Allow apikey to authenticate as admin

author: crobibero <cody@robibe.ro> 2020-10-14 17:58:33 -0600
committer: crobibero <cody@robibe.ro> 2020-10-14 17:58:33 -0600
commit: 39924f99927ae85b85095cfe9c2d7fb4ece7e75a (patch)
tree: b6727c2049d711d4c720c9208db4a02bc758e8bd /Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
parent: 8ffa14e6d3436cd6533bf43241c356f803b06845 (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index 733c6959e..ec5d172a2 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Globalization;
 using System.Security.Authentication;
 using System.Security.Claims;
@@ -43,18 +44,17 @@ namespace Jellyfin.Api.Auth
             try
             {
                 var authorizationInfo = _authService.Authenticate(Request);
-                if (authorizationInfo == null)
+                var role = UserRoles.User;
+                // UserId of Guid.Empty means token is an apikey.
+                if (authorizationInfo.UserId.Equals(Guid.Empty) || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                 {
-                    return Task.FromResult(AuthenticateResult.NoResult());
-                    // TODO return when legacy API is removed.
-                    // Don't spam the log with "Invalid User"
-                    // return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
+                    role = UserRoles.Administrator;
                 }
 
                 var claims = new[]
                 {
-                    new Claim(ClaimTypes.Name, authorizationInfo.User.Username),
-                    new Claim(ClaimTypes.Role, authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator) ? UserRoles.Administrator : UserRoles.User),
+                    new Claim(ClaimTypes.Name, authorizationInfo.User?.Username ?? string.Empty),
+                    new Claim(ClaimTypes.Role, role),
                     new Claim(InternalClaimTypes.UserId, authorizationInfo.UserId.ToString("N", CultureInfo.InvariantCulture)),
                     new Claim(InternalClaimTypes.DeviceId, authorizationInfo.DeviceId),
                     new Claim(InternalClaimTypes.Device, authorizationInfo.Device),
author	crobibero <cody@robibe.ro>	2020-10-14 17:58:33 -0600
committer	crobibero <cody@robibe.ro>	2020-10-14 17:58:33 -0600
commit	39924f99927ae85b85095cfe9c2d7fb4ece7e75a (patch)
tree	b6727c2049d711d4c720c9208db4a02bc758e8bd /Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
parent	8ffa14e6d3436cd6533bf43241c356f803b06845 (diff)