Merge pull request #4330 from crobibero/api-key-auth

Fix ApiKey authentication
author: Claus Vium <cvium@users.noreply.github.com> 2020-11-08 08:20:50 +0100
committer: GitHub <noreply@github.com> 2020-11-08 08:20:50 +0100
commit: c17f84ae484b9018953bfc2904819f30222b9c32 (patch)
tree: 405b770e78681b04eabb091f476c85c06635a17e /Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
parent: 1bd5f780250993b01e551699f54f703032a0d1dd (diff)
parent: 8b83e4e972243db618972e33705b959bf98ca9f4 (diff)
1 files changed, 6 insertions, 7 deletions
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index 733c6959e..e8cc38907 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -43,24 +43,23 @@ namespace Jellyfin.Api.Auth
             try
             {
                 var authorizationInfo = _authService.Authenticate(Request);
-                if (authorizationInfo == null)
+                var role = UserRoles.User;
+                if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                 {
-                    return Task.FromResult(AuthenticateResult.NoResult());
-                    // TODO return when legacy API is removed.
-                    // Don't spam the log with "Invalid User"
-                    // return Task.FromResult(AuthenticateResult.Fail("Invalid user"));
+                    role = UserRoles.Administrator;
                 }
 
                 var claims = new[]
                 {
-                    new Claim(ClaimTypes.Name, authorizationInfo.User.Username),
-                    new Claim(ClaimTypes.Role, authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator) ? UserRoles.Administrator : UserRoles.User),
+                    new Claim(ClaimTypes.Name, authorizationInfo.User?.Username ?? string.Empty),
+                    new Claim(ClaimTypes.Role, role),
                     new Claim(InternalClaimTypes.UserId, authorizationInfo.UserId.ToString("N", CultureInfo.InvariantCulture)),
                     new Claim(InternalClaimTypes.DeviceId, authorizationInfo.DeviceId),
                     new Claim(InternalClaimTypes.Device, authorizationInfo.Device),
                     new Claim(InternalClaimTypes.Client, authorizationInfo.Client),
                     new Claim(InternalClaimTypes.Version, authorizationInfo.Version),
                     new Claim(InternalClaimTypes.Token, authorizationInfo.Token),
+                    new Claim(InternalClaimTypes.IsApiKey, authorizationInfo.IsApiKey.ToString(CultureInfo.InvariantCulture))
                 };
 
                 var identity = new ClaimsIdentity(claims, Scheme.Name);
author	Claus Vium <cvium@users.noreply.github.com>	2020-11-08 08:20:50 +0100
committer	GitHub <noreply@github.com>	2020-11-08 08:20:50 +0100
commit	c17f84ae484b9018953bfc2904819f30222b9c32 (patch)
tree	405b770e78681b04eabb091f476c85c06635a17e /Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
parent	1bd5f780250993b01e551699f54f703032a0d1dd (diff)
parent	8b83e4e972243db618972e33705b959bf98ca9f4 (diff)