diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs index 965b7e7e60..2b6b2a82c4 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs @@ -1,10 +1,6 @@ using System.Threading.Tasks; using Jellyfin.Api.Constants; -using Jellyfin.Api.Extensions; -using Jellyfin.Extensions; using MediaBrowser.Common.Configuration; -using MediaBrowser.Common.Extensions; -using MediaBrowser.Controller.Library; using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy @@ -15,19 +11,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy public class FirstTimeSetupHandler : AuthorizationHandler { private readonly IConfigurationManager _configurationManager; - private readonly IUserManager _userManager; /// /// Initializes a new instance of the class. /// /// Instance of the interface. - /// Instance of the interface. - public FirstTimeSetupHandler( - IConfigurationManager configurationManager, - IUserManager userManager) + public FirstTimeSetupHandler(IConfigurationManager configurationManager) { _configurationManager = configurationManager; - _userManager = userManager; } /// @@ -36,37 +27,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted) { context.Succeed(requirement); - return Task.CompletedTask; } - - var contextUser = context.User; - if (requirement.RequireAdmin && !contextUser.IsInRole(UserRoles.Administrator)) + else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator)) { context.Fail(); - return Task.CompletedTask; } - - var userId = contextUser.GetUserId(); - if (userId.IsEmpty()) - { - context.Fail(); - return Task.CompletedTask; - } - - if (!requirement.ValidateParentalSchedule) - { - context.Succeed(requirement); - return Task.CompletedTask; - } - - var user = _userManager.GetUserById(userId); - if (user is null) - { - throw new ResourceNotFoundException(); - } - - if (user.IsParentalScheduleAllowed()) + else { + // Any user-specific checks are handled in the DefaultAuthorizationHandler. context.Succeed(requirement); } diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs index 1ea1797ba1..3687d77534 100644 --- a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs @@ -1,4 +1,5 @@ using System.Collections.Generic; +using System.Security.Claims; using System.Threading.Tasks; using AutoFixture; using AutoFixture.AutoMoq; @@ -67,5 +68,16 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy await _firstTimeSetupHandler.HandleAsync(context); Assert.Equal(shouldSucceed, context.HasSucceeded); } + + [Fact] + public async Task ShouldAllowAdminApiKeyIfStartupWizardComplete() + { + TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); + var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(ClaimTypes.Role, UserRoles.Administrator)])); + var context = new AuthorizationHandlerContext(_requirements, claims, null); + + await _firstTimeSetupHandler.HandleAsync(context); + Assert.True(context.HasSucceeded); + } } }