Backupppert/jellyfin
0
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2024-08-01 01:57:52 +02:00
Code Issues Projects Releases Packages Wiki Activity

Return correct status codes for authentication and authorization errors

Browse source 
- Use AuthenticatonException to return 401
- Use SecurityException to return 403
- Update existing throws to throw the correct exception for the circumstance
This commit is contained in:
Mark Monteiro 2020-04-13 13:17:46 -04:00
parent 6d35dd6b32
commit 53380689ad
4 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
View file

@ -14,6 +14,7 @@ using Emby.Server.Implementations.Services;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller; using MediaBrowser.Controller;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net;
using MediaBrowser.Model.Events; using MediaBrowser.Model.Events;
@ -230,7 +231,8 @@ namespace Emby.Server.Implementations.HttpServer
switch (ex) switch (ex)
{ {
case ArgumentException _: return 400; case ArgumentException _: return 400;
case SecurityException _: return 401; case AuthenticationException _: return 401;
case SecurityException _: return 403;
case DirectoryNotFoundException _: case DirectoryNotFoundException _:
case FileNotFoundException _: case FileNotFoundException _:
case ResourceNotFoundException _: return 404; case ResourceNotFoundException _: return 404;
@ -550,6 +552,7 @@ namespace Emby.Server.Implementations.HttpServer
|| ex is IOException || ex is IOException
|| ex is OperationCanceledException || ex is OperationCanceledException
|| ex is SecurityException || ex is SecurityException
|| ex is AuthenticationException
|| ex is FileNotFoundException; || ex is FileNotFoundException;
await ErrorHandler(ex, httpReq, !ignoreStackTrace, urlToLog).ConfigureAwait(false); await ErrorHandler(ex, httpReq, !ignoreStackTrace, urlToLog).ConfigureAwait(false);
} }

7
Emby.Server.Implementations/HttpServer/Security/AuthService.cs
View file

@ -2,6 +2,7 @@
using System; using System;
using System.Linq; using System.Linq;
using System.Security.Authentication;
using Emby.Server.Implementations.SocketSharp; using Emby.Server.Implementations.SocketSharp;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
@ -68,7 +69,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
if (user == null && auth.UserId != Guid.Empty) if (user == null && auth.UserId != Guid.Empty)
{ {
throw new SecurityException("User with Id " + auth.UserId + " not found"); throw new AuthenticationException("User with Id " + auth.UserId + " not found");
} }
if (user != null) if (user != null)
@ -212,14 +213,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
{ {
if (string.IsNullOrEmpty(token)) if (string.IsNullOrEmpty(token))
{ {
throw new SecurityException("Access token is required."); throw new AuthenticationException("Access token is required.");
} }
var info = GetTokenInfo(request); var info = GetTokenInfo(request);
if (info == null) if (info == null)
{ {
throw new SecurityException("Access token is invalid or expired."); throw new AuthenticationException("Access token is invalid or expired.");
} }
//if (!string.IsNullOrEmpty(info.UserId)) //if (!string.IsNullOrEmpty(info.UserId))

11
Emby.Server.Implementations/Library/UserManager.cs
View file

@ -20,6 +20,7 @@ using MediaBrowser.Controller.Drawing;
using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Persistence; using MediaBrowser.Controller.Persistence;
using MediaBrowser.Controller.Plugins; using MediaBrowser.Controller.Plugins;
using MediaBrowser.Controller.Providers; using MediaBrowser.Controller.Providers;
@ -324,21 +325,17 @@ namespace Emby.Server.Implementations.Library
if (user.Policy.IsDisabled) if (user.Policy.IsDisabled)
{ {
throw new AuthenticationException( throw new SecurityException($"The {user.Name} account is currently disabled. Please consult with your administrator.");
string.Format(
CultureInfo.InvariantCulture,
"The {0} account is currently disabled. Please consult with your administrator.",
user.Name));
} }
if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint)) if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
{ {
throw new AuthenticationException("Forbidden."); throw new SecurityException("Forbidden.");
} }
if (!user.IsParentalScheduleAllowed()) if (!user.IsParentalScheduleAllowed())
{ {
throw new AuthenticationException("User is not allowed access at this time."); throw new SecurityException("User is not allowed access at this time.");
} }
// Update LastActivityDate and LastLoginDate, then save // Update LastActivityDate and LastLoginDate, then save

2
Emby.Server.Implementations/Session/SessionManager.cs
View file

@ -1414,7 +1414,7 @@ namespace Emby.Server.Implementations.Session
if (user == null) if (user == null)
{ {
AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request)); AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
throw new SecurityException("Invalid username or password entered."); throw new AuthenticationException("Invalid username or password entered.");
} }
if (!string.IsNullOrEmpty(request.DeviceId) if (!string.IsNullOrEmpty(request.DeviceId)