open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't throw exception on unauthenticated requests

Browse Source
pull/6837/head
Cody Robibero 3 years ago
parent 8868b34d78
commit 4a28f46cac
4 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
Emby.Server.Implementations/HttpServer/Security/AuthService.cs
Unescape View File

@ -24,7 +24,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
if (!auth.HasToken) if (!auth.HasToken)
{ {
throw new AuthenticationException("Request does not contain a token."); return auth;
} }
if (!auth.IsAuthenticated) if (!auth.IsAuthenticated)

7
Emby.Server.Implementations/HttpServer/WebSocketManager.cs
Unescape View File

@ -35,7 +35,12 @@ namespace Emby.Server.Implementations.HttpServer
/// <inheritdoc /> /// <inheritdoc />
public async Task WebSocketRequestHandler(HttpContext context) public async Task WebSocketRequestHandler(HttpContext context)
{ {
_ = await _authService.Authenticate(context.Request).ConfigureAwait(false); var authorizationInfo = await _authService.Authenticate(context.Request).ConfigureAwait(false);
if (!authorizationInfo.IsAuthenticated)
{
throw new SecurityException("Token is required");
}
try try
{ {
_logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress); _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);

5
Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
Unescape View File

@ -45,6 +45,11 @@ namespace Jellyfin.Api.Auth
try try
{ {
var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false); var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
if (!authorizationInfo.HasToken)
{
return AuthenticateResult.NoResult();
}
var role = UserRoles.User; var role = UserRoles.User;
if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator)) if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
{ {

2
tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
Unescape View File

@ -132,6 +132,8 @@ namespace Jellyfin.Api.Tests.Auth
authorizationInfo.User.AddDefaultPreferences(); authorizationInfo.User.AddDefaultPreferences();
authorizationInfo.User.SetPermission(PermissionKind.IsAdministrator, isAdmin); authorizationInfo.User.SetPermission(PermissionKind.IsAdministrator, isAdmin);
authorizationInfo.IsApiKey = false; authorizationInfo.IsApiKey = false;
authorizationInfo.HasToken = true;
authorizationInfo.Token = "fake-token";
_jellyfinAuthServiceMock.Setup( _jellyfinAuthServiceMock.Setup(
a => a.Authenticate( a => a.Authenticate(

Write Preview
Loading…
Cancel
Save