Don't throw exception on unauthenticated requests

3 years ago · 4a28f46cac
parent 8868b34d78
commit 4a28f46cac
4 changed files with 14 additions and 2 deletions
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@ -24,7 +24,7 @@ namespace Emby.Server.Implementations.HttpServer.Security

            if (!auth.HasToken)
            {
-                throw new AuthenticationException("Request does not contain a token.");
+                return auth;
            }

            if (!auth.IsAuthenticated)
--- a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
+++ b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
@ -35,7 +35,12 @@ namespace Emby.Server.Implementations.HttpServer
        /// <inheritdoc />
        public async Task WebSocketRequestHandler(HttpContext context)
        {
-            _ = await _authService.Authenticate(context.Request).ConfigureAwait(false);
+            var authorizationInfo = await _authService.Authenticate(context.Request).ConfigureAwait(false);
+            if (!authorizationInfo.IsAuthenticated)
+            {
+                throw new SecurityException("Token is required");
+            }
+
            try
            {
                _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@ -45,6 +45,11 @@ namespace Jellyfin.Api.Auth
            try
            {
                var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
+                if (!authorizationInfo.HasToken)
+                {
+                    return AuthenticateResult.NoResult();
+                }
+
                var role = UserRoles.User;
                if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                {
--- a/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
@ -132,6 +132,8 @@ namespace Jellyfin.Api.Tests.Auth
            authorizationInfo.User.AddDefaultPreferences();
            authorizationInfo.User.SetPermission(PermissionKind.IsAdministrator, isAdmin);
            authorizationInfo.IsApiKey = false;
+            authorizationInfo.HasToken = true;
+            authorizationInfo.Token = "fake-token";

            _jellyfinAuthServiceMock.Setup(
                    a => a.Authenticate(