From 9fbd675beddd166729f7cb579cd3e21b0cfda0dd Mon Sep 17 00:00:00 2001 From: Niels van Velzen Date: Fri, 18 Mar 2022 21:54:25 +0100 Subject: [PATCH 1/3] Add authorization attribute to GetConfigurationPages --- Jellyfin.Api/Controllers/DashboardController.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Jellyfin.Api/Controllers/DashboardController.cs b/Jellyfin.Api/Controllers/DashboardController.cs index 87cb418d97..c8411f44ba 100644 --- a/Jellyfin.Api/Controllers/DashboardController.cs +++ b/Jellyfin.Api/Controllers/DashboardController.cs @@ -4,10 +4,12 @@ using System.IO; using System.Linq; using System.Net.Mime; using Jellyfin.Api.Attributes; +using Jellyfin.Api.Constants; using Jellyfin.Api.Models; using MediaBrowser.Common.Plugins; using MediaBrowser.Model.Net; using MediaBrowser.Model.Plugins; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; @@ -46,6 +48,7 @@ namespace Jellyfin.Api.Controllers [HttpGet("web/ConfigurationPages")] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status404NotFound)] + [Authorize(Policy = Policies.DefaultAuthorization)] public ActionResult> GetConfigurationPages( [FromQuery] bool? enableInMainMenu) { From 5ece92d635132a7b61c029f3f5370e036393c25e Mon Sep 17 00:00:00 2001 From: Niels van Velzen Date: Fri, 18 Mar 2022 21:56:42 +0100 Subject: [PATCH 2/3] Add authorization attribute to UserViewsController --- Jellyfin.Api/Controllers/UserViewsController.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Jellyfin.Api/Controllers/UserViewsController.cs b/Jellyfin.Api/Controllers/UserViewsController.cs index 04171da8a8..f4c1bc9318 100644 --- a/Jellyfin.Api/Controllers/UserViewsController.cs +++ b/Jellyfin.Api/Controllers/UserViewsController.cs @@ -4,6 +4,7 @@ using System.ComponentModel.DataAnnotations; using System.Globalization; using System.Linq; using System.Threading.Tasks; +using Jellyfin.Api.Constants; using Jellyfin.Api.Extensions; using Jellyfin.Api.ModelBinders; using Jellyfin.Api.Models.UserViewDtos; @@ -15,6 +16,7 @@ using MediaBrowser.Model.Dto; using MediaBrowser.Model.Entities; using MediaBrowser.Model.Library; using MediaBrowser.Model.Querying; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; @@ -24,6 +26,7 @@ namespace Jellyfin.Api.Controllers /// User views controller. /// [Route("")] + [Authorize(Policy = Policies.DefaultAuthorization)] public class UserViewsController : BaseJellyfinApiController { private readonly IUserManager _userManager; From 8a827ba995f2998b138d6df07dadbeceec83ea94 Mon Sep 17 00:00:00 2001 From: Niels van Velzen Date: Fri, 18 Mar 2022 22:21:08 +0100 Subject: [PATCH 3/3] Update tests --- .../Controllers/DashboardControllerTests.cs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/DashboardControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/DashboardControllerTests.cs index 3396a94e59..0afb6f88da 100644 --- a/tests/Jellyfin.Server.Integration.Tests/Controllers/DashboardControllerTests.cs +++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/DashboardControllerTests.cs @@ -14,6 +14,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers { private readonly JellyfinApplicationFactory _factory; private readonly JsonSerializerOptions _jsonOpions = JsonDefaults.Options; + private static string? _accessToken; public DashboardControllerTests(JellyfinApplicationFactory factory) { @@ -57,6 +58,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers public async Task GetConfigurationPages_NoParams_AllConfigurationPages() { var client = _factory.CreateClient(); + client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false)); var response = await client.GetAsync("/web/ConfigurationPages").ConfigureAwait(false); @@ -71,6 +73,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers public async Task GetConfigurationPages_True_MainMenuConfigurationPages() { var client = _factory.CreateClient(); + client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false)); var response = await client.GetAsync("/web/ConfigurationPages?enableInMainMenu=true").ConfigureAwait(false);