Use proper IsApiKey flag

author: crobibero <cody@robibe.ro> 2020-10-28 08:40:11 -0600
committer: crobibero <cody@robibe.ro> 2020-10-28 08:40:11 -0600
commit: 981f000437467832d78b1eb36d9c449adb38e814 (patch)
tree: 0290d8203bd367476c55004912bc89572f43b176 /Jellyfin.Api/Auth
parent: d5c226b1c3b04fa824adbcdc3eb0cbe09815f643 (diff)
2 files changed, 10 insertions, 11 deletions
diff --git a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
index c4567d058..7d68aecf9 100644
--- a/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
+++ b/Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
@@ -1,5 +1,4 @@
-using System;
-using System.Security.Claims;
+using System.Security.Claims;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Extensions;
@@ -51,6 +50,13 @@ namespace Jellyfin.Api.Auth
             bool localAccessOnly = false,
             bool requiredDownloadPermission = false)
         {
+            // ApiKey is currently global admin, always allow.
+            var isApiKey = ClaimHelpers.GetIsApiKey(claimsPrincipal);
+            if (isApiKey)
+            {
+                return true;
+            }
+
             // Ensure claim has userId.
             var userId = ClaimHelpers.GetUserId(claimsPrincipal);
             if (!userId.HasValue)
@@ -58,12 +64,6 @@ namespace Jellyfin.Api.Auth
                 return false;
             }
 
-            // UserId of Guid.Empty means token is an apikey.
-            if (userId.Equals(Guid.Empty))
-            {
-                return true;
-            }
-
             // Ensure userId links to a valid user.
             var user = _userManager.GetUserById(userId.Value);
             if (user == null)
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index ec5d172a2..e8cc38907 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -1,4 +1,3 @@
-using System;
 using System.Globalization;
 using System.Security.Authentication;
 using System.Security.Claims;
@@ -45,8 +44,7 @@ namespace Jellyfin.Api.Auth
             {
                 var authorizationInfo = _authService.Authenticate(Request);
                 var role = UserRoles.User;
-                // UserId of Guid.Empty means token is an apikey.
-                if (authorizationInfo.UserId.Equals(Guid.Empty) || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
+                if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                 {
                     role = UserRoles.Administrator;
                 }
@@ -61,6 +59,7 @@ namespace Jellyfin.Api.Auth
                     new Claim(InternalClaimTypes.Client, authorizationInfo.Client),
                     new Claim(InternalClaimTypes.Version, authorizationInfo.Version),
                     new Claim(InternalClaimTypes.Token, authorizationInfo.Token),
+                    new Claim(InternalClaimTypes.IsApiKey, authorizationInfo.IsApiKey.ToString(CultureInfo.InvariantCulture))
                 };
 
                 var identity = new ClaimsIdentity(claims, Scheme.Name);
author	crobibero <cody@robibe.ro>	2020-10-28 08:40:11 -0600
committer	crobibero <cody@robibe.ro>	2020-10-28 08:40:11 -0600
commit	981f000437467832d78b1eb36d9c449adb38e814 (patch)
tree	0290d8203bd367476c55004912bc89572f43b176 /Jellyfin.Api/Auth
parent	d5c226b1c3b04fa824adbcdc3eb0cbe09815f643 (diff)