns>An <see cref="OkResult"/> containing the livetv program.</returns> /// <returns>An <see cref="OkResult"/> containing the livetv program.</returns>
[HttpGet("Programs/{programId}")] [HttpGet("Programs/{programId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<BaseItemDto>> GetProgram( public async Task<ActionResult<BaseItemDto>> GetProgram(
[FromRoute, Required] string programId, [FromRoute, Required] string programId,
@ -755,7 +754,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns> /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if item not found.</returns>
[HttpDelete("Recordings/{recordingId}")] [HttpDelete("Recordings/{recordingId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId) public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
@ -783,7 +782,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Timer deleted.</response> /// <response code="204">Timer deleted.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Timers/{timerId}")] [HttpDelete("Timers/{timerId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId) public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
{ {
@ -800,7 +799,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Timer updated.</response> /// <response code="204">Timer updated.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Timers/{timerId}")] [HttpPost("Timers/{timerId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo) public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
@ -817,7 +816,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Timer created.</response> /// <response code="204">Timer created.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Timers")] [HttpPost("Timers")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo) public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
{ {
@ -834,7 +833,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="404">Series timer not found.</response> /// <response code="404">Series timer not found.</response>
/// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns> /// <returns>A <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if timer not found.</returns>
[HttpGet("SeriesTimers/{timerId}")] [HttpGet("SeriesTimers/{timerId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId) public async Task<ActionResult<SeriesTimerInfoDto>> GetSeriesTimer([FromRoute, Required] string timerId)
@ -856,7 +855,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Timers returned.</response> /// <response code="200">Timers returned.</response>
/// <returns>An <see cref="OkResult"/> of live tv series timers.</returns> /// <returns>An <see cref="OkResult"/> of live tv series timers.</returns>
[HttpGet("SeriesTimers")] [HttpGet("SeriesTimers")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder) public async Task<ActionResult<QueryResult<SeriesTimerInfoDto>>> GetSeriesTimers([FromQuery] string? sortBy, [FromQuery] SortOrder? sortOrder)
{ {
@ -876,7 +875,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Timer cancelled.</response> /// <response code="204">Timer cancelled.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("SeriesTimers/{timerId}")] [HttpDelete("SeriesTimers/{timerId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId) public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
{ {
@ -893,7 +892,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Series timer updated.</response> /// <response code="204">Series timer updated.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("SeriesTimers/{timerId}")] [HttpPost("SeriesTimers/{timerId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo) public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
@ -910,7 +909,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Series timer info created.</response> /// <response code="204">Series timer info created.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("SeriesTimers")] [HttpPost("SeriesTimers")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo) public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
{ {
@ -925,7 +924,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <param name="groupId">Group id.</param> /// <param name="groupId">Group id.</param>
/// <returns>A <see cref="NotFoundResult"/>.</returns> /// <returns>A <see cref="NotFoundResult"/>.</returns>
[HttpGet("Recordings/Groups/{groupId}")] [HttpGet("Recordings/Groups/{groupId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
[Obsolete("This endpoint is obsolete.")] [Obsolete("This endpoint is obsolete.")]
public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId) public ActionResult<BaseItemDto> GetRecordingGroup([FromRoute, Required] Guid groupId)
@ -939,7 +938,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Guid info returned.</response> /// <response code="200">Guid info returned.</response>
/// <returns>An <see cref="OkResult"/> containing the guide info.</returns> /// <returns>An <see cref="OkResult"/> containing the guide info.</returns>
[HttpGet("GuideInfo")] [HttpGet("GuideInfo")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<GuideInfo> GetGuideInfo() public ActionResult<GuideInfo> GetGuideInfo()
{ {
@ -953,7 +952,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Created tuner host returned.</response> /// <response code="200">Created tuner host returned.</response>
/// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns> /// <returns>A <see cref="OkResult"/> containing the created tuner host.</returns>
[HttpPost("TunerHosts")] [HttpPost("TunerHosts")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo) public async Task<ActionResult<TunerHostInfo>> AddTunerHost([FromBody] TunerHostInfo tunerHostInfo)
{ {
@ -967,7 +966,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Tuner host deleted.</response> /// <response code="204">Tuner host deleted.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("TunerHosts")] [HttpDelete("TunerHosts")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult DeleteTunerHost([FromQuery] string? id) public ActionResult DeleteTunerHost([FromQuery] string? id)
{ {
@ -983,7 +982,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Default listings provider info returned.</response> /// <response code="200">Default listings provider info returned.</response>
/// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns> /// <returns>An <see cref="OkResult"/> containing the default listings provider info.</returns>
[HttpGet("ListingProviders/Default")] [HttpGet("ListingProviders/Default")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<ListingsProviderInfo> GetDefaultListingProvider() public ActionResult<ListingsProviderInfo> GetDefaultListingProvider()
{ {
@ -1000,7 +999,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Created listings provider returned.</response> /// <response code="200">Created listings provider returned.</response>
/// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns> /// <returns>A <see cref="OkResult"/> containing the created listings provider.</returns>
[HttpPost("ListingProviders")] [HttpPost("ListingProviders")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA5350:RemoveSha1", MessageId = "AddListingProvider", Justification = "Imported from ServiceStack")]
public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider( public async Task<ActionResult<ListingsProviderInfo>> AddListingProvider(
@ -1026,7 +1025,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="204">Listing provider deleted.</response> /// <response code="204">Listing provider deleted.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("ListingProviders")] [HttpDelete("ListingProviders")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult DeleteListingProvider([FromQuery] string? id) public ActionResult DeleteListingProvider([FromQuery] string? id)
{ {
@ -1044,7 +1043,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Available lineups returned.</response> /// <response code="200">Available lineups returned.</response>
/// <returns>A <see cref="OkResult"/> containing the available lineups.</returns> /// <returns>A <see cref="OkResult"/> containing the available lineups.</returns>
[HttpGet("ListingProviders/Lineups")] [HttpGet("ListingProviders/Lineups")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups( public async Task<ActionResult<IEnumerable<NameIdPair>>> GetLineups(
[FromQuery] string? id, [FromQuery] string? id,
@ -1061,7 +1060,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Available countries returned.</response> /// <response code="200">Available countries returned.</response>
/// <returns>A <see cref="FileResult"/> containing the available countries.</returns> /// <returns>A <see cref="FileResult"/> containing the available countries.</returns>
[HttpGet("ListingProviders/SchedulesDirect/Countries")] [HttpGet("ListingProviders/SchedulesDirect/Countries")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesFile(MediaTypeNames.Application.Json)] [ProducesFile(MediaTypeNames.Application.Json)]
public async Task<ActionResult> GetSchedulesDirectCountries() public async Task<ActionResult> GetSchedulesDirectCountries()
@ -1082,7 +1081,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Channel mapping options returned.</response> /// <response code="200">Channel mapping options returned.</response>
/// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns> /// <returns>An <see cref="OkResult"/> containing the channel mapping options.</returns>
[HttpGet("ChannelMappingOptions")] [HttpGet("ChannelMappingOptions")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId) public async Task<ActionResult<ChannelMappingOptionsDto>> GetChannelMappingOptions([FromQuery] string? providerId)
{ {
@ -1120,7 +1119,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Created channel mapping returned.</response> /// <response code="200">Created channel mapping returned.</response>
/// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns> /// <returns>An <see cref="OkResult"/> containing the created channel mapping.</returns>
[HttpPost("ChannelMappings")] [HttpPost("ChannelMappings")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto) public async Task<ActionResult<TunerChannelMapping>> SetChannelMapping([FromBody, Required] SetChannelMappingDto setChannelMappingDto)
{ {
@ -1133,7 +1132,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <response code="200">Tuner host types returned.</response> /// <response code="200">Tuner host types returned.</response>
/// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns> /// <returns>An <see cref="OkResult"/> containing the tuner host types.</returns>
[HttpGet("TunerHosts/Types")] [HttpGet("TunerHosts/Types")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes() public ActionResult<IEnumerable<NameIdPair>> GetTunerHostTypes()
{ {
@ -1148,7 +1147,7 @@ public class LiveTvController : BaseJellyfinApiController
/// <returns>An <see cref="OkResult"/> containing the tuners.</returns> /// <returns>An <see cref="OkResult"/> containing the tuners.</returns>
[HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")] [HttpGet("Tuners/Discvover", Name = "DiscvoverTuners")]
[HttpGet("Tuners/Discover")] [HttpGet("Tuners/Discover")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false) public async Task<ActionResult<IEnumerable<TunerHostInfo>>> DiscoverTuners([FromQuery] bool newDevicesOnly = false)
{ {

@ -5,7 +5,6 @@ using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.Models.MediaInfoDtos; using Jellyfin.Api.Models.MediaInfoDtos;
@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
/// The media info controller. /// The media info controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class MediaInfoController : BaseJellyfinApiController public class MediaInfoController : BaseJellyfinApiController
{ {
private readonly IMediaSourceManager _mediaSourceManager; private readonly IMediaSourceManager _mediaSourceManager;

@ -2,7 +2,6 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Globalization; using System.Globalization;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Movies controller. /// Movies controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class MoviesController : BaseJellyfinApiController public class MoviesController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// The music genres controller. /// The music genres controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class MusicGenresController : BaseJellyfinApiController public class MusicGenresController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -17,7 +17,7 @@ namespace Jellyfin.Api.Controllers;
/// Package Controller. /// Package Controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class PackageController : BaseJellyfinApiController public class PackageController : BaseJellyfinApiController
{ {
private readonly IInstallationManager _installationManager; private readonly IInstallationManager _installationManager;

@ -1,7 +1,6 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
@ -20,7 +19,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Persons controller. /// Persons controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class PersonsController : BaseJellyfinApiController public class PersonsController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Api.Models.PlaylistDtos; using Jellyfin.Api.Models.PlaylistDtos;
@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Playlists controller. /// Playlists controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class PlaylistsController : BaseJellyfinApiController public class PlaylistsController : BaseJellyfinApiController
{ {
private readonly IPlaylistManager _playlistManager; private readonly IPlaylistManager _playlistManager;

@ -2,7 +2,6 @@ using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// Playstate controller. /// Playstate controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class PlaystateController : BaseJellyfinApiController public class PlaystateController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -21,7 +21,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Plugins controller. /// Plugins controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class PluginsController : BaseJellyfinApiController public class PluginsController : BaseJellyfinApiController
{ {
private readonly IInstallationManager _installationManager; private readonly IInstallationManager _installationManager;

@ -111,7 +111,7 @@ public class QuickConnectController : BaseJellyfinApiController
/// <response code="403">Unknown user id.</response> /// <response code="403">Unknown user id.</response>
/// <returns>Boolean indicating if the authorization was successful.</returns> /// <returns>Boolean indicating if the authorization was successful.</returns>
[HttpPost("Authorize")] [HttpPost("Authorize")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null) public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)

@ -56,7 +56,7 @@ public class RemoteImageController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>Remote Image Result.</returns> /// <returns>Remote Image Result.</returns>
[HttpGet("Items/{itemId}/RemoteImages")] [HttpGet("Items/{itemId}/RemoteImages")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult<RemoteImageResult>> GetRemoteImages( public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
@ -121,7 +121,7 @@ public class RemoteImageController : BaseJellyfinApiController
/// <response code="404">Item not found.</response> /// <response code="404">Item not found.</response>
/// <returns>List of remote image providers.</returns> /// <returns>List of remote image providers.</returns>
[HttpGet("Items/{itemId}/RemoteImages/Providers")] [HttpGet("Items/{itemId}/RemoteImages/Providers")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute, Required] Guid itemId) public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute, Required] Guid itemId)

@ -3,7 +3,6 @@ using System.ComponentModel;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Globalization; using System.Globalization;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using Jellyfin.Extensions; using Jellyfin.Extensions;
@ -26,7 +25,7 @@ namespace Jellyfin.Api.Controllers;
/// Search controller. /// Search controller.
/// </summary> /// </summary>
[Route("Search/Hints")] [Route("Search/Hints")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class SearchController : BaseJellyfinApiController public class SearchController : BaseJellyfinApiController
{ {
private readonly ISearchEngine _searchEngine; private readonly ISearchEngine _searchEngine;

@ -56,7 +56,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="200">List of sessions returned.</response> /// <response code="200">List of sessions returned.</response>
/// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns> /// <returns>An <see cref="IEnumerable{SessionInfo}"/> with the available sessions.</returns>
[HttpGet("Sessions")] [HttpGet("Sessions")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<SessionInfo>> GetSessions( public ActionResult<IEnumerable<SessionInfo>> GetSessions(
[FromQuery] Guid? controllableByUserId, [FromQuery] Guid? controllableByUserId,
@ -123,7 +123,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Instruction sent to session.</response> /// <response code="204">Instruction sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Viewing")] [HttpPost("Sessions/{sessionId}/Viewing")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> DisplayContent( public async Task<ActionResult> DisplayContent(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -162,7 +162,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Instruction sent to session.</response> /// <response code="204">Instruction sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Playing")] [HttpPost("Sessions/{sessionId}/Playing")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> Play( public async Task<ActionResult> Play(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -205,7 +205,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Playstate command sent to session.</response> /// <response code="204">Playstate command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Playing/{command}")] [HttpPost("Sessions/{sessionId}/Playing/{command}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> SendPlaystateCommand( public async Task<ActionResult> SendPlaystateCommand(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -236,7 +236,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">System command sent to session.</response> /// <response code="204">System command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/System/{command}")] [HttpPost("Sessions/{sessionId}/System/{command}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> SendSystemCommand( public async Task<ActionResult> SendSystemCommand(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -262,7 +262,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">General command sent to session.</response> /// <response code="204">General command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Command/{command}")] [HttpPost("Sessions/{sessionId}/Command/{command}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> SendGeneralCommand( public async Task<ActionResult> SendGeneralCommand(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -290,7 +290,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Full general command sent to session.</response> /// <response code="204">Full general command sent to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Command")] [HttpPost("Sessions/{sessionId}/Command")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> SendFullGeneralCommand( public async Task<ActionResult> SendFullGeneralCommand(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -320,7 +320,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Message sent.</response> /// <response code="204">Message sent.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/Message")] [HttpPost("Sessions/{sessionId}/Message")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> SendMessageCommand( public async Task<ActionResult> SendMessageCommand(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -349,7 +349,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">User added to session.</response> /// <response code="204">User added to session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/{sessionId}/User/{userId}")] [HttpPost("Sessions/{sessionId}/User/{userId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult AddUserToSession( public ActionResult AddUserToSession(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -367,7 +367,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">User removed from session.</response> /// <response code="204">User removed from session.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpDelete("Sessions/{sessionId}/User/{userId}")] [HttpDelete("Sessions/{sessionId}/User/{userId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public ActionResult RemoveUserFromSession( public ActionResult RemoveUserFromSession(
[FromRoute, Required] string sessionId, [FromRoute, Required] string sessionId,
@ -389,7 +389,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Capabilities posted.</response> /// <response code="204">Capabilities posted.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/Capabilities")] [HttpPost("Sessions/Capabilities")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> PostCapabilities( public async Task<ActionResult> PostCapabilities(
[FromQuery] string? id, [FromQuery] string? id,
@ -423,7 +423,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Capabilities updated.</response> /// <response code="204">Capabilities updated.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/Capabilities/Full")] [HttpPost("Sessions/Capabilities/Full")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> PostFullCapabilities( public async Task<ActionResult> PostFullCapabilities(
[FromQuery] string? id, [FromQuery] string? id,
@ -447,7 +447,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Session reported to server.</response> /// <response code="204">Session reported to server.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/Viewing")] [HttpPost("Sessions/Viewing")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> ReportViewing( public async Task<ActionResult> ReportViewing(
[FromQuery] string? sessionId, [FromQuery] string? sessionId,
@ -465,7 +465,7 @@ public class SessionController : BaseJellyfinApiController
/// <response code="204">Session end reported to server.</response> /// <response code="204">Session end reported to server.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Sessions/Logout")] [HttpPost("Sessions/Logout")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> ReportSessionEnded() public async Task<ActionResult> ReportSessionEnded()
{ {

@ -1,6 +1,5 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -21,7 +20,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Studios controller. /// Studios controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class StudiosController : BaseJellyfinApiController public class StudiosController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -114,7 +114,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="200">Subtitles retrieved.</response> /// <response code="200">Subtitles retrieved.</response>
/// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns> /// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns>
[HttpGet("Items/{itemId}/RemoteSearch/Subtitles/{language}")] [HttpGet("Items/{itemId}/RemoteSearch/Subtitles/{language}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles( public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
[FromRoute, Required] Guid itemId, [FromRoute, Required] Guid itemId,
@ -134,7 +134,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="204">Subtitle downloaded.</response> /// <response code="204">Subtitle downloaded.</response>
/// <returns>A <see cref="NoContentResult"/>.</returns> /// <returns>A <see cref="NoContentResult"/>.</returns>
[HttpPost("Items/{itemId}/RemoteSearch/Subtitles/{subtitleId}")] [HttpPost("Items/{itemId}/RemoteSearch/Subtitles/{subtitleId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task<ActionResult> DownloadRemoteSubtitles( public async Task<ActionResult> DownloadRemoteSubtitles(
[FromRoute, Required] Guid itemId, [FromRoute, Required] Guid itemId,
@ -164,7 +164,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="200">File returned.</response> /// <response code="200">File returned.</response>
/// <returns>A <see cref="FileStreamResult"/> with the subtitle file.</returns> /// <returns>A <see cref="FileStreamResult"/> with the subtitle file.</returns>
[HttpGet("Providers/Subtitles/Subtitles/{id}")] [HttpGet("Providers/Subtitles/Subtitles/{id}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[Produces(MediaTypeNames.Application.Octet)] [Produces(MediaTypeNames.Application.Octet)]
[ProducesFile("text/*")] [ProducesFile("text/*")]
@ -322,7 +322,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="200">Subtitle playlist retrieved.</response> /// <response code="200">Subtitle playlist retrieved.</response>
/// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns> /// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns>
[HttpGet("Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")] [HttpGet("Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesPlaylistFile] [ProducesPlaylistFile]
[SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")] [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
@ -463,7 +463,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <returns>An array of <see cref="FontFile"/> with the available font files.</returns> /// <returns>An array of <see cref="FontFile"/> with the available font files.</returns>
[HttpGet("FallbackFont/Fonts")] [HttpGet("FallbackFont/Fonts")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public IEnumerable<FontFile> GetFallbackFontList() public IEnumerable<FontFile> GetFallbackFontList()
{ {
@ -514,7 +514,7 @@ public class SubtitleController : BaseJellyfinApiController
/// <response code="200">Fallback font file retrieved.</response> /// <response code="200">Fallback font file retrieved.</response>
/// <returns>The fallback font file.</returns> /// <returns>The fallback font file.</returns>
[HttpGet("FallbackFont/Fonts/{name}")] [HttpGet("FallbackFont/Fonts/{name}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesFile("font/*")] [ProducesFile("font/*")]
public ActionResult GetFallbackFont([FromRoute, Required] string name) public ActionResult GetFallbackFont([FromRoute, Required] string name)

@ -1,6 +1,5 @@
using System; using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
@ -19,7 +18,7 @@ namespace Jellyfin.Api.Controllers;
/// The suggestions controller. /// The suggestions controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class SuggestionsController : BaseJellyfinApiController public class SuggestionsController : BaseJellyfinApiController
{ {
private readonly IDtoService _dtoService; private readonly IDtoService _dtoService;

@ -172,7 +172,7 @@ public class SystemController : BaseJellyfinApiController
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns> /// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns>
[HttpGet("Endpoint")] [HttpGet("Endpoint")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<EndPointInfo> GetEndpointInfo() public ActionResult<EndPointInfo> GetEndpointInfo()
{ {
@ -210,7 +210,7 @@ public class SystemController : BaseJellyfinApiController
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <returns>An <see cref="IEnumerable{WakeOnLanInfo}"/> with the WakeOnLan infos.</returns> /// <returns>An <see cref="IEnumerable{WakeOnLanInfo}"/> with the WakeOnLan infos.</returns>
[HttpGet("WakeOnLanInfo")] [HttpGet("WakeOnLanInfo")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[Obsolete("This endpoint is obsolete.")] [Obsolete("This endpoint is obsolete.")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<WakeOnLanInfo>> GetWakeOnLanInfo() public ActionResult<IEnumerable<WakeOnLanInfo>> GetWakeOnLanInfo()

@ -1,5 +1,4 @@
using System; using System;
using Jellyfin.Api.Constants;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Model.Dto; using MediaBrowser.Model.Dto;
@ -14,7 +13,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// The trailers controller. /// The trailers controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class TrailersController : BaseJellyfinApiController public class TrailersController : BaseJellyfinApiController
{ {
private readonly ItemsController _itemsController; private readonly ItemsController _itemsController;

@ -2,7 +2,6 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
@ -25,7 +24,7 @@ namespace Jellyfin.Api.Controllers;
/// The tv shows controller. /// The tv shows controller.
/// </summary> /// </summary>
[Route("Shows")] [Route("Shows")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class TvShowsController : BaseJellyfinApiController public class TvShowsController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -5,7 +5,6 @@ using System.Globalization;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -82,7 +81,7 @@ public class UniversalAudioController : BaseJellyfinApiController
/// <returns>A <see cref="Task"/> containing the audio file.</returns> /// <returns>A <see cref="Task"/> containing the audio file.</returns>
[HttpGet("Audio/{itemId}/universal")] [HttpGet("Audio/{itemId}/universal")]
[HttpHead("Audio/{itemId}/universal", Name = "HeadUniversalAudioStream")] [HttpHead("Audio/{itemId}/universal", Name = "HeadUniversalAudioStream")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status302Found)] [ProducesResponseType(StatusCodes.Status302Found)]
[ProducesAudioFile] [ProducesAudioFile]

@ -81,7 +81,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="200">Users returned.</response> /// <response code="200">Users returned.</response>
/// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns> /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the users.</returns>
[HttpGet] [HttpGet]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<IEnumerable<UserDto>> GetUsers( public ActionResult<IEnumerable<UserDto>> GetUsers(
[FromQuery] bool? isHidden, [FromQuery] bool? isHidden,
@ -256,7 +256,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="404">User not found.</response> /// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/Password")] [HttpPost("{userId}/Password")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
@ -317,7 +317,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="404">User not found.</response> /// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/EasyPassword")] [HttpPost("{userId}/EasyPassword")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
@ -359,7 +359,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="403">User update forbidden.</response> /// <response code="403">User update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
[HttpPost("{userId}")] [HttpPost("{userId}")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status400BadRequest)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
@ -453,7 +453,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="403">User configuration update forbidden.</response> /// <response code="403">User configuration update forbidden.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
[HttpPost("{userId}/Configuration")] [HttpPost("{userId}/Configuration")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult> UpdateUserConfiguration( public async Task<ActionResult> UpdateUserConfiguration(
@ -539,7 +539,7 @@ public class UserController : BaseJellyfinApiController
/// <response code="400">Token is not owned by a user.</response> /// <response code="400">Token is not owned by a user.</response>
/// <returns>A <see cref="UserDto"/> for the authenticated user.</returns> /// <returns>A <see cref="UserDto"/> for the authenticated user.</returns>
[HttpGet("Me")] [HttpGet("Me")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status400BadRequest)]
public ActionResult<UserDto> GetCurrentUser() public ActionResult<UserDto> GetCurrentUser()

@ -4,7 +4,6 @@ using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
@ -28,7 +27,7 @@ namespace Jellyfin.Api.Controllers;
/// User library controller. /// User library controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class UserLibraryController : BaseJellyfinApiController public class UserLibraryController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -3,7 +3,6 @@ using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Globalization; using System.Globalization;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Api.Models.UserViewDtos; using Jellyfin.Api.Models.UserViewDtos;
@ -23,7 +22,7 @@ namespace Jellyfin.Api.Controllers;
/// User views controller. /// User views controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class UserViewsController : BaseJellyfinApiController public class UserViewsController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

@ -100,7 +100,7 @@ public class VideosController : BaseJellyfinApiController
/// <response code="200">Additional parts returned.</response> /// <response code="200">Additional parts returned.</response>
/// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns> /// <returns>A <see cref="QueryResult{BaseItemDto}"/> with the parts.</returns>
[HttpGet("{itemId}/AdditionalParts")] [HttpGet("{itemId}/AdditionalParts")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId) public ActionResult<QueryResult<BaseItemDto>> GetAdditionalPart([FromRoute, Required] Guid itemId, [FromQuery] Guid? userId)
{ {

@ -2,7 +2,6 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
@ -24,7 +23,7 @@ namespace Jellyfin.Api.Controllers;
/// <summary> /// <summary>
/// Years controller. /// Years controller.
/// </summary> /// </summary>
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize]
public class YearsController : BaseJellyfinApiController public class YearsController : BaseJellyfinApiController
{ {
private readonly ILibraryManager _libraryManager; private readonly ILibraryManager _libraryManager;

@ -1,6 +1,6 @@
using System.Net;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Networking.Configuration; using Jellyfin.Networking.Configuration;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
@ -32,9 +32,14 @@ public class LanFilteringMiddleware
/// <returns>The async task.</returns> /// <returns>The async task.</returns>
public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager) public async Task Invoke(HttpContext httpContext, INetworkManager networkManager, IServerConfigurationManager serverConfigurationManager)
{ {
var host = httpContext.Connection.RemoteIpAddress ?? IPAddress.Loopback; if (serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess)
{
await _next(httpContext).ConfigureAwait(false);
return;
}
if (!networkManager.IsInLocalNetwork(host) && !serverConfigurationManager.GetNetworkConfiguration().EnableRemoteAccess) var host = httpContext.GetNormalizedRemoteIp();
if (!networkManager.IsInLocalNetwork(host))
{ {
return; return;
} }

@ -17,5 +17,16 @@ namespace Jellyfin.Data
_ => new[] { (DayOfWeek)day } _ => new[] { (DayOfWeek)day }
}; };
} }
public static bool Contains(this DynamicDayOfWeek dynamicDayOfWeek, DayOfWeek dayOfWeek)
{
return dynamicDayOfWeek switch
{
DynamicDayOfWeek.Everyday => true,
DynamicDayOfWeek.Weekday => dayOfWeek is >= DayOfWeek.Monday and <= DayOfWeek.Friday,
DynamicDayOfWeek.Weekend => dayOfWeek is DayOfWeek.Saturday or DayOfWeek.Sunday,
_ => (DayOfWeek)dynamicDayOfWeek == dayOfWeek
};
}
} }
} }

@ -525,8 +525,9 @@ namespace Jellyfin.Data.Entities
{ {
var localTime = date.ToLocalTime(); var localTime = date.ToLocalTime();
var hour = localTime.TimeOfDay.TotalHours; var hour = localTime.TimeOfDay.TotalHours;
var currentDayOfWeek = localTime.DayOfWeek;
return DayOfWeekHelper.GetDaysOfWeek(schedule.DayOfWeek).Contains(localTime.DayOfWeek) return schedule.DayOfWeek.Contains(currentDayOfWeek)
&& hour >= schedule.StartHour && hour >= schedule.StartHour
&& hour <= schedule.EndHour; && hour <= schedule.EndHour;
} }

@ -5,19 +5,15 @@ using System.Linq;
using System.Net; using System.Net;
using System.Net.Sockets; using System.Net.Sockets;
using System.Reflection; using System.Reflection;
using System.Security.Claims;
using Emby.Server.Implementations; using Emby.Server.Implementations;
using Jellyfin.Api.Auth; using Jellyfin.Api.Auth;
using Jellyfin.Api.Auth.AnonymousLanAccessPolicy; using Jellyfin.Api.Auth.AnonymousLanAccessPolicy;
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Auth.DownloadPolicy; using Jellyfin.Api.Auth.DownloadPolicy;
using Jellyfin.Api.Auth.FirstTimeOrIgnoreParentalControlSetupPolicy; using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
using Jellyfin.Api.Auth.LocalAccessPolicy;
using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Auth.SyncPlayAccessPolicy; using Jellyfin.Api.Auth.SyncPlayAccessPolicy;
using Jellyfin.Api.Auth.UserPermissionPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers; using Jellyfin.Api.Controllers;
using Jellyfin.Api.Formatters; using Jellyfin.Api.Formatters;
@ -56,117 +52,34 @@ namespace Jellyfin.Server.Extensions
/// <returns>The updated service collection.</returns> /// <returns>The updated service collection.</returns>
public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection) public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection)
{ {
// The default handler must be first so that it is evaluated first
serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>(); serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, DownloadHandler>(); serviceCollection.AddSingleton<IAuthorizationHandler, UserPermissionHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrDefaultHandler>(); serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeOrIgnoreParentalControlSetupHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, AnonymousLanAccessHandler>(); serviceCollection.AddSingleton<IAuthorizationHandler, AnonymousLanAccessHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
serviceCollection.AddSingleton<IAuthorizationHandler, SyncPlayAccessHandler>(); serviceCollection.AddSingleton<IAuthorizationHandler, SyncPlayAccessHandler>();
return serviceCollection.AddAuthorizationCore(options => return serviceCollection.AddAuthorizationCore(options =>
{ {
options.AddPolicy( options.DefaultPolicy = new AuthorizationPolicyBuilder()
Policies.DefaultAuthorization, .AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
policy => .AddRequirements(new DefaultAuthorizationRequirement())
{ .Build();
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new DefaultAuthorizationRequirement()); options.AddPolicy(Policies.Download, new UserPermissionRequirement(PermissionKind.EnableContentDownloading));
}); options.AddPolicy(Policies.FirstTimeSetupOrDefault, new FirstTimeSetupRequirement(requireAdmin: false));
options.AddPolicy( options.AddPolicy(Policies.FirstTimeSetupOrElevated, new FirstTimeSetupRequirement());
Policies.Download, options.AddPolicy(Policies.FirstTimeSetupOrIgnoreParentalControl, new FirstTimeSetupRequirement(false, false));
policy => options.AddPolicy(Policies.IgnoreParentalControl, new DefaultAuthorizationRequirement(validateParentalSchedule: false));
{ options.AddPolicy(Policies.SyncPlayHasAccess, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication); options.AddPolicy(Policies.SyncPlayCreateGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
policy.AddRequirements(new DownloadRequirement()); options.AddPolicy(Policies.SyncPlayJoinGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
}); options.AddPolicy(Policies.SyncPlayIsInGroup, new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
options.AddPolicy( options.AddPolicy(Policies.AnonymousLanAccessPolicy, new AnonymousLanAccessRequirement());
Policies.FirstTimeSetupOrDefault,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new FirstTimeSetupOrDefaultRequirement());
});
options.AddPolicy(
Policies.FirstTimeSetupOrElevated,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
});
options.AddPolicy(
Policies.IgnoreParentalControl,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new IgnoreParentalControlRequirement());
});
options.AddPolicy(
Policies.FirstTimeSetupOrIgnoreParentalControl,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new FirstTimeOrIgnoreParentalControlSetupRequirement());
});
options.AddPolicy(
Policies.LocalAccessOnly,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new LocalAccessRequirement());
});
options.AddPolicy(
Policies.LocalAccessOrRequiresElevation,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new LocalAccessOrRequiresElevationRequirement());
});
options.AddPolicy( options.AddPolicy(
Policies.RequiresElevation, Policies.RequiresElevation,
policy => policy => policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication)
{ .RequireClaim(ClaimTypes.Role, UserRoles.Administrator));
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new RequiresElevationRequirement());
});
options.AddPolicy(
Policies.SyncPlayHasAccess,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.HasAccess));
});
options.AddPolicy(
Policies.SyncPlayCreateGroup,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.CreateGroup));
});
options.AddPolicy(
Policies.SyncPlayJoinGroup,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.JoinGroup));
});
options.AddPolicy(
Policies.SyncPlayIsInGroup,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new SyncPlayAccessRequirement(SyncPlayAccessRequirementType.IsInGroup));
});
options.AddPolicy(
Policies.AnonymousLanAccessPolicy,
policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
policy.AddRequirements(new AnonymousLanAccessRequirement());
});
}); });
} }
@ -334,6 +247,14 @@ namespace Jellyfin.Server.Extensions
}); });
} }
private static void AddPolicy(this AuthorizationOptions authorizationOptions, string policyName, IAuthorizationRequirement authorizationRequirement)
{
authorizationOptions.AddPolicy(policyName, policy =>
{
policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication).AddRequirements(authorizationRequirement);
});
}
/// <summary> /// <summary>
/// Sets up the proxy configuration based on the addresses in <paramref name="allowedProxies"/>. /// Sets up the proxy configuration based on the addresses in <paramref name="allowedProxies"/>.
/// </summary> /// </summary>

@ -18,11 +18,17 @@ namespace Jellyfin.Server.Filters
{ {
var requiredScopes = new List<string>(); var requiredScopes = new List<string>();
var requiresAuth = false;
// Add all method scopes. // Add all method scopes.
foreach (var attribute in context.MethodInfo.GetCustomAttributes(true)) foreach (var attribute in context.MethodInfo.GetCustomAttributes(true))
{ {
if (attribute is AuthorizeAttribute authorizeAttribute if (attribute is not AuthorizeAttribute authorizeAttribute)
&& authorizeAttribute.Policy is not null {
continue;
}
requiresAuth = true;
if (authorizeAttribute.Policy is not null
&& !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal)) && !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal))
{ {
requiredScopes.Add(authorizeAttribute.Policy); requiredScopes.Add(authorizeAttribute.Policy);
@ -35,8 +41,13 @@ namespace Jellyfin.Server.Filters
{ {
foreach (var attribute in controllerAttributes) foreach (var attribute in controllerAttributes)
{ {
if (attribute is AuthorizeAttribute authorizeAttribute if (attribute is not AuthorizeAttribute authorizeAttribute)
&& authorizeAttribute.Policy is not null {
continue;
}
requiresAuth = true;
if (authorizeAttribute.Policy is not null
&& !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal)) && !requiredScopes.Contains(authorizeAttribute.Policy, StringComparer.Ordinal))
{ {
requiredScopes.Add(authorizeAttribute.Policy); requiredScopes.Add(authorizeAttribute.Policy);
@ -44,35 +55,37 @@ namespace Jellyfin.Server.Filters
} }
} }
if (requiredScopes.Count != 0) if (!requiresAuth)
{ {
if (!operation.Responses.ContainsKey("401")) return;
{ }
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
}
if (!operation.Responses.ContainsKey("403")) if (!operation.Responses.ContainsKey("401"))
{ {
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" }); operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
} }
var scheme = new OpenApiSecurityScheme if (!operation.Responses.ContainsKey("403"))
{
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
}
var scheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{ {
Reference = new OpenApiReference Type = ReferenceType.SecurityScheme,
{ Id = AuthenticationSchemes.CustomAuthentication
Type = ReferenceType.SecurityScheme, }
Id = AuthenticationSchemes.CustomAuthentication };
}
};
operation.Security = new List<OpenApiSecurityRequirement> operation.Security = new List<OpenApiSecurityRequirement>
{
new OpenApiSecurityRequirement
{ {
new OpenApiSecurityRequirement [scheme] = requiredScopes
{ }
[scheme] = requiredScopes };
}
};
}
} }
} }
} }

@ -11,7 +11,7 @@ namespace MediaBrowser.Providers.Plugins.Tmdb.Api
/// The TMDb API controller. /// The TMDb API controller.
/// </summary> /// </summary>
[ApiController] [ApiController]
[Authorize(Policy = "DefaultAuthorization")] [Authorize]
[Route("[controller]")] [Route("[controller]")]
[Produces(MediaTypeNames.Application.Json)] [Produces(MediaTypeNames.Application.Json)]
public class TmdbController : ControllerBase public class TmdbController : ControllerBase

@ -2,7 +2,8 @@ using System.Collections.Generic;
using System.Threading.Tasks; using System.Threading.Tasks;
using AutoFixture; using AutoFixture;
using AutoFixture.AutoMoq; using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Configuration;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
@ -11,25 +12,25 @@ using Microsoft.AspNetCore.Http;
using Moq; using Moq;
using Xunit; using Xunit;
namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
{ {
public class FirstTimeSetupOrElevatedHandlerTests public class FirstTimeSetupHandlerTests
{ {
private readonly Mock<IConfigurationManager> _configurationManagerMock; private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements; private readonly List<IAuthorizationRequirement> _requirements;
private readonly FirstTimeSetupOrElevatedHandler _sut; private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
private readonly Mock<IUserManager> _userManagerMock; private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor; private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
public FirstTimeSetupOrElevatedHandlerTests() public FirstTimeSetupHandlerTests()
{ {
var fixture = new Fixture().Customize(new AutoMoqCustomization()); var fixture = new Fixture().Customize(new AutoMoqCustomization());
_configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>(); _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
_requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupOrElevatedRequirement() }; _requirements = new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement() };
_userManagerMock = fixture.Freeze<Mock<IUserManager>>(); _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>(); _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
_sut = fixture.Create<FirstTimeSetupOrElevatedHandler>(); _firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
} }
[Theory] [Theory]
@ -46,7 +47,7 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy
var context = new AuthorizationHandlerContext(_requirements, claims, null); var context = new AuthorizationHandlerContext(_requirements, claims, null);
await _sut.HandleAsync(context); await _firstTimeSetupHandler.HandleAsync(context);
Assert.True(context.HasSucceeded); Assert.True(context.HasSucceeded);
} }
@ -64,7 +65,7 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy
var context = new AuthorizationHandlerContext(_requirements, claims, null); var context = new AuthorizationHandlerContext(_requirements, claims, null);
await _sut.HandleAsync(context); await _firstTimeSetupHandler.HandleAsync(context);
Assert.Equal(shouldSucceed, context.HasSucceeded); Assert.Equal(shouldSucceed, context.HasSucceeded);
} }
} }

@ -3,7 +3,7 @@ using System.Collections.Generic;
using System.Threading.Tasks; using System.Threading.Tasks;
using AutoFixture; using AutoFixture;
using AutoFixture.AutoMoq; using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.IgnoreParentalControlPolicy; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
@ -20,7 +20,7 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
{ {
private readonly Mock<IConfigurationManager> _configurationManagerMock; private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements; private readonly List<IAuthorizationRequirement> _requirements;
private readonly IgnoreParentalControlHandler _sut; private readonly DefaultAuthorizationHandler _sut;
private readonly Mock<IUserManager> _userManagerMock; private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor; private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
@ -33,11 +33,11 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
{ {
var fixture = new Fixture().Customize(new AutoMoqCustomization()); var fixture = new Fixture().Customize(new AutoMoqCustomization());
_configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>(); _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
_requirements = new List<IAuthorizationRequirement> { new IgnoreParentalControlRequirement() }; _requirements = new List<IAuthorizationRequirement> { new DefaultAuthorizationRequirement(validateParentalSchedule: false) };
_userManagerMock = fixture.Freeze<Mock<IUserManager>>(); _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>(); _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
_sut = fixture.Create<IgnoreParentalControlHandler>(); _sut = fixture.Create<DefaultAuthorizationHandler>();
} }
[Theory] [Theory]

@ -1,59 +0,0 @@
using System.Collections.Generic;
using System.Net;
using System.Threading.Tasks;
using AutoFixture;
using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.LocalAccessPolicy;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Moq;
using Xunit;
namespace Jellyfin.Api.Tests.Auth.LocalAccessPolicy
{
public class LocalAccessHandlerTests
{
private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements;
private readonly LocalAccessHandler _sut;
private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
private readonly Mock<INetworkManager> _networkManagerMock;
public LocalAccessHandlerTests()
{
var fixture = new Fixture().Customize(new AutoMoqCustomization());
_configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
_requirements = new List<IAuthorizationRequirement> { new LocalAccessRequirement() };
_userManagerMock = fixture.Freeze<Mock<IUserManager>>();
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
_networkManagerMock = fixture.Freeze<Mock<INetworkManager>>();
_sut = fixture.Create<LocalAccessHandler>();
}
[Theory]
[InlineData(true, true)]
[InlineData(false, false)]
public async Task LocalAccessOnly(bool isInLocalNetwork, bool shouldSucceed)
{
_networkManagerMock
.Setup(n => n.IsInLocalNetwork(It.IsAny<IPAddress>()))
.Returns(isInLocalNetwork);
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
UserRoles.User);
var context = new AuthorizationHandlerContext(_requirements, claims, null);
await _sut.HandleAsync(context);
Assert.Equal(shouldSucceed, context.HasSucceeded);
}
}
}

@ -1,53 +0,0 @@
using System.Collections.Generic;
using System.Threading.Tasks;
using AutoFixture;
using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Moq;
using Xunit;
namespace Jellyfin.Api.Tests.Auth.RequiresElevationPolicy
{
public class RequiresElevationHandlerTests
{
private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements;
private readonly RequiresElevationHandler _sut;
private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
public RequiresElevationHandlerTests()
{
var fixture = new Fixture().Customize(new AutoMoqCustomization());
_configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
_requirements = new List<IAuthorizationRequirement> { new RequiresElevationRequirement() };
_userManagerMock = fixture.Freeze<Mock<IUserManager>>();
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
_sut = fixture.Create<RequiresElevationHandler>();
}
[Theory]
[InlineData(UserRoles.Administrator, true)]
[InlineData(UserRoles.User, false)]
[InlineData(UserRoles.Guest, false)]
public async Task ShouldHandleRolesCorrectly(string role, bool shouldSucceed)
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
role);
var context = new AuthorizationHandlerContext(_requirements, claims, null);
await _sut.HandleAsync(context);
Assert.Equal(shouldSucceed, context.HasSucceeded);
}
}
}
Loading…
Cancel
Save