Merge remote-tracking branch 'upstream/master' into deinterlace-improvements

author: Orry Verducci <orry@orryverducci.co.uk> 2020-08-10 22:17:13 +0100
committer: Orry Verducci <orry@orryverducci.co.uk> 2020-08-10 22:17:13 +0100
commit: 2d6699fd470ba1f0fcabac9df4d5184205e0e351 (patch)
tree: aa0f078df01baa798435ae25f3d5ee4945f7f501 /Emby.Server.Implementations/HttpServer/Security
parent: ce51775e7426ff4e037d593715395684ebf9b08a (diff)
parent: b82a3fee85298a1063069cae5ff4df3029e468b0 (diff)
2 files changed, 21 insertions, 26 deletions
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index c9f802a51..76c1d9bac 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -35,9 +35,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
             _networkManager = networkManager;
         }
 
-        public void Authenticate(IRequest request, IAuthenticationAttributes authAttribtues)
+        public void Authenticate(IRequest request, IAuthenticationAttributes authAttributes)
         {
-            ValidateUser(request, authAttribtues);
+            ValidateUser(request, authAttributes);
         }
 
         public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes)
@@ -63,17 +63,17 @@ namespace Emby.Server.Implementations.HttpServer.Security
             return auth;
         }
 
-        private User ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
+        private User ValidateUser(IRequest request, IAuthenticationAttributes authAttributes)
         {
             // This code is executed before the service
             var auth = _authorizationContext.GetAuthorizationInfo(request);
 
-            if (!IsExemptFromAuthenticationToken(authAttribtues, request))
+            if (!IsExemptFromAuthenticationToken(authAttributes, request))
             {
                 ValidateSecurityToken(request, auth.Token);
             }
 
-            if (authAttribtues.AllowLocalOnly && !request.IsLocal)
+            if (authAttributes.AllowLocalOnly && !request.IsLocal)
             {
                 throw new SecurityException("Operation not found.");
             }
@@ -87,14 +87,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
             if (user != null)
             {
-                ValidateUserAccess(user, request, authAttribtues, auth);
+                ValidateUserAccess(user, request, authAttributes);
             }
 
             var info = GetTokenInfo(request);
 
-            if (!IsExemptFromRoles(auth, authAttribtues, request, info))
+            if (!IsExemptFromRoles(auth, authAttributes, request, info))
             {
-                var roles = authAttribtues.GetRoles();
+                var roles = authAttributes.GetRoles();
 
                 ValidateRoles(roles, user);
             }
@@ -118,8 +118,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
         private void ValidateUserAccess(
             User user,
             IRequest request,
-            IAuthenticationAttributes authAttributes,
-            AuthorizationInfo auth)
+            IAuthenticationAttributes authAttributes)
         {
             if (user.HasPermission(PermissionKind.IsDisabled))
             {
@@ -158,6 +157,11 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 return true;
             }
 
+            if (authAttribtues.IgnoreLegacyAuth)
+            {
+                return true;
+            }
+
             return false;
         }
 
@@ -237,16 +241,6 @@ namespace Emby.Server.Implementations.HttpServer.Security
             {
                 throw new AuthenticationException("Access token is invalid or expired.");
             }
-
-            // if (!string.IsNullOrEmpty(info.UserId))
-            //{
-            //    var user = _userManager.GetUserById(info.UserId);
-
-            //    if (user == null || user.Configuration.IsDisabled)
-            //    {
-            //        throw new SecurityException("User account has been disabled.");
-            //    }
-            //}
         }
     }
 }
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
index 078ce0d8a..fb93fae3e 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
@@ -99,6 +99,12 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
             if (string.IsNullOrEmpty(token))
             {
+                token = queryString["ApiKey"];
+            }
+
+            // TODO deprecate this query parameter.
+            if (string.IsNullOrEmpty(token))
+            {
                 token = queryString["api_key"];
             }
 
@@ -276,12 +282,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
         private static string NormalizeValue(string value)
         {
-            if (string.IsNullOrEmpty(value))
-            {
-                return value;
-            }
-
-            return WebUtility.HtmlEncode(value);
+            return string.IsNullOrEmpty(value) ? value : WebUtility.HtmlEncode(value);
         }
     }
 }
author	Orry Verducci <orry@orryverducci.co.uk>	2020-08-10 22:17:13 +0100
committer	Orry Verducci <orry@orryverducci.co.uk>	2020-08-10 22:17:13 +0100
commit	2d6699fd470ba1f0fcabac9df4d5184205e0e351 (patch)
tree	aa0f078df01baa798435ae25f3d5ee4945f7f501 /Emby.Server.Implementations/HttpServer/Security
parent	ce51775e7426ff4e037d593715395684ebf9b08a (diff)
parent	b82a3fee85298a1063069cae5ff4df3029e468b0 (diff)