jellyfin/Emby.Server.Implementations/HttpServer/Security/AuthService.cs

#pragma warning disable CS1591

using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class AuthService : IAuthService
    {
        private readonly IAuthorizationContext _authorizationContext;

        public AuthService(
            IAuthorizationContext authorizationContext)
        {
            _authorizationContext = authorizationContext;
        }

        public AuthorizationInfo Authenticate(HttpRequest request)
        {
            var auth = _authorizationContext.GetAuthorizationInfo(request);

            if (!auth.HasToken)
            {
                throw new AuthenticationException("Request does not contain a token.");
            }

            if (!auth.IsAuthenticated)
            {
                throw new SecurityException("Invalid token.");
            }

            if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
            {
                throw new SecurityException("User account has been disabled.");
            }

            return auth;
        }
    }
}
Fix more warnings 2019-11-01 18:38:54 +01:00			`#pragma warning disable CS1591`

Initial migration code 2020-05-13 04:10:35 +02:00			`using Jellyfin.Data.Enums;`
Remove OriginalAuthenticationInfo and add IsAuthenticated property 2020-11-08 16:10:33 +01:00			`using MediaBrowser.Controller.Authentication;`
run all ajax through apiclient 2014-07-02 07:16:59 +02:00			`using MediaBrowser.Controller.Net;`
Add authentication and remove versioning 2019-11-23 16:31:02 +01:00			`using Microsoft.AspNetCore.Http;`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 06:57:18 +02:00
move classes 2016-11-04 02:18:51 +01:00			`namespace Emby.Server.Implementations.HttpServer.Security`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 06:57:18 +02:00			`{`
			`public class AuthService : IAuthService`
			`{`
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`private readonly IAuthorizationContext _authorizationContext;`
completed auth database 2014-07-08 03:41:03 +02:00
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`public AuthService(`
Remove ServiceStack and related stuff 2020-09-02 12:22:14 +02:00			`IAuthorizationContext authorizationContext)`
run all ajax through apiclient 2014-07-02 07:16:59 +02:00			`{`
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`_authorizationContext = authorizationContext;`
Add authentication and remove versioning 2019-11-23 16:31:02 +01:00			`}`

Add more authorization handlers, actually authorize requests 2020-06-15 20:49:54 +02:00			`public AuthorizationInfo Authenticate(HttpRequest request)`
			`{`
			`var auth = _authorizationContext.GetAuthorizationInfo(request);`
Return NoResult only when request doesn't have a token. 2020-12-01 22:47:42 +01:00
			`if (!auth.HasToken)`
			`{`
			`throw new AuthenticationException("Request does not contain a token.");`
			`}`

Remove OriginalAuthenticationInfo and add IsAuthenticated property 2020-11-08 16:10:33 +01:00			`if (!auth.IsAuthenticated)`
Move SecurityException 2020-10-15 16:02:59 +02:00			`{`
Return NoResult only when request doesn't have a token. 2020-12-01 22:47:42 +01:00			`throw new SecurityException("Invalid token.");`
Move SecurityException 2020-10-15 16:02:59 +02:00			`}`

Allow apikey to authenticate as admin 2020-10-15 01:58:33 +02:00			`if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)`
Add more authorization handlers, actually authorize requests 2020-06-15 20:49:54 +02:00			`{`
			`throw new SecurityException("User account has been disabled.");`
			`}`

			`return auth;`
			`}`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 06:57:18 +02:00			`}`
			`}`