Merge branch 'master' into scoped-displaypreferences

author: Patrick Barron <18354464+barronpm@users.noreply.github.com> 2020-09-03 19:03:08 +0000
committer: Patrick Barron <barronpm@gmail.com> 2020-09-03 15:15:43 -0400
commit: d81430270732591a5a66c9656bf841f46bed6f49 (patch)
tree: c97b2b255d1d2d266939e28b41c12b1cc3bad08f /Jellyfin.Api/Controllers/UserController.cs
parent: 229a5d9e0bf99f9c6f741f654f1dbe0a7f975872 (diff)
parent: 53703566b5e1239bbab308031d94df34a4d168aa (diff)
1 files changed, 35 insertions, 1 deletions
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index d897f07b7..d67f82219 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -217,6 +217,40 @@ namespace Jellyfin.Api.Controllers
         }
 
         /// <summary>
+        /// Authenticates a user with quick connect.
+        /// </summary>
+        /// <param name="request">The <see cref="QuickConnectDto"/> request.</param>
+        /// <response code="200">User authenticated.</response>
+        /// <response code="400">Missing token.</response>
+        /// <returns>A <see cref="Task"/> containing an <see cref="AuthenticationRequest"/> with information about the new session.</returns>
+        [HttpPost("AuthenticateWithQuickConnect")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public async Task<ActionResult<AuthenticationResult>> AuthenticateWithQuickConnect([FromBody, Required] QuickConnectDto request)
+        {
+            var auth = _authContext.GetAuthorizationInfo(Request);
+
+            try
+            {
+                var authRequest = new AuthenticationRequest
+                {
+                    App = auth.Client,
+                    AppVersion = auth.Version,
+                    DeviceId = auth.DeviceId,
+                    DeviceName = auth.Device,
+                };
+
+                return await _sessionManager.AuthenticateQuickConnect(
+                    authRequest,
+                    request.Token).ConfigureAwait(false);
+            }
+            catch (SecurityException e)
+            {
+                // rethrow adding IP address to message
+                throw new SecurityException($"[{HttpContext.Connection.RemoteIpAddress}] {e.Message}", e);
+            }
+        }
+
+        /// <summary>
         /// Updates a user's password.
         /// </summary>
         /// <param name="userId">The user id.</param>
@@ -386,7 +420,7 @@ namespace Jellyfin.Api.Controllers
             var user = _userManager.GetUserById(userId);
 
             // If removing admin access
-            if (!(newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator)))
+            if (!newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator))
             {
                 if (_userManager.Users.Count(i => i.HasPermission(PermissionKind.IsAdministrator)) == 1)
                 {
author	Patrick Barron <18354464+barronpm@users.noreply.github.com>	2020-09-03 19:03:08 +0000
committer	Patrick Barron <barronpm@gmail.com>	2020-09-03 15:15:43 -0400
commit	d81430270732591a5a66c9656bf841f46bed6f49 (patch)
tree	c97b2b255d1d2d266939e28b41c12b1cc3bad08f /Jellyfin.Api/Controllers/UserController.cs
parent	229a5d9e0bf99f9c6f741f654f1dbe0a7f975872 (diff)
parent	53703566b5e1239bbab308031d94df34a4d168aa (diff)