diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs
index b1ee2ff53b..73da2f906a 100644
--- a/Jellyfin.Api/Controllers/QuickConnectController.cs
+++ b/Jellyfin.Api/Controllers/QuickConnectController.cs
@@ -1,9 +1,7 @@
-using System;
using System.ComponentModel.DataAnnotations;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers;
using MediaBrowser.Common.Extensions;
-using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Model.QuickConnect;
using Microsoft.AspNetCore.Authorization;
@@ -18,19 +16,14 @@ namespace Jellyfin.Api.Controllers
public class QuickConnectController : BaseJellyfinApiController
{
private readonly IQuickConnect _quickConnect;
- private readonly IAuthorizationContext _authContext;
///
/// Initializes a new instance of the class.
///
/// Instance of the interface.
- /// Instance of the interface.
- public QuickConnectController(
- IQuickConnect quickConnect,
- IAuthorizationContext authContext)
+ public QuickConnectController(IQuickConnect quickConnect)
{
_quickConnect = quickConnect;
- _authContext = authContext;
}
///
@@ -121,22 +114,22 @@ namespace Jellyfin.Api.Controllers
/// Authorizes a pending quick connect request.
///
/// Quick connect code to authorize.
- /// User id.
/// Quick connect result authorized successfully.
- /// User is not allowed to authorize quick connect requests.
+ /// Unknown user id.
/// Boolean indicating if the authorization was successful.
[HttpPost("Authorize")]
[Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
- public ActionResult Authorize([FromQuery, Required] string code, [FromQuery, Required] Guid userId)
+ public ActionResult Authorize([FromQuery, Required] string code)
{
- if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+ var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
+ if (!userId.HasValue)
{
- return Forbid("User is not allowed to authorize quick connect requests.");
+ return Forbid("Unknown user id");
}
- return _quickConnect.AuthorizeRequest(userId, code);
+ return _quickConnect.AuthorizeRequest(userId.Value, code);
}
///