mirror of
https://github.com/jellyfin/jellyfin.git
synced 2024-07-01 19:33:28 +02:00
Merge pull request #11338 from crobibero/api-key-auth
Allow ApiKey to authorize against the FirstTimeSetupOrElevated policy
This commit is contained in:
commit
79087eadd3
|
@ -1,10 +1,6 @@
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Jellyfin.Api.Constants;
|
using Jellyfin.Api.Constants;
|
||||||
using Jellyfin.Api.Extensions;
|
|
||||||
using Jellyfin.Extensions;
|
|
||||||
using MediaBrowser.Common.Configuration;
|
using MediaBrowser.Common.Configuration;
|
||||||
using MediaBrowser.Common.Extensions;
|
|
||||||
using MediaBrowser.Controller.Library;
|
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
|
namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
|
||||||
|
@ -15,19 +11,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
|
||||||
public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
|
public class FirstTimeSetupHandler : AuthorizationHandler<FirstTimeSetupRequirement>
|
||||||
{
|
{
|
||||||
private readonly IConfigurationManager _configurationManager;
|
private readonly IConfigurationManager _configurationManager;
|
||||||
private readonly IUserManager _userManager;
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
|
/// Initializes a new instance of the <see cref="FirstTimeSetupHandler" /> class.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
|
/// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
|
||||||
/// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
|
public FirstTimeSetupHandler(IConfigurationManager configurationManager)
|
||||||
public FirstTimeSetupHandler(
|
|
||||||
IConfigurationManager configurationManager,
|
|
||||||
IUserManager userManager)
|
|
||||||
{
|
{
|
||||||
_configurationManager = configurationManager;
|
_configurationManager = configurationManager;
|
||||||
_userManager = userManager;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
|
@ -36,37 +27,14 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
|
||||||
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
|
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
|
||||||
{
|
{
|
||||||
context.Succeed(requirement);
|
context.Succeed(requirement);
|
||||||
return Task.CompletedTask;
|
|
||||||
}
|
}
|
||||||
|
else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
|
||||||
var contextUser = context.User;
|
|
||||||
if (requirement.RequireAdmin && !contextUser.IsInRole(UserRoles.Administrator))
|
|
||||||
{
|
{
|
||||||
context.Fail();
|
context.Fail();
|
||||||
return Task.CompletedTask;
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
var userId = contextUser.GetUserId();
|
|
||||||
if (userId.IsEmpty())
|
|
||||||
{
|
|
||||||
context.Fail();
|
|
||||||
return Task.CompletedTask;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!requirement.ValidateParentalSchedule)
|
|
||||||
{
|
|
||||||
context.Succeed(requirement);
|
|
||||||
return Task.CompletedTask;
|
|
||||||
}
|
|
||||||
|
|
||||||
var user = _userManager.GetUserById(userId);
|
|
||||||
if (user is null)
|
|
||||||
{
|
|
||||||
throw new ResourceNotFoundException();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (user.IsParentalScheduleAllowed())
|
|
||||||
{
|
{
|
||||||
|
// Any user-specific checks are handled in the DefaultAuthorizationHandler.
|
||||||
context.Succeed(requirement);
|
context.Succeed(requirement);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.Security.Claims;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using AutoFixture;
|
using AutoFixture;
|
||||||
using AutoFixture.AutoMoq;
|
using AutoFixture.AutoMoq;
|
||||||
|
@ -67,5 +68,16 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
||||||
await _firstTimeSetupHandler.HandleAsync(context);
|
await _firstTimeSetupHandler.HandleAsync(context);
|
||||||
Assert.Equal(shouldSucceed, context.HasSucceeded);
|
Assert.Equal(shouldSucceed, context.HasSucceeded);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task ShouldAllowAdminApiKeyIfStartupWizardComplete()
|
||||||
|
{
|
||||||
|
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
||||||
|
var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(ClaimTypes.Role, UserRoles.Administrator)]));
|
||||||
|
var context = new AuthorizationHandlerContext(_requirements, claims, null);
|
||||||
|
|
||||||
|
await _firstTimeSetupHandler.HandleAsync(context);
|
||||||
|
Assert.True(context.HasSucceeded);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue