aboutsummaryrefslogtreecommitdiff
path: root/Jellyfin.Api/Controllers
diff options
context:
space:
mode:
authorBond_009 <bond.009@outlook.com>2023-02-04 17:56:12 +0100
committerBond_009 <bond.009@outlook.com>2023-02-04 20:11:08 +0100
commit52230d1c30b76f34132c8c3ad21a09deea72d9d8 (patch)
treed42c6cbb0ba99e2d6b4414b4aee4d454c5699d9f /Jellyfin.Api/Controllers
parent6bf34f8e22c6f72bde15cbb4b500fc6c4f3273b3 (diff)
Return NotFound when itemId isn't found
Diffstat (limited to 'Jellyfin.Api/Controllers')
-rw-r--r--Jellyfin.Api/Controllers/ImageController.cs14
-rw-r--r--Jellyfin.Api/Controllers/ItemsController.cs5
-rw-r--r--Jellyfin.Api/Controllers/LibraryController.cs4
-rw-r--r--Jellyfin.Api/Controllers/LiveTvController.cs2
-rw-r--r--Jellyfin.Api/Controllers/MusicGenresController.cs5
-rw-r--r--Jellyfin.Api/Controllers/PlaystateController.cs20
-rw-r--r--Jellyfin.Api/Controllers/SessionController.cs4
-rw-r--r--Jellyfin.Api/Controllers/UserController.cs25
-rw-r--r--Jellyfin.Api/Controllers/UserLibraryController.cs41
-rw-r--r--Jellyfin.Api/Controllers/VideosController.cs7
10 files changed, 117 insertions, 10 deletions
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index cc824c65a..7261c47e9 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -99,12 +99,17 @@ public class ImageController : BaseJellyfinApiController
[FromRoute, Required] ImageType imageType,
[FromQuery] int? index = null)
{
+ var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
}
- var user = _userManager.GetUserById(userId);
var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
await using (memoryStream.ConfigureAwait(false))
{
@@ -148,12 +153,17 @@ public class ImageController : BaseJellyfinApiController
[FromRoute, Required] ImageType imageType,
[FromRoute] int index)
{
+ var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
if (!RequestHelpers.AssertCanUpdateUser(_userManager, HttpContext.User, userId, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
}
- var user = _userManager.GetUserById(userId);
var memoryStream = await GetMemoryStream(Request.Body).ConfigureAwait(false);
await using (memoryStream.ConfigureAwait(false))
{
diff --git a/Jellyfin.Api/Controllers/ItemsController.cs b/Jellyfin.Api/Controllers/ItemsController.cs
index 134974dbe..1bfc111af 100644
--- a/Jellyfin.Api/Controllers/ItemsController.cs
+++ b/Jellyfin.Api/Controllers/ItemsController.cs
@@ -815,6 +815,11 @@ public class ItemsController : BaseJellyfinApiController
[FromQuery] bool excludeActiveSessions = false)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
var parentIdGuid = parentId ?? Guid.Empty;
var dtoOptions = new DtoOptions { Fields = fields }
.AddClientFields(User)
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 830f84849..a311554b4 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -452,6 +452,10 @@ public class LibraryController : BaseJellyfinApiController
if (user is not null)
{
parent = TranslateParentItem(parent, user);
+ if (parent is null)
+ {
+ break;
+ }
}
baseItemDtos.Add(_dtoService.GetBaseItemDto(parent, dtoOptions, user));
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 21b424346..1aa1d8a10 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -1211,7 +1211,7 @@ public class LiveTvController : BaseJellyfinApiController
private async Task AssertUserCanManageLiveTv()
{
- var user = _userManager.GetUserById(User.GetUserId());
+ var user = _userManager.GetUserById(User.GetUserId()) ?? throw new ResourceNotFoundException();
var session = await _sessionManager.LogSessionActivity(
User.GetClient(),
User.GetVersion(),
diff --git a/Jellyfin.Api/Controllers/MusicGenresController.cs b/Jellyfin.Api/Controllers/MusicGenresController.cs
index 302f138eb..b08c8c447 100644
--- a/Jellyfin.Api/Controllers/MusicGenresController.cs
+++ b/Jellyfin.Api/Controllers/MusicGenresController.cs
@@ -158,6 +158,11 @@ public class MusicGenresController : BaseJellyfinApiController
item = _libraryManager.GetMusicGenre(genreName);
}
+ if (item is null)
+ {
+ return NotFound();
+ }
+
if (userId.HasValue && !userId.Value.Equals(default))
{
var user = _userManager.GetUserById(userId.Value);
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index 18d6ebf1e..ea8a59cfd 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -77,6 +77,11 @@ public class PlaystateController : BaseJellyfinApiController
[FromQuery, ModelBinder(typeof(LegacyDateTimeModelBinder))] DateTime? datePlayed)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
var item = _libraryManager.GetItemById(itemId);
@@ -89,6 +94,11 @@ public class PlaystateController : BaseJellyfinApiController
foreach (var additionalUserInfo in session.AdditionalUsers)
{
var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+ if (additionalUser is null)
+ {
+ return NotFound();
+ }
+
UpdatePlayedStatus(additionalUser, item, true, datePlayed);
}
@@ -109,6 +119,11 @@ public class PlaystateController : BaseJellyfinApiController
public async Task<ActionResult<UserItemDataDto>> MarkUnplayedItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
var session = await RequestHelpers.GetSession(_sessionManager, _userManager, HttpContext).ConfigureAwait(false);
var item = _libraryManager.GetItemById(itemId);
@@ -121,6 +136,11 @@ public class PlaystateController : BaseJellyfinApiController
foreach (var additionalUserInfo in session.AdditionalUsers)
{
var additionalUser = _userManager.GetUserById(additionalUserInfo.UserId);
+ if (additionalUser is null)
+ {
+ return NotFound();
+ }
+
UpdatePlayedStatus(additionalUser, item, false, null);
}
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index ef3364478..782fcadbb 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -75,6 +75,10 @@ public class SessionController : BaseJellyfinApiController
result = result.Where(i => i.SupportsRemoteControl);
var user = _userManager.GetUserById(controllableByUserId.Value);
+ if (user is null)
+ {
+ return NotFound();
+ }
if (!user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers))
{
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 7f184f31e..911e50132 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -147,6 +147,11 @@ public class UserController : BaseJellyfinApiController
public async Task<ActionResult> DeleteUser([FromRoute, Required] Guid userId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
await _sessionManager.RevokeUserTokens(user.Id, null).ConfigureAwait(false);
await _userManager.DeleteUserAsync(userId).ConfigureAwait(false);
return NoContent();
@@ -281,8 +286,8 @@ public class UserController : BaseJellyfinApiController
{
var success = await _userManager.AuthenticateUser(
user.Username,
- request.CurrentPw,
- request.CurrentPw,
+ request.CurrentPw ?? string.Empty,
+ request.CurrentPw ?? string.Empty,
HttpContext.GetNormalizedRemoteIp().ToString(),
false).ConfigureAwait(false);
@@ -292,7 +297,7 @@ public class UserController : BaseJellyfinApiController
}
}
- await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
+ await _userManager.ChangePassword(user, request.NewPw ?? string.Empty).ConfigureAwait(false);
var currentToken = User.GetToken();
@@ -338,7 +343,7 @@ public class UserController : BaseJellyfinApiController
}
else
{
- await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
+ await _userManager.ChangeEasyPassword(user, request.NewPw ?? string.Empty, request.NewPassword ?? string.Empty).ConfigureAwait(false);
}
return NoContent();
@@ -362,13 +367,17 @@ public class UserController : BaseJellyfinApiController
[FromRoute, Required] Guid userId,
[FromBody, Required] UserDto updateUser)
{
+ var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true))
{
return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
}
- var user = _userManager.GetUserById(userId);
-
if (!string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
{
await _userManager.RenameUser(user, updateUser.Name).ConfigureAwait(false);
@@ -398,6 +407,10 @@ public class UserController : BaseJellyfinApiController
[FromBody, Required] UserPolicy newPolicy)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
// If removing admin access
if (!newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator))
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 556cf3894..1e54a9781 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -79,10 +79,18 @@ public class UserLibraryController : BaseJellyfinApiController
public async Task<ActionResult<BaseItemDto>> GetItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
var item = itemId.Equals(default)
? _libraryManager.GetUserRootFolder()
: _libraryManager.GetItemById(itemId);
+ if (item is null)
+ {
+ return NotFound();
+ }
await RefreshItemOnDemandIfNeeded(item).ConfigureAwait(false);
@@ -102,6 +110,11 @@ public class UserLibraryController : BaseJellyfinApiController
public ActionResult<BaseItemDto> GetRootFolder([FromRoute, Required] Guid userId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
+
var item = _libraryManager.GetUserRootFolder();
var dtoOptions = new DtoOptions().AddClientFields(User);
return _dtoService.GetBaseItemDto(item, dtoOptions, user);
@@ -119,10 +132,18 @@ public class UserLibraryController : BaseJellyfinApiController
public async Task<ActionResult<QueryResult<BaseItemDto>>> GetIntros([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
var item = itemId.Equals(default)
? _libraryManager.GetUserRootFolder()
: _libraryManager.GetItemById(itemId);
+ if (item is null)
+ {
+ return NotFound();
+ }
var items = await _libraryManager.GetIntros(item, user).ConfigureAwait(false);
var dtoOptions = new DtoOptions().AddClientFields(User);
@@ -200,10 +221,18 @@ public class UserLibraryController : BaseJellyfinApiController
public ActionResult<IEnumerable<BaseItemDto>> GetLocalTrailers([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
var item = itemId.Equals(default)
? _libraryManager.GetUserRootFolder()
: _libraryManager.GetItemById(itemId);
+ if (item is null)
+ {
+ return NotFound();
+ }
var dtoOptions = new DtoOptions().AddClientFields(User);
@@ -230,10 +259,18 @@ public class UserLibraryController : BaseJellyfinApiController
public ActionResult<IEnumerable<BaseItemDto>> GetSpecialFeatures([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
var item = itemId.Equals(default)
? _libraryManager.GetUserRootFolder()
: _libraryManager.GetItemById(itemId);
+ if (item is null)
+ {
+ return NotFound();
+ }
var dtoOptions = new DtoOptions().AddClientFields(User);
@@ -275,6 +312,10 @@ public class UserLibraryController : BaseJellyfinApiController
[FromQuery] bool groupItems = true)
{
var user = _userManager.GetUserById(userId);
+ if (user is null)
+ {
+ return NotFound();
+ }
if (!isPlayed.HasValue)
{
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 01a319879..12aa47ead 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -155,7 +155,12 @@ public class VideosController : BaseJellyfinApiController
if (video.LinkedAlternateVersions.Length == 0)
{
- video = (Video)_libraryManager.GetItemById(video.PrimaryVersionId);
+ video = (Video?)_libraryManager.GetItemById(video.PrimaryVersionId);
+ }
+
+ if (video is null)
+ {
+ return NotFound();
}
foreach (var link in video.GetLinkedAlternateVersions())
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-06 13:31:32 +0000