mirror of https://github.com/jellyfin/jellyfin.git
Fix auth endpoints using api key (#9408)
This commit is contained in:
parent
edc627fd5b
commit
4873d2a54d
|
@ -46,6 +46,13 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
|
||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isApiKey)
|
||||||
|
{
|
||||||
|
// Api keys are unrestricted.
|
||||||
|
context.Succeed(requirement);
|
||||||
|
return Task.CompletedTask;
|
||||||
|
}
|
||||||
|
|
||||||
var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
|
var isInLocalNetwork = _httpContextAccessor.HttpContext is not null
|
||||||
&& _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
|
&& _networkManager.IsInLocalNetwork(_httpContextAccessor.HttpContext.GetNormalizedRemoteIp());
|
||||||
var user = _userManager.GetUserById(userId);
|
var user = _userManager.GetUserById(userId);
|
||||||
|
@ -62,7 +69,7 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
|
||||||
}
|
}
|
||||||
|
|
||||||
// Admins can do everything
|
// Admins can do everything
|
||||||
if (isApiKey || context.User.IsInRole(UserRoles.Administrator))
|
if (context.User.IsInRole(UserRoles.Administrator))
|
||||||
{
|
{
|
||||||
context.Succeed(requirement);
|
context.Succeed(requirement);
|
||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
using System.Collections.Generic;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Net;
|
||||||
|
using System.Security.Claims;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using AutoFixture;
|
using AutoFixture;
|
||||||
using AutoFixture.AutoMoq;
|
using AutoFixture.AutoMoq;
|
||||||
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
||||||
using Jellyfin.Api.Constants;
|
using Jellyfin.Api.Constants;
|
||||||
|
using Jellyfin.Data.Entities;
|
||||||
using Jellyfin.Server.Implementations.Security;
|
using Jellyfin.Server.Implementations.Security;
|
||||||
using MediaBrowser.Common.Configuration;
|
using MediaBrowser.Common.Configuration;
|
||||||
using MediaBrowser.Controller.Library;
|
using MediaBrowser.Controller.Library;
|
||||||
|
@ -51,6 +55,32 @@ namespace Jellyfin.Api.Tests.Auth.DefaultAuthorizationPolicy
|
||||||
Assert.True(context.HasSucceeded);
|
Assert.True(context.HasSucceeded);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task ShouldSucceedOnApiKey()
|
||||||
|
{
|
||||||
|
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
||||||
|
|
||||||
|
_httpContextAccessor
|
||||||
|
.Setup(h => h.HttpContext!.Connection.RemoteIpAddress)
|
||||||
|
.Returns(new IPAddress(0));
|
||||||
|
|
||||||
|
_userManagerMock
|
||||||
|
.Setup(u => u.GetUserById(It.IsAny<Guid>()))
|
||||||
|
.Returns<User>(null);
|
||||||
|
|
||||||
|
var claims = new[]
|
||||||
|
{
|
||||||
|
new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)
|
||||||
|
};
|
||||||
|
|
||||||
|
var identity = new ClaimsIdentity(claims, string.Empty);
|
||||||
|
var principal = new ClaimsPrincipal(identity);
|
||||||
|
var context = new AuthorizationHandlerContext(_requirements, principal, null);
|
||||||
|
|
||||||
|
await _sut.HandleAsync(context);
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
|
|
||||||
[Theory]
|
[Theory]
|
||||||
[MemberData(nameof(GetParts_ValidAuthHeader_Success_Data))]
|
[MemberData(nameof(GetParts_ValidAuthHeader_Success_Data))]
|
||||||
public void GetParts_ValidAuthHeader_Success(string input, Dictionary<string, string> parts)
|
public void GetParts_ValidAuthHeader_Success(string input, Dictionary<string, string> parts)
|
||||||
|
|
Loading…
Reference in New Issue