From 1ff4f8e6c64b453eb9096b8da09f4041dbd463fc Mon Sep 17 00:00:00 2001 From: Matt Montgomery <33811686+ConfusedPolarBear@users.noreply.github.com> Date: Mon, 17 Aug 2020 18:48:58 -0500 Subject: [PATCH] Get userId from claim --- .../Controllers/QuickConnectController.cs | 21 +++++++------------ 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/Jellyfin.Api/Controllers/QuickConnectController.cs b/Jellyfin.Api/Controllers/QuickConnectController.cs index b1ee2ff53b..73da2f906a 100644 --- a/Jellyfin.Api/Controllers/QuickConnectController.cs +++ b/Jellyfin.Api/Controllers/QuickConnectController.cs @@ -1,9 +1,7 @@ -using System; using System.ComponentModel.DataAnnotations; using Jellyfin.Api.Constants; using Jellyfin.Api.Helpers; using MediaBrowser.Common.Extensions; -using MediaBrowser.Controller.Net; using MediaBrowser.Controller.QuickConnect; using MediaBrowser.Model.QuickConnect; using Microsoft.AspNetCore.Authorization; @@ -18,19 +16,14 @@ namespace Jellyfin.Api.Controllers public class QuickConnectController : BaseJellyfinApiController { private readonly IQuickConnect _quickConnect; - private readonly IAuthorizationContext _authContext; /// /// Initializes a new instance of the class. /// /// Instance of the interface. - /// Instance of the interface. - public QuickConnectController( - IQuickConnect quickConnect, - IAuthorizationContext authContext) + public QuickConnectController(IQuickConnect quickConnect) { _quickConnect = quickConnect; - _authContext = authContext; } /// @@ -121,22 +114,22 @@ namespace Jellyfin.Api.Controllers /// Authorizes a pending quick connect request. /// /// Quick connect code to authorize. - /// User id. /// Quick connect result authorized successfully. - /// User is not allowed to authorize quick connect requests. + /// Unknown user id. /// Boolean indicating if the authorization was successful. [HttpPost("Authorize")] [Authorize(Policy = Policies.DefaultAuthorization)] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status403Forbidden)] - public ActionResult Authorize([FromQuery, Required] string code, [FromQuery, Required] Guid userId) + public ActionResult Authorize([FromQuery, Required] string code) { - if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true)) + var userId = ClaimHelpers.GetUserId(Request.HttpContext.User); + if (!userId.HasValue) { - return Forbid("User is not allowed to authorize quick connect requests."); + return Forbid("Unknown user id"); } - return _quickConnect.AuthorizeRequest(userId, code); + return _quickConnect.AuthorizeRequest(userId.Value, code); } ///