From 6f2c165cc3d0000bda5722200971dd619833c349 Mon Sep 17 00:00:00 2001 From: Bond_009 Date: Wed, 4 Oct 2023 16:06:26 +0200 Subject: [PATCH 1/3] Use Authorization header in integration tests instead of X-Emby-Authorization And ensure the response has a successful status code --- .../Jellyfin.Server.Integration.Tests/AuthHelper.cs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs index 3dc62afaf8..5ddbd30d1e 100644 --- a/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs +++ b/tests/Jellyfin.Server.Integration.Tests/AuthHelper.cs @@ -15,8 +15,8 @@ namespace Jellyfin.Server.Integration.Tests { public static class AuthHelper { - public const string AuthHeaderName = "X-Emby-Authorization"; - public const string DummyAuthHeader = "MediaBrowser Client=\"Jellyfin.Server Integration Tests\", DeviceId=\"69420\", Device=\"Apple II\", Version=\"10.8.0\""; + public const string AuthHeaderName = "Authorization"; + public const string DummyAuthHeader = "MediaBrowser Client=\"Jellyfin.Server%20Integration%20Tests\", DeviceId=\"69420\", Device=\"Apple%20II\", Version=\"10.8.0\""; public static async Task CompleteStartupAsync(HttpClient client) { @@ -27,16 +27,19 @@ namespace Jellyfin.Server.Integration.Tests using var completeResponse = await client.PostAsync("/Startup/Complete", new ByteArrayContent(Array.Empty())); Assert.Equal(HttpStatusCode.NoContent, completeResponse.StatusCode); - using var content = JsonContent.Create( + using var httpRequest = new HttpRequestMessage(HttpMethod.Post, "/Users/AuthenticateByName"); + httpRequest.Headers.TryAddWithoutValidation(AuthHeaderName, DummyAuthHeader); + httpRequest.Content = JsonContent.Create( new AuthenticateUserByName() { Username = user!.Name, Pw = user.Password, }, options: jsonOptions); - content.Headers.Add("X-Emby-Authorization", DummyAuthHeader); - using var authResponse = await client.PostAsync("/Users/AuthenticateByName", content); + using var authResponse = await client.SendAsync(httpRequest); + authResponse.EnsureSuccessStatusCode(); + var auth = await JsonSerializer.DeserializeAsync( await authResponse.Content.ReadAsStreamAsync(), jsonOptions); From 76c64516a78ca583c13739cedd63dd2b2cc5e05e Mon Sep 17 00:00:00 2001 From: Bond_009 Date: Wed, 4 Oct 2023 16:18:14 +0200 Subject: [PATCH 2/3] Simplify some stuff in AuthorizationContext --- .../Security/AuthorizationContext.cs | 30 ++++--------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs index 700e639700..f415d01115 100644 --- a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs +++ b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs @@ -49,14 +49,13 @@ namespace Jellyfin.Server.Implementations.Security /// /// Gets the authorization. /// - /// The HTTP req. + /// The HTTP req. /// Dictionary{System.StringSystem.String}. - private async Task GetAuthorization(HttpContext httpReq) + private async Task GetAuthorization(HttpContext httpContext) { - var auth = GetAuthorizationDictionary(httpReq); - var authInfo = await GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query).ConfigureAwait(false); + var authInfo = await GetAuthorizationInfo(httpContext.Request).ConfigureAwait(false); - httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo; + httpContext.Request.HttpContext.Items["AuthorizationInfo"] = authInfo; return authInfo; } @@ -80,7 +79,6 @@ namespace Jellyfin.Server.Implementations.Security auth.TryGetValue("Token", out token); } -#pragma warning disable CA1508 // string.IsNullOrEmpty(token) is always false. if (string.IsNullOrEmpty(token)) { token = headers["X-Emby-Token"]; @@ -118,7 +116,6 @@ namespace Jellyfin.Server.Implementations.Security // Request doesn't contain a token. return authInfo; } -#pragma warning restore CA1508 authInfo.HasToken = true; var dbContext = await _jellyfinDbProvider.CreateDbContextAsync().ConfigureAwait(false); @@ -219,24 +216,7 @@ namespace Jellyfin.Server.Implementations.Security /// /// Gets the auth. /// - /// The HTTP req. - /// Dictionary{System.StringSystem.String}. - private static Dictionary? GetAuthorizationDictionary(HttpContext httpReq) - { - var auth = httpReq.Request.Headers["X-Emby-Authorization"]; - - if (string.IsNullOrEmpty(auth)) - { - auth = httpReq.Request.Headers[HeaderNames.Authorization]; - } - - return auth.Count > 0 ? GetAuthorization(auth[0]) : null; - } - - /// - /// Gets the auth. - /// - /// The HTTP req. + /// The HTTP request. /// Dictionary{System.StringSystem.String}. private static Dictionary? GetAuthorizationDictionary(HttpRequest httpReq) { From b87765bacec36aba3ee37ebc034458f36c637ffe Mon Sep 17 00:00:00 2001 From: Bond-009 Date: Thu, 5 Oct 2023 18:21:43 +0200 Subject: [PATCH 3/3] Update Jellyfin.Server.Implementations/Security/AuthorizationContext.cs Co-authored-by: Patrick Barron --- .../Security/AuthorizationContext.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs index f415d01115..77f8f7071b 100644 --- a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs +++ b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs @@ -49,7 +49,7 @@ namespace Jellyfin.Server.Implementations.Security /// /// Gets the authorization. /// - /// The HTTP req. + /// The HTTP context. /// Dictionary{System.StringSystem.String}. private async Task GetAuthorization(HttpContext httpContext) {