Backupppert/jellyfin
0
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2024-07-22 05:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized and added test

Browse source
This commit is contained in:
BaronGreenback 2021-02-26 14:30:00 +00:00
parent 452af30511
commit 414e918c01
2 changed files with 28 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
View file

@ -263,26 +263,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
return null; return null;
} }
// Remove uptil the first space // Remove up until the first space
authorizationHeader = parts[1]; authorizationHeader = parts[1];
parts = GetParts(authorizationHeader); return GetParts(authorizationHeader);
var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
foreach (var item in parts)
{
var param = item.Trim().Split('=', 2);
var value = param[1].Trim('"');
result[param[0]] = NormalizeValue(value);
}
return result;
}
private static string NormalizeValue(string value)
{
return string.IsNullOrEmpty(value) ? value : WebUtility.UrlDecode(value);
} }
/// <summary> /// <summary>
@ -290,13 +273,15 @@ namespace Emby.Server.Implementations.HttpServer.Security
/// </summary> /// </summary>
/// <param name="authtorizationHeader">The authorization header.</param> /// <param name="authtorizationHeader">The authorization header.</param>
/// <returns>string</returns> /// <returns>string</returns>
public static string[] GetParts(string authtorizationHeader) public static Dictionary<string, string> GetParts(string authtorizationHeader)
{ {
var result = new List<string>(); var result = new Dictionary<string, string>();
var escapeChars = new[] { '"', ',' }; var escapeChars = new[] { '"', ',' };
var escaped = false; var escaped = false;
int start = 0; int start = 0;
int i = 0; int i = 0;
string key = string.Empty;
while (i < authtorizationHeader.Length) while (i < authtorizationHeader.Length)
{ {
var token = authtorizationHeader[i]; var token = authtorizationHeader[i];
@ -309,12 +294,18 @@ namespace Emby.Server.Implementations.HttpServer.Security
// Meeting a comma after a closing escape char means the value is complete // Meeting a comma after a closing escape char means the value is complete
if (start < i) if (start < i)
{ {
result.Add(WebUtility.UrlDecode(authtorizationHeader[start..(i)])); result[key] = WebUtility.UrlDecode(authtorizationHeader[start..i].Trim('"'));
key = string.Empty;
} }
start = i + 1; start = i + 1;
} }
} }
else if (!escaped && token == '=')
{
key = authtorizationHeader[start.. i];
start = i + 1;
}
i++; i++;
} }
@ -322,10 +313,10 @@ namespace Emby.Server.Implementations.HttpServer.Security
// Add last value // Add last value
if (start < i) if (start < i)
{ {
result.Add(WebUtility.UrlDecode(authtorizationHeader[start..(i)])); result[key] = WebUtility.UrlDecode(authtorizationHeader[start..i].Trim('"'));
} }
return result.ToArray(); return result;
} }
} }
} }

14
tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs
View file

@ -1,7 +1,8 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Threading.Tasks; using System.Threading.Tasks;
using AutoFixture; using AutoFixture;
using AutoFixture.AutoMoq; using AutoFixture.AutoMoq;
using Emby.Server.Implementations.HttpServer.Security;
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy; using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Configuration;
@ -49,5 +50,16 @@ namespace Jellyfin.Api.Tests.Auth.DefaultAuthorizationPolicy
await _sut.HandleAsync(context); await _sut.HandleAsync(context);
Assert.True(context.HasSucceeded); Assert.True(context.HasSucceeded);
} }
[Theory]
[InlineData("x=\"123,123\",y=\"123\"", "x", "123,123")]
[InlineData("x=\"ab\"", "x", "ab")]
[InlineData("param=Hörbücher", "param", "Hörbücher")]
[InlineData("param=%22%Hörbücher", "param", "\"%Hörbücher")]
public void TestAuthHeaders(string input, string key, string value)
{
var dict = AuthorizationContext.GetParts(input);
Assert.True(string.Equals(dict[key], value, System.StringComparison.Ordinal));
}
} }
} }