jellyfin/Emby.Server.Implementations/Security/PluginSecurityManager.cs

using System;
using System.IO;
using System.Threading;
using System.Threading.Tasks;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using MediaBrowser.Common.Security;
using MediaBrowser.Controller;
using MediaBrowser.Model.Cryptography;
using MediaBrowser.Model.Entities;
using MediaBrowser.Model.IO;
using MediaBrowser.Model.Net;
using MediaBrowser.Model.Serialization;
using Microsoft.Extensions.Logging;

namespace Emby.Server.Implementations.Security
{
    /// <summary>
    /// Class PluginSecurityManager
    /// </summary>
    public class PluginSecurityManager : ISecurityManager
    {
        private const string MBValidateUrl = "https://mb3admin.local/admin/service/registration/validate";
        private const string AppstoreRegUrl = /*MbAdmin.HttpsUrl*/ "https://mb3admin.local/admin/service/appstore/register";

        public async Task<bool> IsSupporter()
        {
            var result = await GetRegistrationStatusInternal("MBSupporter", false, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);

            return result.IsRegistered;
        }

        private MBLicenseFile _licenseFile;
        private MBLicenseFile LicenseFile => _licenseFile ?? (_licenseFile = new MBLicenseFile(_appPaths, _fileSystem, _cryptographyProvider));

        private readonly IHttpClient _httpClient;
        private readonly IJsonSerializer _jsonSerializer;
        private readonly IServerApplicationHost _appHost;
        private readonly ILogger _logger;
        private readonly IApplicationPaths _appPaths;
        private readonly IFileSystem _fileSystem;
        private readonly ICryptoProvider _cryptographyProvider;

        /// <summary>
        /// Initializes a new instance of the <see cref="PluginSecurityManager" /> class.
        /// </summary>
        public PluginSecurityManager(IServerApplicationHost appHost, IHttpClient httpClient, IJsonSerializer jsonSerializer,
            IApplicationPaths appPaths, ILoggerFactory loggerFactory, IFileSystem fileSystem, ICryptoProvider cryptographyProvider)
        {
            if (httpClient == null)
            {
                throw new ArgumentNullException(nameof(httpClient));
            }

            _appHost = appHost;
            _httpClient = httpClient;
            _jsonSerializer = jsonSerializer;
            _appPaths = appPaths;
            _fileSystem = fileSystem;
            _cryptographyProvider = cryptographyProvider;
            _logger = loggerFactory.CreateLogger("SecurityManager");
        }

        /// <summary>
        /// Gets the registration status.
        /// This overload supports existing plug-ins.
        /// </summary>
        public Task<MBRegistrationRecord> GetRegistrationStatus(string feature)
        {
            return GetRegistrationStatusInternal(feature, false, null, CancellationToken.None);
        }

        /// <summary>
        /// Gets or sets the supporter key.
        /// </summary>
        /// <value>The supporter key.</value>
        public string SupporterKey
        {
            get => LicenseFile.RegKey;
            set => throw new Exception("Please call UpdateSupporterKey");
        }

        public async Task UpdateSupporterKey(string newValue)
        {
            if (newValue != null)
            {
                newValue = newValue.Trim();
            }

            if (!string.Equals(newValue, LicenseFile.RegKey, StringComparison.Ordinal))
            {
                LicenseFile.RegKey = newValue;
                LicenseFile.Save();

                // Reset this
                await GetRegistrationStatusInternal("MBSupporter", true, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);
            }
        }

        /// <summary>
        /// Register an app store sale with our back-end.  It will validate the transaction with the store
        /// and then register the proper feature and then fill in the supporter key on success.
        /// </summary>
        /// <param name="parameters">Json parameters to send to admin server</param>
        public async Task RegisterAppStoreSale(string parameters)
        {
            var options = new HttpRequestOptions()
            {
                Url = AppstoreRegUrl,
                CancellationToken = CancellationToken.None,
                BufferContent = false
            };
            options.RequestHeaders.Add("X-Emby-Token", _appHost.SystemId);
            options.RequestContent = parameters;
            options.RequestContentType = "application/json";

            try
            {
                using (var response = await _httpClient.Post(options).ConfigureAwait(false))
                {
                    var reg = await _jsonSerializer.DeserializeFromStreamAsync<RegRecord>(response.Content).ConfigureAwait(false);

                    if (reg == null)
                    {
                        var msg = "Result from appstore registration was null.";
                        _logger.LogError(msg);
                        throw new ArgumentException(msg);
                    }
                    if (!string.IsNullOrEmpty(reg.key))
                    {
                        await UpdateSupporterKey(reg.key).ConfigureAwait(false);
                    }
                }

            }
            catch (ArgumentException)
            {
                SaveAppStoreInfo(parameters);
                throw;
            }
            catch (HttpException ex)
            {
                _logger.LogError(ex, "Error registering appstore purchase {parameters}", parameters ?? "NO PARMS SENT");

                throw new Exception("Error registering store sale");
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "Error registering appstore purchase {parameters}", parameters ?? "NO PARMS SENT");
                SaveAppStoreInfo(parameters);
                //TODO - could create a re-try routine on start-up if this file is there.  For now we can handle manually.
                throw new Exception("Error registering store sale");
            }

        }

        private void SaveAppStoreInfo(string info)
        {
            // Save all transaction information to a file

            try
            {
                _fileSystem.WriteAllText(Path.Combine(_appPaths.ProgramDataPath, "apptrans-error.txt"), info);
            }
            catch (IOException)
            {

            }
        }

        private SemaphoreSlim _regCheckLock = new SemaphoreSlim(1, 1);

        private async Task<MBRegistrationRecord> GetRegistrationStatusInternal(string feature, bool forceCallToServer, string version, CancellationToken cancellationToken)
        {
            await _regCheckLock.WaitAsync(cancellationToken).ConfigureAwait(false);

            try
            {
                var record = new MBRegistrationRecord
                {
                    IsRegistered = true,
                    RegChecked = true,
                    TrialVersion = false,
                    IsValid = true,
                    RegError = false
                };

                return record;
            }
            finally
            {
                _regCheckLock.Release();
            }
        }

        private bool IsInTrial(DateTime expirationDate, bool regChecked, bool isRegistered)
        {
            //don't set this until we've successfully obtained exp date
            if (!regChecked)
            {
                return false;
            }

            var isInTrial = expirationDate > DateTime.UtcNow;

            return isInTrial && !isRegistered;
        }
    }
}
Find+Sed BOM removal *.cs: BDInfo-Emby.XmlTv 2019-01-13 20:54:44 +01:00			`using System;`
move common dependencies 2016-10-29 07:40:15 +02:00			`using System.IO;`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`using System.Threading;`
			`using System.Threading.Tasks;`
move common dependencies 2016-10-29 07:40:15 +02:00			`using MediaBrowser.Common.Configuration;`
			`using MediaBrowser.Common.Net;`
			`using MediaBrowser.Common.Security;`
			`using MediaBrowser.Controller;`
move classes 2016-11-04 09:43:59 +01:00			`using MediaBrowser.Model.Cryptography;`
move common dependencies 2016-10-29 07:40:15 +02:00			`using MediaBrowser.Model.Entities;`
			`using MediaBrowser.Model.IO;`
update db queries 2015-10-29 14:28:05 +01:00			`using MediaBrowser.Model.Net;`
move common dependencies 2016-10-29 07:40:15 +02:00			`using MediaBrowser.Model.Serialization;`
Visual Studio Reformat: Emby.Server.Implementations Part S-S 2019-01-13 20:22:24 +01:00			`using Microsoft.Extensions.Logging;`
Pushing missing changes 2013-02-21 02:33:05 +01:00
move classes 2016-11-04 09:43:59 +01:00			`namespace Emby.Server.Implementations.Security`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`{`
isolated weather and moved drawing classes up to the controller project 2013-02-21 07:02:10 +01:00			`/// <summary>`
			`/// Class PluginSecurityManager`
			`/// </summary>`
Extract ISecurityManager interface 2013-02-26 23:13:58 +01:00			`public class PluginSecurityManager : ISecurityManager`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`{`
Replaced mb3admin.com phoning home with a stub mb3admin.local 2018-10-22 01:16:58 +02:00			`private const string MBValidateUrl = "https://mb3admin.local/admin/service/registration/validate";`
			`private const string AppstoreRegUrl = /MbAdmin.HttpsUrl/ "https://mb3admin.local/admin/service/appstore/register";`
localize plugin installation process 2014-08-31 21:15:33 +02:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`public async Task<bool> IsSupporter()`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`{`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`var result = await GetRegistrationStatusInternal("MBSupporter", false, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);`

			`return result.IsRegistered;`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`}`

localize plugin installation process 2014-08-31 21:15:33 +02:00			`private MBLicenseFile _licenseFile;`
Mayor code cleanup Add ArgumentExceptions now use proper nameof operators. Added exception messages to quite a few ArgumentExceptions. Fixed rethorwing to be proper syntax. Added a ton of null checkes. (This is only a start, there are about 500 places that need proper null handling) Added some TODOs to log certain exceptions. Fix sln again. Fixed all AssemblyInfo's and added proper copyright (where I could find them) We live in current year. Fixed the use of braces. Fixed a ton of properties, and made a fair amount of functions static that should be and can be static. Made more Methods that should be static static. You can now use static to find bad functions! Removed unused variable. And added one more proper XML comment. 2019-01-06 21:50:43 +01:00			`private MBLicenseFile LicenseFile => _licenseFile ?? (_licenseFile = new MBLicenseFile(_appPaths, _fileSystem, _cryptographyProvider));`
localize plugin installation process 2014-08-31 21:15:33 +02:00
remove and/or delay unnecessary startup work 2013-04-08 17:55:53 +02:00			`private readonly IHttpClient _httpClient;`
			`private readonly IJsonSerializer _jsonSerializer;`
move common dependencies 2016-10-29 07:40:15 +02:00			`private readonly IServerApplicationHost _appHost;`
removed dead code 2014-08-31 04:08:59 +02:00			`private readonly ILogger _logger;`
			`private readonly IApplicationPaths _appPaths;`
move common dependencies 2016-10-29 07:40:15 +02:00			`private readonly IFileSystem _fileSystem;`
update portable projects 2016-11-08 19:44:23 +01:00			`private readonly ICryptoProvider _cryptographyProvider;`
updated mb registration to use network manager 2013-09-13 22:45:12 +02:00
isolated weather and moved drawing classes up to the controller project 2013-02-21 07:02:10 +01:00			`/// <summary>`
			`/// Initializes a new instance of the <see cref="PluginSecurityManager" /> class.`
			`/// </summary>`
move common dependencies 2016-10-29 07:40:15 +02:00			`public PluginSecurityManager(IServerApplicationHost appHost, IHttpClient httpClient, IJsonSerializer jsonSerializer,`
Use Microsoft.Extensions.Logging abstraction 2018-12-13 14:18:25 +01:00			`IApplicationPaths appPaths, ILoggerFactory loggerFactory, IFileSystem fileSystem, ICryptoProvider cryptographyProvider)`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`{`
plugin security fixes and other abstractions 2013-02-26 04:43:04 +01:00			`if (httpClient == null)`
placeholder for plugin security fix 2013-02-23 23:44:42 +01:00			`{`
Mayor code cleanup Add ArgumentExceptions now use proper nameof operators. Added exception messages to quite a few ArgumentExceptions. Fixed rethorwing to be proper syntax. Added a ton of null checkes. (This is only a start, there are about 500 places that need proper null handling) Added some TODOs to log certain exceptions. Fix sln again. Fixed all AssemblyInfo's and added proper copyright (where I could find them) We live in current year. Fixed the use of braces. Fixed a ton of properties, and made a fair amount of functions static that should be and can be static. Made more Methods that should be static static. You can now use static to find bad functions! Removed unused variable. And added one more proper XML comment. 2019-01-06 21:50:43 +01:00			`throw new ArgumentNullException(nameof(httpClient));`
placeholder for plugin security fix 2013-02-23 23:44:42 +01:00			`}`
removed base kernel and ikernel 2013-03-07 06:34:00 +01:00
			`_appHost = appHost;`
plugin security fixes and other abstractions 2013-02-26 04:43:04 +01:00			`_httpClient = httpClient;`
			`_jsonSerializer = jsonSerializer;`
removed dead code 2014-08-31 04:08:59 +02:00			`_appPaths = appPaths;`
move common dependencies 2016-10-29 07:40:15 +02:00			`_fileSystem = fileSystem;`
move classes 2016-11-04 09:43:59 +01:00			`_cryptographyProvider = cryptographyProvider;`
Use Microsoft.Extensions.Logging abstraction 2018-12-13 14:18:25 +01:00			`_logger = loggerFactory.CreateLogger("SecurityManager");`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`}`

Add overload for existing plug-in support 2014-01-26 15:32:38 +01:00			`/// <summary>`
			`/// Gets the registration status.`
			`/// This overload supports existing plug-ins.`
			`/// </summary>`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`public Task<MBRegistrationRecord> GetRegistrationStatus(string feature)`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`{`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`return GetRegistrationStatusInternal(feature, false, null, CancellationToken.None);`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`}`

isolated weather and moved drawing classes up to the controller project 2013-02-21 07:02:10 +01:00			`/// <summary>`
			`/// Gets or sets the supporter key.`
			`/// </summary>`
			`/// <value>The supporter key.</value>`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`public string SupporterKey`
			`{`
Mayor code cleanup Add ArgumentExceptions now use proper nameof operators. Added exception messages to quite a few ArgumentExceptions. Fixed rethorwing to be proper syntax. Added a ton of null checkes. (This is only a start, there are about 500 places that need proper null handling) Added some TODOs to log certain exceptions. Fix sln again. Fixed all AssemblyInfo's and added proper copyright (where I could find them) We live in current year. Fixed the use of braces. Fixed a ton of properties, and made a fair amount of functions static that should be and can be static. Made more Methods that should be static static. You can now use static to find bad functions! Removed unused variable. And added one more proper XML comment. 2019-01-06 21:50:43 +01:00			`get => LicenseFile.RegKey;`
			`set => throw new Exception("Please call UpdateSupporterKey");`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`}`
update cards 2016-08-30 06:33:24 +02:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`public async Task UpdateSupporterKey(string newValue)`
			`{`
			`if (newValue != null)`
			`{`
			`newValue = newValue.Trim();`
			`}`
localize plugin installation process 2014-08-31 21:15:33 +02:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`if (!string.Equals(newValue, LicenseFile.RegKey, StringComparison.Ordinal))`
			`{`
			`LicenseFile.RegKey = newValue;`
			`LicenseFile.Save();`

			`// Reset this`
			`await GetRegistrationStatusInternal("MBSupporter", true, _appHost.ApplicationVersion.ToString(), CancellationToken.None).ConfigureAwait(false);`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`}`
			`}`

Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`/// <summary>`
			`/// Register an app store sale with our back-end. It will validate the transaction with the store`
			`/// and then register the proper feature and then fill in the supporter key on success.`
			`/// </summary>`
Re-work appstore registration to pass-thru parameters 2015-10-16 19:53:49 +02:00			`/// <param name="parameters">Json parameters to send to admin server</param>`
			`public async Task RegisterAppStoreSale(string parameters)`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`{`
			`var options = new HttpRequestOptions()`
			`{`
			`Url = AppstoreRegUrl,`
avoid buffering http responses 2016-10-06 20:55:01 +02:00			`CancellationToken = CancellationToken.None,`
			`BufferContent = false`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`};`
fix list avatars 2015-10-26 19:55:46 +01:00			`options.RequestHeaders.Add("X-Emby-Token", _appHost.SystemId);`
Re-work appstore registration to pass-thru parameters 2015-10-16 19:53:49 +02:00			`options.RequestContent = parameters;`
			`options.RequestContentType = "application/json";`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00
			`try`
			`{`
Re-work appstore registration to pass-thru parameters 2015-10-16 19:53:49 +02:00			`using (var response = await _httpClient.Post(options).ConfigureAwait(false))`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`{`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`var reg = await _jsonSerializer.DeserializeFromStreamAsync<RegRecord>(response.Content).ConfigureAwait(false);`
update mouse handler 2015-10-23 18:04:33 +02:00
			`if (reg == null)`
			`{`
update store exception 2015-10-23 19:58:03 +02:00			`var msg = "Result from appstore registration was null.";`
Use Microsoft.Extensions.Logging abstraction 2018-12-13 14:18:25 +01:00			`_logger.LogError(msg);`
move classes 2016-11-04 09:43:59 +01:00			`throw new ArgumentException(msg);`
update mouse handler 2015-10-23 18:04:33 +02:00			`}`
Mayor code cleanup Add ArgumentExceptions now use proper nameof operators. Added exception messages to quite a few ArgumentExceptions. Fixed rethorwing to be proper syntax. Added a ton of null checkes. (This is only a start, there are about 500 places that need proper null handling) Added some TODOs to log certain exceptions. Fix sln again. Fixed all AssemblyInfo's and added proper copyright (where I could find them) We live in current year. Fixed the use of braces. Fixed a ton of properties, and made a fair amount of functions static that should be and can be static. Made more Methods that should be static static. You can now use static to find bad functions! Removed unused variable. And added one more proper XML comment. 2019-01-06 21:50:43 +01:00			`if (!string.IsNullOrEmpty(reg.key))`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`{`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`await UpdateSupporterKey(reg.key).ConfigureAwait(false);`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`}`
			`}`

			`}`
move classes 2016-11-04 09:43:59 +01:00			`catch (ArgumentException)`
update store exception 2015-10-23 19:58:03 +02:00			`{`
			`SaveAppStoreInfo(parameters);`
			`throw;`
			`}`
Fix exception logging 2018-12-20 13:11:26 +01:00			`catch (HttpException ex)`
update image encoding 2015-10-28 20:40:38 +01:00			`{`
Fix exception logging 2018-12-20 13:11:26 +01:00			`_logger.LogError(ex, "Error registering appstore purchase {parameters}", parameters ?? "NO PARMS SENT");`
update db queries 2015-10-29 14:28:05 +01:00
move classes 2016-11-04 09:43:59 +01:00			`throw new Exception("Error registering store sale");`
update image encoding 2015-10-28 20:40:38 +01:00			`}`
Fix exception logging 2018-12-20 13:11:26 +01:00			`catch (Exception ex)`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`{`
Fix exception logging 2018-12-20 13:11:26 +01:00			`_logger.LogError(ex, "Error registering appstore purchase {parameters}", parameters ?? "NO PARMS SENT");`
update store exception 2015-10-23 19:58:03 +02:00			`SaveAppStoreInfo(parameters);`
Save transaction data on error 2015-10-20 22:37:22 +02:00			`//TODO - could create a re-try routine on start-up if this file is there. For now we can handle manually.`
move classes 2016-11-04 09:43:59 +01:00			`throw new Exception("Error registering store sale");`
Restore appstore registration end point 2015-10-16 16:29:02 +02:00			`}`

			`}`

update store exception 2015-10-23 19:58:03 +02:00			`private void SaveAppStoreInfo(string info)`
			`{`
			`// Save all transaction information to a file`

			`try`
			`{`
move common dependencies 2016-10-29 07:40:15 +02:00			`_fileSystem.WriteAllText(Path.Combine(_appPaths.ProgramDataPath, "apptrans-error.txt"), info);`
update store exception 2015-10-23 19:58:03 +02:00			`}`
			`catch (IOException)`
			`{`
add ie delay 2015-10-25 19:16:36 +01:00
update store exception 2015-10-23 19:58:03 +02:00			`}`
			`}`

Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`private SemaphoreSlim _regCheckLock = new SemaphoreSlim(1, 1);`
update translations 2016-12-01 19:23:47 +01:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`private async Task<MBRegistrationRecord> GetRegistrationStatusInternal(string feature, bool forceCallToServer, string version, CancellationToken cancellationToken)`
			`{`
			`await _regCheckLock.WaitAsync(cancellationToken).ConfigureAwait(false);`
update translations 2016-12-01 19:23:47 +01:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`try`
update translations 2016-12-01 19:23:47 +01:00			`{`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`var record = new MBRegistrationRecord`
			`{`
Add patches and debian build information for emby-server 2018-08-08 07:18:59 +02:00			`IsRegistered = true,`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`RegChecked = true,`
Add patches and debian build information for emby-server 2018-08-08 07:18:59 +02:00			`TrialVersion = false,`
			`IsValid = true,`
			`RegError = false`
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`};`
localize plugin installation process 2014-08-31 21:15:33 +02:00
Update to 3.5.2 and .net core 2.1 2018-09-12 19:26:21 +02:00			`return record;`
			`}`
			`finally`
			`{`
			`_regCheckLock.Release();`
			`}`
removed dead code 2014-08-31 04:08:59 +02:00			`}`
localize plugin installation process 2014-08-31 21:15:33 +02:00
			`private bool IsInTrial(DateTime expirationDate, bool regChecked, bool isRegistered)`
			`{`
			`//don't set this until we've successfully obtained exp date`
			`if (!regChecked)`
			`{`
			`return false;`
			`}`

			`var isInTrial = expirationDate > DateTime.UtcNow;`

Remove unused code... 2016-03-27 23:11:27 +02:00			`return isInTrial && !isRegistered;`
localize plugin installation process 2014-08-31 21:15:33 +02:00			`}`
Pushing missing changes 2013-02-21 02:33:05 +01:00			`}`
Add patches and debian build information for emby-server 2018-08-08 07:18:59 +02:00			`}`