diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs index dc59a45239..e8e63d286d 100644 --- a/Emby.Server.Implementations/Session/SessionManager.cs +++ b/Emby.Server.Implementations/Session/SessionManager.cs @@ -1453,10 +1453,15 @@ namespace Emby.Server.Implementations.Session return AuthenticateNewSessionInternal(request, false); } - private async Task AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword) + internal async Task AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword) { CheckDisposed(); + ArgumentException.ThrowIfNullOrEmpty(request.App); + ArgumentException.ThrowIfNullOrEmpty(request.DeviceId); + ArgumentException.ThrowIfNullOrEmpty(request.DeviceName); + ArgumentException.ThrowIfNullOrEmpty(request.AppVersion); + User user = null; if (!request.UserId.Equals(default)) { @@ -1517,8 +1522,11 @@ namespace Emby.Server.Implementations.Session return returnResult; } - private async Task GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName) + internal async Task GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName) { + // This should be validated above, but if it isn't don't delete all tokens. + ArgumentException.ThrowIfNullOrEmpty(deviceId); + var existing = (await _deviceManager.GetDevices( new DeviceQuery { diff --git a/tests/Jellyfin.Server.Implementations.Tests/SessionManager/SessionManagerTests.cs b/tests/Jellyfin.Server.Implementations.Tests/SessionManager/SessionManagerTests.cs new file mode 100644 index 0000000000..ebd3a3891c --- /dev/null +++ b/tests/Jellyfin.Server.Implementations.Tests/SessionManager/SessionManagerTests.cs @@ -0,0 +1,111 @@ +using System; +using System.Threading.Tasks; +using Jellyfin.Data.Entities; +using MediaBrowser.Controller; +using MediaBrowser.Controller.Configuration; +using MediaBrowser.Controller.Devices; +using MediaBrowser.Controller.Drawing; +using MediaBrowser.Controller.Dto; +using MediaBrowser.Controller.Events; +using MediaBrowser.Controller.Library; +using MediaBrowser.Controller.Session; +using Microsoft.Extensions.Hosting; +using Microsoft.Extensions.Logging.Abstractions; +using Moq; +using Xunit; + +namespace Jellyfin.Server.Implementations.Tests.SessionManager; + +public class SessionManagerTests +{ + [Theory] + [InlineData("", typeof(ArgumentException))] + [InlineData(null, typeof(ArgumentNullException))] + public async Task GetAuthorizationToken_Should_ThrowException(string deviceId, Type exceptionType) + { + await using var sessionManager = new Emby.Server.Implementations.Session.SessionManager( + NullLogger.Instance, + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of()); + + await Assert.ThrowsAsync(exceptionType, () => sessionManager.GetAuthorizationToken( + new User("test", "default", "default"), + deviceId, + "app_name", + "0.0.0", + "device_name")); + } + + [Theory] + [MemberData(nameof(AuthenticateNewSessionInternal_Exception_TestData))] + public async Task AuthenticateNewSessionInternal_Should_ThrowException(AuthenticationRequest authenticationRequest, Type exceptionType) + { + await using var sessionManager = new Emby.Server.Implementations.Session.SessionManager( + NullLogger.Instance, + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of(), + Mock.Of()); + + await Assert.ThrowsAsync(exceptionType, () => sessionManager.AuthenticateNewSessionInternal(authenticationRequest, false)); + } + + public static TheoryData AuthenticateNewSessionInternal_Exception_TestData() + { + var data = new TheoryData + { + { + new AuthenticationRequest { App = string.Empty, DeviceId = "device_id", DeviceName = "device_name", AppVersion = "app_version" }, + typeof(ArgumentException) + }, + { + new AuthenticationRequest { App = null, DeviceId = "device_id", DeviceName = "device_name", AppVersion = "app_version" }, + typeof(ArgumentNullException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = string.Empty, DeviceName = "device_name", AppVersion = "app_version" }, + typeof(ArgumentException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = null, DeviceName = "device_name", AppVersion = "app_version" }, + typeof(ArgumentNullException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = string.Empty, AppVersion = "app_version" }, + typeof(ArgumentException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = null, AppVersion = "app_version" }, + typeof(ArgumentNullException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = "device_name", AppVersion = string.Empty }, + typeof(ArgumentException) + }, + { + new AuthenticationRequest { App = "app_name", DeviceId = "device_id", DeviceName = "device_name", AppVersion = null }, + typeof(ArgumentNullException) + } + }; + + return data; + } +}