mirror of
https://github.com/jellyfin/jellyfin.git
synced 2024-08-01 01:57:52 +02:00
Return correct status codes for authentication and authorization errors
- Use AuthenticatonException to return 401 - Use SecurityException to return 403 - Update existing throws to throw the correct exception for the circumstance
This commit is contained in:
parent
6d35dd6b32
commit
53380689ad
4 changed files with 13 additions and 12 deletions
|
@ -14,6 +14,7 @@ using Emby.Server.Implementations.Services;
|
||||||
using MediaBrowser.Common.Extensions;
|
using MediaBrowser.Common.Extensions;
|
||||||
using MediaBrowser.Common.Net;
|
using MediaBrowser.Common.Net;
|
||||||
using MediaBrowser.Controller;
|
using MediaBrowser.Controller;
|
||||||
|
using MediaBrowser.Controller.Authentication;
|
||||||
using MediaBrowser.Controller.Configuration;
|
using MediaBrowser.Controller.Configuration;
|
||||||
using MediaBrowser.Controller.Net;
|
using MediaBrowser.Controller.Net;
|
||||||
using MediaBrowser.Model.Events;
|
using MediaBrowser.Model.Events;
|
||||||
|
@ -230,7 +231,8 @@ namespace Emby.Server.Implementations.HttpServer
|
||||||
switch (ex)
|
switch (ex)
|
||||||
{
|
{
|
||||||
case ArgumentException _: return 400;
|
case ArgumentException _: return 400;
|
||||||
case SecurityException _: return 401;
|
case AuthenticationException _: return 401;
|
||||||
|
case SecurityException _: return 403;
|
||||||
case DirectoryNotFoundException _:
|
case DirectoryNotFoundException _:
|
||||||
case FileNotFoundException _:
|
case FileNotFoundException _:
|
||||||
case ResourceNotFoundException _: return 404;
|
case ResourceNotFoundException _: return 404;
|
||||||
|
@ -550,6 +552,7 @@ namespace Emby.Server.Implementations.HttpServer
|
||||||
|| ex is IOException
|
|| ex is IOException
|
||||||
|| ex is OperationCanceledException
|
|| ex is OperationCanceledException
|
||||||
|| ex is SecurityException
|
|| ex is SecurityException
|
||||||
|
|| ex is AuthenticationException
|
||||||
|| ex is FileNotFoundException;
|
|| ex is FileNotFoundException;
|
||||||
await ErrorHandler(ex, httpReq, !ignoreStackTrace, urlToLog).ConfigureAwait(false);
|
await ErrorHandler(ex, httpReq, !ignoreStackTrace, urlToLog).ConfigureAwait(false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Security.Authentication;
|
||||||
using Emby.Server.Implementations.SocketSharp;
|
using Emby.Server.Implementations.SocketSharp;
|
||||||
using MediaBrowser.Common.Net;
|
using MediaBrowser.Common.Net;
|
||||||
using MediaBrowser.Controller.Configuration;
|
using MediaBrowser.Controller.Configuration;
|
||||||
|
@ -68,7 +69,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||||
|
|
||||||
if (user == null && auth.UserId != Guid.Empty)
|
if (user == null && auth.UserId != Guid.Empty)
|
||||||
{
|
{
|
||||||
throw new SecurityException("User with Id " + auth.UserId + " not found");
|
throw new AuthenticationException("User with Id " + auth.UserId + " not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user != null)
|
if (user != null)
|
||||||
|
@ -212,14 +213,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
|
||||||
{
|
{
|
||||||
if (string.IsNullOrEmpty(token))
|
if (string.IsNullOrEmpty(token))
|
||||||
{
|
{
|
||||||
throw new SecurityException("Access token is required.");
|
throw new AuthenticationException("Access token is required.");
|
||||||
}
|
}
|
||||||
|
|
||||||
var info = GetTokenInfo(request);
|
var info = GetTokenInfo(request);
|
||||||
|
|
||||||
if (info == null)
|
if (info == null)
|
||||||
{
|
{
|
||||||
throw new SecurityException("Access token is invalid or expired.");
|
throw new AuthenticationException("Access token is invalid or expired.");
|
||||||
}
|
}
|
||||||
|
|
||||||
//if (!string.IsNullOrEmpty(info.UserId))
|
//if (!string.IsNullOrEmpty(info.UserId))
|
||||||
|
|
|
@ -20,6 +20,7 @@ using MediaBrowser.Controller.Drawing;
|
||||||
using MediaBrowser.Controller.Dto;
|
using MediaBrowser.Controller.Dto;
|
||||||
using MediaBrowser.Controller.Entities;
|
using MediaBrowser.Controller.Entities;
|
||||||
using MediaBrowser.Controller.Library;
|
using MediaBrowser.Controller.Library;
|
||||||
|
using MediaBrowser.Controller.Net;
|
||||||
using MediaBrowser.Controller.Persistence;
|
using MediaBrowser.Controller.Persistence;
|
||||||
using MediaBrowser.Controller.Plugins;
|
using MediaBrowser.Controller.Plugins;
|
||||||
using MediaBrowser.Controller.Providers;
|
using MediaBrowser.Controller.Providers;
|
||||||
|
@ -324,21 +325,17 @@ namespace Emby.Server.Implementations.Library
|
||||||
|
|
||||||
if (user.Policy.IsDisabled)
|
if (user.Policy.IsDisabled)
|
||||||
{
|
{
|
||||||
throw new AuthenticationException(
|
throw new SecurityException($"The {user.Name} account is currently disabled. Please consult with your administrator.");
|
||||||
string.Format(
|
|
||||||
CultureInfo.InvariantCulture,
|
|
||||||
"The {0} account is currently disabled. Please consult with your administrator.",
|
|
||||||
user.Name));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
|
if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
|
||||||
{
|
{
|
||||||
throw new AuthenticationException("Forbidden.");
|
throw new SecurityException("Forbidden.");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!user.IsParentalScheduleAllowed())
|
if (!user.IsParentalScheduleAllowed())
|
||||||
{
|
{
|
||||||
throw new AuthenticationException("User is not allowed access at this time.");
|
throw new SecurityException("User is not allowed access at this time.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update LastActivityDate and LastLoginDate, then save
|
// Update LastActivityDate and LastLoginDate, then save
|
||||||
|
|
|
@ -1414,7 +1414,7 @@ namespace Emby.Server.Implementations.Session
|
||||||
if (user == null)
|
if (user == null)
|
||||||
{
|
{
|
||||||
AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
|
AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
|
||||||
throw new SecurityException("Invalid username or password entered.");
|
throw new AuthenticationException("Invalid username or password entered.");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!string.IsNullOrEmpty(request.DeviceId)
|
if (!string.IsNullOrEmpty(request.DeviceId)
|
||||||
|
|
Loading…
Reference in a new issue