Merge pull request #10336 from Bond-009/authorization

8 months ago · cf806ddcaa
parent 7fc804e4b8 b87765bace
commit cf806ddcaa
2 changed files with 13 additions and 30 deletions
--- a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
+++ b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
@ -49,14 +49,13 @@ namespace Jellyfin.Server.Implementations.Security
        /// <summary>
        /// Gets the authorization.
        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
+        /// <param name="httpContext">The HTTP context.</param>
        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private async Task<AuthorizationInfo> GetAuthorization(HttpContext httpReq)
+        private async Task<AuthorizationInfo> GetAuthorization(HttpContext httpContext)
        {
-            var auth = GetAuthorizationDictionary(httpReq);
-            var authInfo = await GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query).ConfigureAwait(false);
+            var authInfo = await GetAuthorizationInfo(httpContext.Request).ConfigureAwait(false);

-            httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
+            httpContext.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
            return authInfo;
        }

@ -80,7 +79,6 @@ namespace Jellyfin.Server.Implementations.Security
                auth.TryGetValue("Token", out token);
            }

-#pragma warning disable CA1508 // string.IsNullOrEmpty(token) is always false.
            if (string.IsNullOrEmpty(token))
            {
                token = headers["X-Emby-Token"];
@ -118,7 +116,6 @@ namespace Jellyfin.Server.Implementations.Security
                // Request doesn't contain a token.
                return authInfo;
            }
-#pragma warning restore CA1508

            authInfo.HasToken = true;
            var dbContext = await _jellyfinDbProvider.CreateDbContextAsync().ConfigureAwait(false);
@ -219,24 +216,7 @@ namespace Jellyfin.Server.Implementations.Security
        /// <summary>
        /// Gets the auth.
        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
-        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private static Dictionary<string, string>? GetAuthorizationDictionary(HttpContext httpReq)
-        {
-            var auth = httpReq.Request.Headers["X-Emby-Authorization"];
-
-            if (string.IsNullOrEmpty(auth))
-            {
-                auth = httpReq.Request.Headers[HeaderNames.Authorization];
-            }
-
-            return auth.Count > 0 ? GetAuthorization(auth[0]) : null;
-        }
-
-        /// <summary>
-        /// Gets the auth.
-        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
+        /// <param name="httpReq">The HTTP request.</param>
        /// <returns>Dictionary{System.StringSystem.String}.</returns>
        private static Dictionary<string, string>? GetAuthorizationDictionary(HttpRequest httpReq)
        {
--- a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
+++ b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs
@ -15,8 +15,8 @@ namespace Jellyfin.Server.Integration.Tests
 {
    public static class AuthHelper
    {
-        public const string AuthHeaderName = "X-Emby-Authorization";
-        public const string DummyAuthHeader = "MediaBrowser Client=\"Jellyfin.Server Integration Tests\", DeviceId=\"69420\", Device=\"Apple II\", Version=\"10.8.0\"";
+        public const string AuthHeaderName = "Authorization";
+        public const string DummyAuthHeader = "MediaBrowser Client=\"Jellyfin.Server%20Integration%20Tests\", DeviceId=\"69420\", Device=\"Apple%20II\", Version=\"10.8.0\"";

        public static async Task<string> CompleteStartupAsync(HttpClient client)
        {
@ -27,16 +27,19 @@ namespace Jellyfin.Server.Integration.Tests
            using var completeResponse = await client.PostAsync("/Startup/Complete", new ByteArrayContent(Array.Empty<byte>()));
            Assert.Equal(HttpStatusCode.NoContent, completeResponse.StatusCode);

-            using var content = JsonContent.Create(
+            using var httpRequest = new HttpRequestMessage(HttpMethod.Post, "/Users/AuthenticateByName");
+            httpRequest.Headers.TryAddWithoutValidation(AuthHeaderName, DummyAuthHeader);
+            httpRequest.Content = JsonContent.Create(
                new AuthenticateUserByName()
                {
                    Username = user!.Name,
                    Pw = user.Password,
                },
                options: jsonOptions);
-            content.Headers.Add("X-Emby-Authorization", DummyAuthHeader);

-            using var authResponse = await client.PostAsync("/Users/AuthenticateByName", content);
+            using var authResponse = await client.SendAsync(httpRequest);
+            authResponse.EnsureSuccessStatusCode();
+
            var auth = await JsonSerializer.DeserializeAsync<AuthenticationResultDto>(
                await authResponse.Content.ReadAsStreamAsync(),
                jsonOptions);