diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
index b5b9d89041..953acac807 100644
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
@@ -1,6 +1,4 @@
-#nullable enable
-
-using System.Net;
+using System.Net;
using System.Security.Claims;
using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums;
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index 5e5e25e847..ea02e6a0b1 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
using System.Globalization;
using System.Security.Authentication;
using System.Security.Claims;
diff --git a/Jellyfin.Api/Controllers/ActivityLogController.cs b/Jellyfin.Api/Controllers/ActivityLogController.cs
index 4ae7cf5069..ec50fb022e 100644
--- a/Jellyfin.Api/Controllers/ActivityLogController.cs
+++ b/Jellyfin.Api/Controllers/ActivityLogController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
using System;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities;
@@ -41,6 +40,7 @@ namespace Jellyfin.Api.Controllers
/// A containing the log entries.
[HttpGet("Entries")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "hasUserId", Justification = "Imported from ServiceStack")]
public ActionResult> GetLogEntries(
[FromQuery] int? startIndex,
[FromQuery] int? limit,
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
new file mode 100644
index 0000000000..697a0baf42
--- /dev/null
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -0,0 +1,81 @@
+using System.ComponentModel.DataAnnotations;
+using System.Threading;
+using MediaBrowser.Controller.Persistence;
+using MediaBrowser.Model.Entities;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// Display Preferences Controller.
+ ///
+ [Authorize]
+ public class DisplayPreferencesController : BaseJellyfinApiController
+ {
+ private readonly IDisplayPreferencesRepository _displayPreferencesRepository;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of interface.
+ public DisplayPreferencesController(IDisplayPreferencesRepository displayPreferencesRepository)
+ {
+ _displayPreferencesRepository = displayPreferencesRepository;
+ }
+
+ ///
+ /// Get Display Preferences.
+ ///
+ /// Display preferences id.
+ /// User id.
+ /// Client.
+ /// Display preferences retrieved.
+ /// An containing the display preferences on success, or a if the display preferences could not be found.
+ [HttpGet("{DisplayPreferencesId}")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult GetDisplayPreferences(
+ [FromRoute] string displayPreferencesId,
+ [FromQuery] [Required] string userId,
+ [FromQuery] [Required] string client)
+ {
+ return _displayPreferencesRepository.GetDisplayPreferences(displayPreferencesId, userId, client);
+ }
+
+ ///
+ /// Update Display Preferences.
+ ///
+ /// Display preferences id.
+ /// User Id.
+ /// Client.
+ /// New Display Preferences object.
+ /// Display preferences updated.
+ /// An on success, or a if the display preferences could not be found.
+ [HttpPost("{DisplayPreferencesId}")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(typeof(ModelStateDictionary), StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult UpdateDisplayPreferences(
+ [FromRoute] string displayPreferencesId,
+ [FromQuery, BindRequired] string userId,
+ [FromQuery, BindRequired] string client,
+ [FromBody, BindRequired] DisplayPreferences displayPreferences)
+ {
+ if (displayPreferencesId == null)
+ {
+ // TODO - refactor so parameter doesn't exist or is actually used.
+ }
+
+ _displayPreferencesRepository.SaveDisplayPreferences(
+ displayPreferences,
+ userId,
+ client,
+ CancellationToken.None);
+
+ return Ok();
+ }
+ }
+}
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index 6a6e6a64a3..dc5b0d9061 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
-using System;
+using System;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
@@ -137,6 +136,7 @@ namespace Jellyfin.Api.Controllers
/// Query filters.
[HttpGet("/Items/Filters2")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "mediaTypes", Justification = "Imported from ServiceStack")]
public ActionResult GetQueryFilters(
[FromQuery] Guid? userId,
[FromQuery] string? parentId,
diff --git a/Jellyfin.Api/Controllers/ItemRefreshController.cs b/Jellyfin.Api/Controllers/ItemRefreshController.cs
index a1df22e411..6a16a89c5a 100644
--- a/Jellyfin.Api/Controllers/ItemRefreshController.cs
+++ b/Jellyfin.Api/Controllers/ItemRefreshController.cs
@@ -1,6 +1,5 @@
-#pragma warning disable CA1801
-
using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Model.IO;
@@ -54,6 +53,7 @@ namespace Jellyfin.Api.Controllers
[Description("Refreshes metadata for an item.")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "recursive", Justification = "Imported from ServiceStack")]
public ActionResult Post(
[FromRoute] string id,
[FromQuery] MetadataRefreshMode metadataRefreshMode = MetadataRefreshMode.None,
diff --git a/Jellyfin.Api/Controllers/LibraryStructureController.cs b/Jellyfin.Api/Controllers/LibraryStructureController.cs
index ca2905b114..62c5474099 100644
--- a/Jellyfin.Api/Controllers/LibraryStructureController.cs
+++ b/Jellyfin.Api/Controllers/LibraryStructureController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@@ -56,6 +55,7 @@ namespace Jellyfin.Api.Controllers
/// An with the virtual folders.
[HttpGet]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult> GetVirtualFolders([FromQuery] string userId)
{
return _libraryManager.GetVirtualFolders(true);
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index a1f9b9e8f7..01dd23c77f 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Threading;
using Jellyfin.Api.Models.NotificationDtos;
@@ -45,6 +44,10 @@ namespace Jellyfin.Api.Controllers
/// An containing a list of notifications.
[HttpGet("{UserID}")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isRead", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "startIndex", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "limit", Justification = "Imported from ServiceStack")]
public ActionResult GetNotifications(
[FromRoute] string userId,
[FromQuery] bool? isRead,
@@ -62,6 +65,7 @@ namespace Jellyfin.Api.Controllers
/// An containing a summary of the users notifications.
[HttpGet("{UserID}/Summary")]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
public ActionResult GetNotificationsSummary(
[FromRoute] string userId)
{
@@ -136,6 +140,8 @@ namespace Jellyfin.Api.Controllers
/// A .
[HttpPost("{UserID}/Read")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetRead(
[FromRoute] string userId,
[FromQuery] string ids)
@@ -152,6 +158,8 @@ namespace Jellyfin.Api.Controllers
/// A .
[HttpPost("{UserID}/Unread")]
[ProducesResponseType(StatusCodes.Status204NoContent)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
public ActionResult SetUnread(
[FromRoute] string userId,
[FromQuery] string ids)
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index fdb2f4c35b..6075544cf7 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -1,7 +1,6 @@
-#pragma warning disable CA1801
-
-using System;
+using System;
using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
using System.Linq;
using System.Text.Json;
using System.Threading.Tasks;
@@ -46,6 +45,7 @@ namespace Jellyfin.Api.Controllers
/// Installed plugins returned.
/// List of currently installed plugins.
[HttpGet]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isAppStoreEnabled", Justification = "Imported from ServiceStack")]
public ActionResult> GetPlugins([FromRoute] bool? isAppStoreEnabled)
{
return Ok(_appHost.Plugins.OrderBy(p => p.Name).Select(p => p.GetPluginInfo()));
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 69b83379d9..74ec5f9b52 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -1,8 +1,7 @@
-#pragma warning disable CA1801
-
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
@@ -251,9 +250,9 @@ namespace Jellyfin.Api.Controllers
[HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
public async Task GetSubtitlePlaylist(
[FromRoute] Guid id,
- // TODO: 'int index' is never used: CA1801 is disabled
[FromRoute] int index,
[FromRoute] string mediaSourceId,
[FromQuery, Required] int segmentLength)
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
new file mode 100644
index 0000000000..68ab5813ce
--- /dev/null
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -0,0 +1,552 @@
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
+using System.Linq;
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using Jellyfin.Api.Helpers;
+using Jellyfin.Api.Models.UserDtos;
+using Jellyfin.Data.Enums;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.Session;
+using MediaBrowser.Model.Configuration;
+using MediaBrowser.Model.Dto;
+using MediaBrowser.Model.Users;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+ ///
+ /// User controller.
+ ///
+ [Route("/Users")]
+ public class UserController : BaseJellyfinApiController
+ {
+ private readonly IUserManager _userManager;
+ private readonly ISessionManager _sessionManager;
+ private readonly INetworkManager _networkManager;
+ private readonly IDeviceManager _deviceManager;
+ private readonly IAuthorizationContext _authContext;
+ private readonly IServerConfigurationManager _config;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ /// Instance of the interface.
+ public UserController(
+ IUserManager userManager,
+ ISessionManager sessionManager,
+ INetworkManager networkManager,
+ IDeviceManager deviceManager,
+ IAuthorizationContext authContext,
+ IServerConfigurationManager config)
+ {
+ _userManager = userManager;
+ _sessionManager = sessionManager;
+ _networkManager = networkManager;
+ _deviceManager = deviceManager;
+ _authContext = authContext;
+ _config = config;
+ }
+
+ ///
+ /// Gets a list of users.
+ ///
+ /// Optional filter by IsHidden=true or false.
+ /// Optional filter by IsDisabled=true or false.
+ /// Optional filter by IsGuest=true or false.
+ /// Users returned.
+ /// An containing the users.
+ [HttpGet]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isGuest", Justification = "Imported from ServiceStack")]
+ public ActionResult> GetUsers(
+ [FromQuery] bool? isHidden,
+ [FromQuery] bool? isDisabled,
+ [FromQuery] bool? isGuest)
+ {
+ var users = Get(isHidden, isDisabled, false, false);
+ return Ok(users);
+ }
+
+ ///
+ /// Gets a list of publicly visible users for display on a login screen.
+ ///
+ /// Public users returned.
+ /// An containing the public users.
+ [HttpGet("Public")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public ActionResult> GetPublicUsers()
+ {
+ // If the startup wizard hasn't been completed then just return all users
+ if (!_config.Configuration.IsStartupWizardCompleted)
+ {
+ return Ok(Get(false, false, false, false));
+ }
+
+ return Ok(Get(false, false, true, true));
+ }
+
+ ///
+ /// Gets a user by Id.
+ ///
+ /// The user id.
+ /// User returned.
+ /// User not found.
+ /// An with information about the user or a if the user was not found.
+ [HttpGet("{id}")]
+ [Authorize(Policy = Policies.IgnoreSchedule)]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult GetUserById([FromRoute] Guid id)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ var result = _userManager.GetUserDto(user, HttpContext.Connection.RemoteIpAddress.ToString());
+ return result;
+ }
+
+ ///
+ /// Deletes a user.
+ ///
+ /// The user id.
+ /// User deleted.
+ /// User not found.
+ /// A indicating success or a if the user was not found.
+ [HttpDelete("{id}")]
+ [Authorize(Policy = Policies.RequiresElevation)]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult DeleteUser([FromRoute] Guid id)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ _sessionManager.RevokeUserTokens(user.Id, null);
+ _userManager.DeleteUser(user);
+ return NoContent();
+ }
+
+ ///
+ /// Authenticates a user.
+ ///
+ /// The user id.
+ /// The password as plain text.
+ /// The password sha1-hash.
+ /// User authenticated.
+ /// Sha1-hashed password only is not allowed.
+ /// User not found.
+ /// A containing an .
+ [HttpPost("{id}/Authenticate")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public async Task> AuthenticateUser(
+ [FromRoute, Required] Guid id,
+ [FromQuery, BindRequired] string pw,
+ [FromQuery, BindRequired] string password)
+ {
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (!string.IsNullOrEmpty(password) && string.IsNullOrEmpty(pw))
+ {
+ return Forbid("Only sha1 password is not allowed.");
+ }
+
+ // Password should always be null
+ AuthenticateUserByName request = new AuthenticateUserByName
+ {
+ Username = user.Username,
+ Password = null,
+ Pw = pw
+ };
+ return await AuthenticateUserByName(request).ConfigureAwait(false);
+ }
+
+ ///
+ /// Authenticates a user by name.
+ ///
+ /// The request.
+ /// User authenticated.
+ /// A containing an with information about the new session.
+ [HttpPost("AuthenticateByName")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> AuthenticateUserByName([FromBody, BindRequired] AuthenticateUserByName request)
+ {
+ var auth = _authContext.GetAuthorizationInfo(Request);
+
+ try
+ {
+ var result = await _sessionManager.AuthenticateNewSession(new AuthenticationRequest
+ {
+ App = auth.Client,
+ AppVersion = auth.Version,
+ DeviceId = auth.DeviceId,
+ DeviceName = auth.Device,
+ Password = request.Pw,
+ PasswordSha1 = request.Password,
+ RemoteEndPoint = HttpContext.Connection.RemoteIpAddress.ToString(),
+ Username = request.Username
+ }).ConfigureAwait(false);
+
+ return result;
+ }
+ catch (SecurityException e)
+ {
+ // rethrow adding IP address to message
+ throw new SecurityException($"[{HttpContext.Connection.RemoteIpAddress}] {e.Message}", e);
+ }
+ }
+
+ ///
+ /// Updates a user's password.
+ ///
+ /// The user id.
+ /// The request.
+ /// Password successfully reset.
+ /// User is not allowed to update the password.
+ /// User not found.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}/Password")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public async Task UpdateUserPassword(
+ [FromRoute] Guid id,
+ [FromBody] UpdateUserPassword request)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+ {
+ return Forbid("User is not allowed to update the password.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (request.ResetPassword)
+ {
+ await _userManager.ResetPassword(user).ConfigureAwait(false);
+ }
+ else
+ {
+ var success = await _userManager.AuthenticateUser(
+ user.Username,
+ request.CurrentPw,
+ request.CurrentPw,
+ HttpContext.Connection.RemoteIpAddress.ToString(),
+ false).ConfigureAwait(false);
+
+ if (success == null)
+ {
+ return Forbid("Invalid user or password entered.");
+ }
+
+ await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
+
+ var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
+
+ _sessionManager.RevokeUserTokens(user.Id, currentToken);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user's easy password.
+ ///
+ /// The user id.
+ /// The request.
+ /// Password successfully reset.
+ /// User is not allowed to update the password.
+ /// User not found.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}/EasyPassword")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ [ProducesResponseType(StatusCodes.Status404NotFound)]
+ public ActionResult UpdateUserEasyPassword(
+ [FromRoute] Guid id,
+ [FromBody] UpdateUserEasyPassword request)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+ {
+ return Forbid("User is not allowed to update the easy password.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (user == null)
+ {
+ return NotFound("User not found");
+ }
+
+ if (request.ResetPassword)
+ {
+ _userManager.ResetEasyPassword(user);
+ }
+ else
+ {
+ _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user.
+ ///
+ /// The user id.
+ /// The updated user model.
+ /// User updated.
+ /// User information was not supplied.
+ /// User update forbidden.
+ /// A indicating success or a or a on failure.
+ [HttpPost("{id}")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public async Task UpdateUser(
+ [FromRoute] Guid id,
+ [FromBody] UserDto updateUser)
+ {
+ if (updateUser == null)
+ {
+ return BadRequest();
+ }
+
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+ {
+ return Forbid("User update not allowed.");
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
+ {
+ await _userManager.UpdateUserAsync(user).ConfigureAwait(false);
+ _userManager.UpdateConfiguration(user.Id, updateUser.Configuration);
+ }
+ else
+ {
+ await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
+ _userManager.UpdateConfiguration(updateUser.Id, updateUser.Configuration);
+ }
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user policy.
+ ///
+ /// The user id.
+ /// The new user policy.
+ /// User policy updated.
+ /// User policy was not supplied.
+ /// User policy update forbidden.
+ /// A indicating success or a or a on failure..
+ [HttpPost("{id}/Policy")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status400BadRequest)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public ActionResult UpdateUserPolicy(
+ [FromRoute] Guid id,
+ [FromBody] UserPolicy newPolicy)
+ {
+ if (newPolicy == null)
+ {
+ return BadRequest();
+ }
+
+ var user = _userManager.GetUserById(id);
+
+ // If removing admin access
+ if (!(newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator)))
+ {
+ if (_userManager.Users.Count(i => i.HasPermission(PermissionKind.IsAdministrator)) == 1)
+ {
+ return Forbid("There must be at least one user in the system with administrative access.");
+ }
+ }
+
+ // If disabling
+ if (newPolicy.IsDisabled && user.HasPermission(PermissionKind.IsAdministrator))
+ {
+ return Forbid("Administrators cannot be disabled.");
+ }
+
+ // If disabling
+ if (newPolicy.IsDisabled && !user.HasPermission(PermissionKind.IsDisabled))
+ {
+ if (_userManager.Users.Count(i => !i.HasPermission(PermissionKind.IsDisabled)) == 1)
+ {
+ return Forbid("There must be at least one enabled user in the system.");
+ }
+
+ var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
+ _sessionManager.RevokeUserTokens(user.Id, currentToken);
+ }
+
+ _userManager.UpdatePolicy(id, newPolicy);
+
+ return NoContent();
+ }
+
+ ///
+ /// Updates a user configuration.
+ ///
+ /// The user id.
+ /// The new user configuration.
+ /// User configuration updated.
+ /// User configuration update forbidden.
+ /// A indicating success.
+ [HttpPost("{id}/Configuration")]
+ [Authorize]
+ [ProducesResponseType(StatusCodes.Status204NoContent)]
+ [ProducesResponseType(StatusCodes.Status403Forbidden)]
+ public ActionResult UpdateUserConfiguration(
+ [FromRoute] Guid id,
+ [FromBody] UserConfiguration userConfig)
+ {
+ if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+ {
+ return Forbid("User configuration update not allowed");
+ }
+
+ _userManager.UpdateConfiguration(id, userConfig);
+
+ return NoContent();
+ }
+
+ ///
+ /// Creates a user.
+ ///
+ /// The create user by name request body.
+ /// User created.
+ /// An of the new user.
+ [HttpPost("/Users/New")]
+ [Authorize(Policy = Policies.RequiresElevation)]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> CreateUserByName([FromBody] CreateUserByName request)
+ {
+ var newUser = _userManager.CreateUser(request.Name);
+
+ // no need to authenticate password for new user
+ if (request.Password != null)
+ {
+ await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
+ }
+
+ var result = _userManager.GetUserDto(newUser, HttpContext.Connection.RemoteIpAddress.ToString());
+
+ return result;
+ }
+
+ ///
+ /// Initiates the forgot password process for a local user.
+ ///
+ /// The entered username.
+ /// Password reset process started.
+ /// A containing a .
+ [HttpPost("ForgotPassword")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> ForgotPassword([FromBody] string enteredUsername)
+ {
+ var isLocal = HttpContext.Connection.RemoteIpAddress.Equals(HttpContext.Connection.LocalIpAddress)
+ || _networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString());
+
+ var result = await _userManager.StartForgotPasswordProcess(enteredUsername, isLocal).ConfigureAwait(false);
+
+ return result;
+ }
+
+ ///
+ /// Redeems a forgot password pin.
+ ///
+ /// The pin.
+ /// Pin reset process started.
+ /// A containing a .
+ [HttpPost("ForgotPassword/Pin")]
+ [ProducesResponseType(StatusCodes.Status200OK)]
+ public async Task> ForgotPasswordPin([FromBody] string pin)
+ {
+ var result = await _userManager.RedeemPasswordResetPin(pin).ConfigureAwait(false);
+ return result;
+ }
+
+ private IEnumerable Get(bool? isHidden, bool? isDisabled, bool filterByDevice, bool filterByNetwork)
+ {
+ var users = _userManager.Users;
+
+ if (isDisabled.HasValue)
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == isDisabled.Value);
+ }
+
+ if (isHidden.HasValue)
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == isHidden.Value);
+ }
+
+ if (filterByDevice)
+ {
+ var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
+
+ if (!string.IsNullOrWhiteSpace(deviceId))
+ {
+ users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
+ }
+ }
+
+ if (filterByNetwork)
+ {
+ if (!_networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString()))
+ {
+ users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
+ }
+ }
+
+ var result = users
+ .OrderBy(u => u.Username)
+ .Select(i => _userManager.GetUserDto(i, HttpContext.Connection.RemoteIpAddress.ToString()));
+
+ return result;
+ }
+ }
+}
diff --git a/Jellyfin.Api/Extensions/DtoExtensions.cs b/Jellyfin.Api/Extensions/DtoExtensions.cs
new file mode 100644
index 0000000000..4c587391fc
--- /dev/null
+++ b/Jellyfin.Api/Extensions/DtoExtensions.cs
@@ -0,0 +1,162 @@
+using System;
+using System.Linq;
+using Jellyfin.Api.Helpers;
+using MediaBrowser.Controller.Dto;
+using MediaBrowser.Model.Entities;
+using MediaBrowser.Model.Querying;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Extensions
+{
+ ///
+ /// Dto Extensions.
+ ///
+ public static class DtoExtensions
+ {
+ ///
+ /// Add Dto Item fields.
+ ///
+ ///
+ /// Converted from IHasItemFields.
+ /// Legacy order: 1.
+ ///
+ /// DtoOptions object.
+ /// Comma delimited string of fields.
+ /// Modified DtoOptions object.
+ internal static DtoOptions AddItemFields(this DtoOptions dtoOptions, string fields)
+ {
+ if (string.IsNullOrEmpty(fields))
+ {
+ dtoOptions.Fields = Array.Empty();
+ }
+ else
+ {
+ dtoOptions.Fields = fields.Split(',')
+ .Select(v =>
+ {
+ if (Enum.TryParse(v, true, out ItemFields value))
+ {
+ return (ItemFields?)value;
+ }
+
+ return null;
+ })
+ .Where(i => i.HasValue)
+ .Select(i => i!.Value)
+ .ToArray();
+ }
+
+ return dtoOptions;
+ }
+
+ ///
+ /// Add additional fields depending on client.
+ ///
+ ///
+ /// Use in place of GetDtoOptions.
+ /// Legacy order: 2.
+ ///
+ /// DtoOptions object.
+ /// Current request.
+ /// Modified DtoOptions object.
+ internal static DtoOptions AddClientFields(
+ this DtoOptions dtoOptions, HttpRequest request)
+ {
+ dtoOptions.Fields ??= Array.Empty();
+
+ string? client = ClaimHelpers.GetClient(request.HttpContext.User);
+
+ // No client in claim
+ if (string.IsNullOrEmpty(client))
+ {
+ return dtoOptions;
+ }
+
+ if (!dtoOptions.ContainsField(ItemFields.RecursiveItemCount))
+ {
+ if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1)
+ {
+ int oldLen = dtoOptions.Fields.Length;
+ var arr = new ItemFields[oldLen + 1];
+ dtoOptions.Fields.CopyTo(arr, 0);
+ arr[oldLen] = ItemFields.RecursiveItemCount;
+ dtoOptions.Fields = arr;
+ }
+ }
+
+ if (!dtoOptions.ContainsField(ItemFields.ChildCount))
+ {
+ if (client.IndexOf("kodi", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("wmc", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("media center", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("classic", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("roku", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("samsung", StringComparison.OrdinalIgnoreCase) != -1 ||
+ client.IndexOf("androidtv", StringComparison.OrdinalIgnoreCase) != -1)
+ {
+ int oldLen = dtoOptions.Fields.Length;
+ var arr = new ItemFields[oldLen + 1];
+ dtoOptions.Fields.CopyTo(arr, 0);
+ arr[oldLen] = ItemFields.ChildCount;
+ dtoOptions.Fields = arr;
+ }
+ }
+
+ return dtoOptions;
+ }
+
+ ///
+ /// Add additional DtoOptions.
+ ///
+ ///
+ /// Converted from IHasDtoOptions.
+ /// Legacy order: 3.
+ ///
+ /// DtoOptions object.
+ /// Enable images.
+ /// Enable user data.
+ /// Image type limit.
+ /// Enable image types.
+ /// Modified DtoOptions object.
+ internal static DtoOptions AddAdditionalDtoOptions(
+ in DtoOptions dtoOptions,
+ bool? enableImages,
+ bool? enableUserData,
+ int? imageTypeLimit,
+ string enableImageTypes)
+ {
+ dtoOptions.EnableImages = enableImages ?? true;
+
+ if (imageTypeLimit.HasValue)
+ {
+ dtoOptions.ImageTypeLimit = imageTypeLimit.Value;
+ }
+
+ if (enableUserData.HasValue)
+ {
+ dtoOptions.EnableUserData = enableUserData.Value;
+ }
+
+ if (!string.IsNullOrWhiteSpace(enableImageTypes))
+ {
+ dtoOptions.ImageTypes = enableImageTypes.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries)
+ .Select(v => (ImageType)Enum.Parse(typeof(ImageType), v, true))
+ .ToArray();
+ }
+
+ return dtoOptions;
+ }
+
+ ///
+ /// Check if DtoOptions contains field.
+ ///
+ /// DtoOptions object.
+ /// Field to check.
+ /// Field existence.
+ internal static bool ContainsField(this DtoOptions dtoOptions, ItemFields field)
+ => dtoOptions.Fields != null && dtoOptions.Fields.Contains(field);
+ }
+}
diff --git a/Jellyfin.Api/Helpers/ClaimHelpers.cs b/Jellyfin.Api/Helpers/ClaimHelpers.cs
index a07d4ed820..df235ced25 100644
--- a/Jellyfin.Api/Helpers/ClaimHelpers.cs
+++ b/Jellyfin.Api/Helpers/ClaimHelpers.cs
@@ -1,6 +1,4 @@
-#nullable enable
-
-using System;
+using System;
using System.Linq;
using System.Security.Claims;
using Jellyfin.Api.Constants;
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 2aa700de3b..2ff40a8a5e 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -1,4 +1,5 @@
using System;
+using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using Microsoft.AspNetCore.Http;
@@ -29,6 +30,30 @@ namespace Jellyfin.Api.Helpers
: value.Split(separator);
}
+ ///
+ /// Checks if the user can update an entry.
+ ///
+ /// Instance of the interface.
+ /// The .
+ /// The user id.
+ /// Whether to restrict the user preferences.
+ /// A whether the user can update the entry.
+ internal static bool AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences)
+ {
+ var auth = authContext.GetAuthorizationInfo(requestContext);
+
+ var authenticatedUser = auth.User;
+
+ // If they're going to update the record of another user, they must be an administrator
+ if ((!userId.Equals(auth.UserId) && !authenticatedUser.HasPermission(PermissionKind.IsAdministrator))
+ || (restrictUserPreferences && !authenticatedUser.EnableUserPreferenceAccess))
+ {
+ return false;
+ }
+
+ return true;
+ }
+
internal static SessionInfo GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
{
var authorization = authContext.GetAuthorizationInfo(request);
diff --git a/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs b/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs
new file mode 100644
index 0000000000..3936274356
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/AuthenticateUserByName.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The authenticate user by name request body.
+ ///
+ public class AuthenticateUserByName
+ {
+ ///
+ /// Gets or sets the username.
+ ///
+ public string? Username { get; set; }
+
+ ///
+ /// Gets or sets the plain text password.
+ ///
+ public string? Pw { get; set; }
+
+ ///
+ /// Gets or sets the sha1-hashed password.
+ ///
+ public string? Password { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
new file mode 100644
index 0000000000..1c88d36287
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/CreateUserByName.cs
@@ -0,0 +1,18 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The create user by name request body.
+ ///
+ public class CreateUserByName
+ {
+ ///
+ /// Gets or sets the username.
+ ///
+ public string? Name { get; set; }
+
+ ///
+ /// Gets or sets the password.
+ ///
+ public string? Password { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs b/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs
new file mode 100644
index 0000000000..0a173ea1a9
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/UpdateUserEasyPassword.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The update user easy password request body.
+ ///
+ public class UpdateUserEasyPassword
+ {
+ ///
+ /// Gets or sets the new sha1-hashed password.
+ ///
+ public string? NewPassword { get; set; }
+
+ ///
+ /// Gets or sets the new password.
+ ///
+ public string? NewPw { get; set; }
+
+ ///
+ /// Gets or sets a value indicating whether to reset the password.
+ ///
+ public bool ResetPassword { get; set; }
+ }
+}
diff --git a/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs b/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs
new file mode 100644
index 0000000000..8288dbbc44
--- /dev/null
+++ b/Jellyfin.Api/Models/UserDtos/UpdateUserPassword.cs
@@ -0,0 +1,28 @@
+namespace Jellyfin.Api.Models.UserDtos
+{
+ ///
+ /// The update user password request body.
+ ///
+ public class UpdateUserPassword
+ {
+ ///
+ /// Gets or sets the current sha1-hashed password.
+ ///
+ public string? CurrentPassword { get; set; }
+
+ ///
+ /// Gets or sets the current plain text password.
+ ///
+ public string? CurrentPw { get; set; }
+
+ ///
+ /// Gets or sets the new plain text password.
+ ///
+ public string? NewPw { get; set; }
+
+ ///
+ /// Gets or sets a value indicating whether to reset the password.
+ ///
+ public bool ResetPassword { get; set; }
+ }
+}
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index dbd5ba4166..aad61d0429 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -215,6 +215,31 @@ namespace Jellyfin.Server.Extensions
Format = "string"
})
});
+
+ /*
+ * Support BlurHash dictionary
+ */
+ options.MapType>>(() =>
+ new OpenApiSchema
+ {
+ Type = "object",
+ Properties = typeof(ImageType).GetEnumNames().ToDictionary(
+ name => name,
+ name => new OpenApiSchema
+ {
+ Type = "object", Properties = new Dictionary
+ {
+ {
+ "string",
+ new OpenApiSchema
+ {
+ Type = "string",
+ Format = "string"
+ }
+ }
+ }
+ })
+ });
}
}
}
diff --git a/MediaBrowser.Api/DisplayPreferencesService.cs b/MediaBrowser.Api/DisplayPreferencesService.cs
deleted file mode 100644
index 62c4ff43f2..0000000000
--- a/MediaBrowser.Api/DisplayPreferencesService.cs
+++ /dev/null
@@ -1,101 +0,0 @@
-using System.Threading;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Persistence;
-using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.Serialization;
-using MediaBrowser.Model.Services;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api
-{
- ///
- /// Class UpdateDisplayPreferences
- ///
- [Route("/DisplayPreferences/{DisplayPreferencesId}", "POST", Summary = "Updates a user's display preferences for an item")]
- public class UpdateDisplayPreferences : DisplayPreferences, IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "DisplayPreferencesId", Description = "DisplayPreferences Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public string DisplayPreferencesId { get; set; }
-
- [ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "POST")]
- public string UserId { get; set; }
- }
-
- [Route("/DisplayPreferences/{Id}", "GET", Summary = "Gets a user's display preferences for an item")]
- public class GetDisplayPreferences : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Id", Description = "Item Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
- public string Id { get; set; }
-
- [ApiMember(Name = "UserId", Description = "User Id", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
- public string UserId { get; set; }
-
- [ApiMember(Name = "Client", Description = "Client", IsRequired = true, DataType = "string", ParameterType = "query", Verb = "GET")]
- public string Client { get; set; }
- }
-
- ///
- /// Class DisplayPreferencesService
- ///
- [Authenticated]
- public class DisplayPreferencesService : BaseApiService
- {
- ///
- /// The _display preferences manager
- ///
- private readonly IDisplayPreferencesRepository _displayPreferencesManager;
- ///
- /// The _json serializer
- ///
- private readonly IJsonSerializer _jsonSerializer;
-
- ///
- /// Initializes a new instance of the class.
- ///
- /// The json serializer.
- /// The display preferences manager.
- public DisplayPreferencesService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- IJsonSerializer jsonSerializer,
- IDisplayPreferencesRepository displayPreferencesManager)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _jsonSerializer = jsonSerializer;
- _displayPreferencesManager = displayPreferencesManager;
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- public object Get(GetDisplayPreferences request)
- {
- var result = _displayPreferencesManager.GetDisplayPreferences(request.Id, request.UserId, request.Client);
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public void Post(UpdateDisplayPreferences request)
- {
- // Serialize to json and then back so that the core doesn't see the request dto type
- var displayPreferences = _jsonSerializer.DeserializeFromString(_jsonSerializer.SerializeToString(request));
-
- _displayPreferencesManager.SaveDisplayPreferences(displayPreferences, request.UserId, request.Client, CancellationToken.None);
- }
- }
-}
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
deleted file mode 100644
index 9cb9baf631..0000000000
--- a/MediaBrowser.Api/UserService.cs
+++ /dev/null
@@ -1,605 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-using Jellyfin.Data.Enums;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Authentication;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Session;
-using MediaBrowser.Model.Configuration;
-using MediaBrowser.Model.Dto;
-using MediaBrowser.Model.Services;
-using MediaBrowser.Model.Users;
-using Microsoft.Extensions.Logging;
-
-namespace MediaBrowser.Api
-{
- ///
- /// Class GetUsers
- ///
- [Route("/Users", "GET", Summary = "Gets a list of users")]
- [Authenticated]
- public class GetUsers : IReturn
- {
- [ApiMember(Name = "IsHidden", Description = "Optional filter by IsHidden=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsHidden { get; set; }
-
- [ApiMember(Name = "IsDisabled", Description = "Optional filter by IsDisabled=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsDisabled { get; set; }
-
- [ApiMember(Name = "IsGuest", Description = "Optional filter by IsGuest=true or false", IsRequired = false, DataType = "bool", ParameterType = "query", Verb = "GET")]
- public bool? IsGuest { get; set; }
- }
-
- [Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
- public class GetPublicUsers : IReturn
- {
- }
-
- ///
- /// Class GetUser
- ///
- [Route("/Users/{Id}", "GET", Summary = "Gets a user by Id")]
- [Authenticated(EscapeParentalControl = true)]
- public class GetUser : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "GET")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class DeleteUser
- ///
- [Route("/Users/{Id}", "DELETE", Summary = "Deletes a user")]
- [Authenticated(Roles = "Admin")]
- public class DeleteUser : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "DELETE")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class AuthenticateUser
- ///
- [Route("/Users/{Id}/Authenticate", "POST", Summary = "Authenticates a user")]
- public class AuthenticateUser : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
-
- [ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pw { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- [ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
- }
-
- ///
- /// Class AuthenticateUser
- ///
- [Route("/Users/AuthenticateByName", "POST", Summary = "Authenticates a user")]
- public class AuthenticateUserByName : IReturn
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- [ApiMember(Name = "Username", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Username { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- [ApiMember(Name = "Password", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
-
- [ApiMember(Name = "Pw", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pw { get; set; }
- }
-
- ///
- /// Class UpdateUserPassword
- ///
- [Route("/Users/{Id}/Password", "POST", Summary = "Updates a user's password")]
- [Authenticated]
- public class UpdateUserPassword : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- public Guid Id { get; set; }
-
- ///
- /// Gets or sets the password.
- ///
- /// The password.
- public string CurrentPassword { get; set; }
-
- public string CurrentPw { get; set; }
-
- public string NewPw { get; set; }
-
- ///
- /// Gets or sets a value indicating whether [reset password].
- ///
- /// true if [reset password]; otherwise, false.
- public bool ResetPassword { get; set; }
- }
-
- ///
- /// Class UpdateUserEasyPassword
- ///
- [Route("/Users/{Id}/EasyPassword", "POST", Summary = "Updates a user's easy password")]
- [Authenticated]
- public class UpdateUserEasyPassword : IReturnVoid
- {
- ///
- /// Gets or sets the id.
- ///
- /// The id.
- public Guid Id { get; set; }
-
- ///
- /// Gets or sets the new password.
- ///
- /// The new password.
- public string NewPassword { get; set; }
-
- public string NewPw { get; set; }
-
- ///
- /// Gets or sets a value indicating whether [reset password].
- ///
- /// true if [reset password]; otherwise, false.
- public bool ResetPassword { get; set; }
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}", "POST", Summary = "Updates a user")]
- [Authenticated]
- public class UpdateUser : UserDto, IReturnVoid
- {
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}/Policy", "POST", Summary = "Updates a user policy")]
- [Authenticated(Roles = "admin")]
- public class UpdateUserPolicy : UserPolicy, IReturnVoid
- {
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class UpdateUser
- ///
- [Route("/Users/{Id}/Configuration", "POST", Summary = "Updates a user configuration")]
- [Authenticated]
- public class UpdateUserConfiguration : UserConfiguration, IReturnVoid
- {
- [ApiMember(Name = "User Id", IsRequired = true, DataType = "string", ParameterType = "path", Verb = "POST")]
- public Guid Id { get; set; }
- }
-
- ///
- /// Class CreateUser
- ///
- [Route("/Users/New", "POST", Summary = "Creates a user")]
- [Authenticated(Roles = "Admin")]
- public class CreateUserByName : IReturn
- {
- [ApiMember(Name = "Name", IsRequired = true, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Name { get; set; }
-
- [ApiMember(Name = "Password", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Password { get; set; }
- }
-
- [Route("/Users/ForgotPassword", "POST", Summary = "Initiates the forgot password process for a local user")]
- public class ForgotPassword : IReturn
- {
- [ApiMember(Name = "EnteredUsername", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string EnteredUsername { get; set; }
- }
-
- [Route("/Users/ForgotPassword/Pin", "POST", Summary = "Redeems a forgot password pin")]
- public class ForgotPasswordPin : IReturn
- {
- [ApiMember(Name = "Pin", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
- public string Pin { get; set; }
- }
-
- ///
- /// Class UsersService
- ///
- public class UserService : BaseApiService
- {
- ///
- /// The user manager.
- ///
- private readonly IUserManager _userManager;
- private readonly ISessionManager _sessionMananger;
- private readonly INetworkManager _networkManager;
- private readonly IDeviceManager _deviceManager;
- private readonly IAuthorizationContext _authContext;
-
- public UserService(
- ILogger logger,
- IServerConfigurationManager serverConfigurationManager,
- IHttpResultFactory httpResultFactory,
- IUserManager userManager,
- ISessionManager sessionMananger,
- INetworkManager networkManager,
- IDeviceManager deviceManager,
- IAuthorizationContext authContext)
- : base(logger, serverConfigurationManager, httpResultFactory)
- {
- _userManager = userManager;
- _sessionMananger = sessionMananger;
- _networkManager = networkManager;
- _deviceManager = deviceManager;
- _authContext = authContext;
- }
-
- public object Get(GetPublicUsers request)
- {
- // If the startup wizard hasn't been completed then just return all users
- if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
- {
- return Get(new GetUsers
- {
- IsDisabled = false
- });
- }
-
- return Get(new GetUsers
- {
- IsHidden = false,
- IsDisabled = false
- }, true, true);
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- /// System.Object.
- public object Get(GetUsers request)
- {
- return Get(request, false, false);
- }
-
- private object Get(GetUsers request, bool filterByDevice, bool filterByNetwork)
- {
- var users = _userManager.Users;
-
- if (request.IsDisabled.HasValue)
- {
- users = users.Where(i => i.HasPermission(PermissionKind.IsDisabled) == request.IsDisabled.Value);
- }
-
- if (request.IsHidden.HasValue)
- {
- users = users.Where(i => i.HasPermission(PermissionKind.IsHidden) == request.IsHidden.Value);
- }
-
- if (filterByDevice)
- {
- var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
-
- if (!string.IsNullOrWhiteSpace(deviceId))
- {
- users = users.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
- }
- }
-
- if (filterByNetwork)
- {
- if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
- {
- users = users.Where(i => i.HasPermission(PermissionKind.EnableRemoteAccess));
- }
- }
-
- var result = users
- .OrderBy(u => u.Username)
- .Select(i => _userManager.GetUserDto(i, Request.RemoteIp))
- .ToArray();
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Gets the specified request.
- ///
- /// The request.
- /// System.Object.
- public object Get(GetUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- var result = _userManager.GetUserDto(user, Request.RemoteIp);
-
- return ToOptimizedResult(result);
- }
-
- ///
- /// Deletes the specified request.
- ///
- /// The request.
- public Task Delete(DeleteUser request)
- {
- return DeleteAsync(request);
- }
-
- public Task DeleteAsync(DeleteUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- _sessionMananger.RevokeUserTokens(user.Id, null);
- _userManager.DeleteUser(user);
- return Task.CompletedTask;
- }
-
- ///
- /// Posts the specified request.
- ///
- /// The request.
- public object Post(AuthenticateUser request)
- {
- var user = _userManager.GetUserById(request.Id);
-
- if (user == null)
- {
- throw new ResourceNotFoundException("User not found");
- }
-
- if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
- {
- throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
- }
-
- // Password should always be null
- return Post(new AuthenticateUserByName
- {
- Username = user.Username,
- Password = null,
- Pw = request.Pw
- });
- }
-
- public async Task