fix empty user id check for api keys

2023-02-09 12:51:20 +01:00 · 2023-02-09 12:51:20 +01:00 · f4a7583c46
parent f984f31896
commit f4a7583c46
1 changed files with 3 additions and 2 deletions
--- a/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs
@ -38,9 +38,10 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
        /// <inheritdoc />
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, DefaultAuthorizationRequirement requirement)
        {
+            var isApiKey = context.User.GetIsApiKey();
            var userId = context.User.GetUserId();
            // This likely only happens during the wizard, so skip the default checks and let any other handlers do it
-            if (userId.Equals(default))
+            if (!isApiKey && userId.Equals(default))
            {
                return Task.CompletedTask;
            }
@ -56,7 +57,7 @@ namespace Jellyfin.Api.Auth.DefaultAuthorizationPolicy
            }

            // Admins can do everything
-            if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
+            if (isApiKey || context.User.IsInRole(UserRoles.Administrator))
            {
                context.Succeed(requirement);
                return Task.CompletedTask;