From 3fd505a4543a4ee42ead01793a91e0410032321b Mon Sep 17 00:00:00 2001 From: Chris H <70915190+Chris-Codes-It@users.noreply.github.com> Date: Fri, 10 Nov 2023 14:51:44 +0000 Subject: [PATCH] Validate AuthenticationProviderId and PasswordResetProviderId (#10553) --- CONTRIBUTORS.md | 3 +- MediaBrowser.Model/Users/UserPolicy.cs | 3 + .../Controllers/UserControllerTests.cs | 120 ++++++++++++++++++ 3 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 tests/Jellyfin.Api.Tests/Controllers/UserControllerTests.cs diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 74f1a89651..fff7136b8f 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -171,6 +171,7 @@ - [tallbl0nde](https://github.com/tallbl0nde) - [sleepycatcoding](https://github.com/sleepycatcoding) - [scampower3](https://github.com/scampower3) + - [Chris-Codes-It] (https://github.com/Chris-Codes-It) # Emby Contributors @@ -241,4 +242,4 @@ - [Jakob Kukla](https://github.com/jakobkukla) - [Utku Ă–zdemir](https://github.com/utkuozdemir) - [JPUC1143](https://github.com/Jpuc1143/) - - [0x25CBFC4F](https://github.com/0x25CBFC4F) + - [0x25CBFC4F](https://github.com/0x25CBFC4F) \ No newline at end of file diff --git a/MediaBrowser.Model/Users/UserPolicy.cs b/MediaBrowser.Model/Users/UserPolicy.cs index f5aff07db4..219ed5d5f7 100644 --- a/MediaBrowser.Model/Users/UserPolicy.cs +++ b/MediaBrowser.Model/Users/UserPolicy.cs @@ -3,6 +3,7 @@ using System; using System.ComponentModel; +using System.ComponentModel.DataAnnotations; using System.Xml.Serialization; using Jellyfin.Data.Enums; using AccessSchedule = Jellyfin.Data.Entities.AccessSchedule; @@ -174,8 +175,10 @@ namespace MediaBrowser.Model.Users public int RemoteClientBitrateLimit { get; set; } [XmlElement(ElementName = "AuthenticationProviderId")] + [Required(AllowEmptyStrings = false)] public string AuthenticationProviderId { get; set; } + [Required(AllowEmptyStrings= false)] public string PasswordResetProviderId { get; set; } /// diff --git a/tests/Jellyfin.Api.Tests/Controllers/UserControllerTests.cs b/tests/Jellyfin.Api.Tests/Controllers/UserControllerTests.cs new file mode 100644 index 0000000000..3f965d0ff0 --- /dev/null +++ b/tests/Jellyfin.Api.Tests/Controllers/UserControllerTests.cs @@ -0,0 +1,120 @@ +using System; +using System.Collections.Generic; +using System.ComponentModel.DataAnnotations; +using System.Linq; +using System.Threading.Tasks; +using AutoFixture.Xunit2; +using Jellyfin.Api.Controllers; +using Jellyfin.Data.Entities; +using MediaBrowser.Common.Net; +using MediaBrowser.Controller.Configuration; +using MediaBrowser.Controller.Devices; +using MediaBrowser.Controller.Library; +using MediaBrowser.Controller.Net; +using MediaBrowser.Controller.Playlists; +using MediaBrowser.Controller.QuickConnect; +using MediaBrowser.Controller.Session; +using MediaBrowser.Model.Users; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Logging; +using Moq; +using Nikse.SubtitleEdit.Core.Common; +using Xunit; + +namespace Jellyfin.Api.Tests.Controllers; + +public class UserControllerTests +{ + private readonly UserController _subject; + private readonly Mock _mockUserManager; + private readonly Mock _mockSessionManager; + private readonly Mock _mockNetworkManager; + private readonly Mock _mockDeviceManager; + private readonly Mock _mockAuthorizationContext; + private readonly Mock _mockServerConfigurationManager; + private readonly Mock> _mockLogger; + private readonly Mock _mockQuickConnect; + private readonly Mock _mockPlaylistManager; + + public UserControllerTests() + { + _mockUserManager = new Mock(); + _mockSessionManager = new Mock(); + _mockNetworkManager = new Mock(); + _mockDeviceManager = new Mock(); + _mockAuthorizationContext = new Mock(); + _mockServerConfigurationManager = new Mock(); + _mockLogger = new Mock>(); + _mockQuickConnect = new Mock(); + _mockPlaylistManager = new Mock(); + + _subject = new UserController( + _mockUserManager.Object, + _mockSessionManager.Object, + _mockNetworkManager.Object, + _mockDeviceManager.Object, + _mockAuthorizationContext.Object, + _mockServerConfigurationManager.Object, + _mockLogger.Object, + _mockQuickConnect.Object, + _mockPlaylistManager.Object); + } + + [Theory] + [AutoData] + public async Task UpdateUserPolicy_WhenUserNotFound_ReturnsNotFound(Guid userId, UserPolicy userPolicy) + { + User? nullUser = null; + _mockUserManager. + Setup(m => m.GetUserById(userId)) + .Returns(nullUser); + + Assert.IsType(await _subject.UpdateUserPolicy(userId, userPolicy)); + } + + [Theory] + [InlineAutoData(null)] + [InlineAutoData("")] + [InlineAutoData(" ")] + public void UpdateUserPolicy_WhenPasswordResetProviderIdNotSupplied_ReturnsBadRequest(string? passwordResetProviderId) + { + var userPolicy = new UserPolicy + { + PasswordResetProviderId = passwordResetProviderId, + AuthenticationProviderId = "AuthenticationProviderId" + }; + + Assert.Contains( + Validate(userPolicy), v => + v.MemberNames.Contains("PasswordResetProviderId") && + v.ErrorMessage != null && + v.ErrorMessage.Contains("required", StringComparison.CurrentCultureIgnoreCase)); + } + + [Theory] + [InlineAutoData(null)] + [InlineAutoData("")] + [InlineAutoData(" ")] + public void UpdateUserPolicy_WhenAuthenticationProviderIdNotSupplied_ReturnsBadRequest(string? authenticationProviderId) + { + var userPolicy = new UserPolicy + { + AuthenticationProviderId = authenticationProviderId, + PasswordResetProviderId = "PasswordResetProviderId" + }; + + Assert.Contains(Validate(userPolicy), v => + v.MemberNames.Contains("AuthenticationProviderId") && + v.ErrorMessage != null && + v.ErrorMessage.Contains("required", StringComparison.CurrentCultureIgnoreCase)); + } + + private IList Validate(object model) + { + var result = new List(); + var context = new ValidationContext(model, null, null); + Validator.TryValidateObject(model, context, result, true); + + return result; + } +}