diff options
12 files changed, 47 insertions, 97 deletions
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs index 500bdc61e..fadab4482 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs @@ -8,6 +8,7 @@ using MediaBrowser.Controller.Security; using MediaBrowser.Controller.Session; using System; using System.Linq; +using MediaBrowser.Model.Services; namespace Emby.Server.Implementations.HttpServer.Security { @@ -37,19 +38,19 @@ namespace Emby.Server.Implementations.HttpServer.Security /// </summary> public string HtmlRedirect { get; set; } - public void Authenticate(IServiceRequest request, + public void Authenticate(IRequest request, IAuthenticationAttributes authAttribtues) { ValidateUser(request, authAttribtues); } - private void ValidateUser(IServiceRequest request, + private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues) { // This code is executed before the service var auth = AuthorizationContext.GetAuthorizationInfo(request); - if (!IsExemptFromAuthenticationToken(auth, authAttribtues)) + if (!IsExemptFromAuthenticationToken(auth, authAttribtues, request)) { var valid = IsValidConnectKey(auth.Token); @@ -75,7 +76,7 @@ namespace Emby.Server.Implementations.HttpServer.Security var info = GetTokenInfo(request); - if (!IsExemptFromRoles(auth, authAttribtues, info)) + if (!IsExemptFromRoles(auth, authAttribtues, request, info)) { var roles = authAttribtues.GetRoles(); @@ -95,7 +96,7 @@ namespace Emby.Server.Implementations.HttpServer.Security } } - private void ValidateUserAccess(User user, IServiceRequest request, + private void ValidateUserAccess(User user, IRequest request, IAuthenticationAttributes authAttribtues, AuthorizationInfo auth) { @@ -111,7 +112,7 @@ namespace Emby.Server.Implementations.HttpServer.Security !authAttribtues.EscapeParentalControl && !user.IsParentalScheduleAllowed()) { - request.AddResponseHeader("X-Application-Error-Code", "ParentalControl"); + request.Response.AddHeader("X-Application-Error-Code", "ParentalControl"); throw new SecurityException("This user account is not allowed access at this time.") { @@ -131,23 +132,33 @@ namespace Emby.Server.Implementations.HttpServer.Security } } - private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues) + private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return true; } + if (authAttribtues.AllowLocal && request.IsLocal) + { + return true; + } + return false; } - private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo) + private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request, AuthenticationInfo tokenInfo) { if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard) { return true; } + if (authAttribtues.AllowLocal && request.IsLocal) + { + return true; + } + if (string.IsNullOrWhiteSpace(auth.Token)) { return true; @@ -195,7 +206,7 @@ namespace Emby.Server.Implementations.HttpServer.Security } } - private AuthenticationInfo GetTokenInfo(IServiceRequest request) + private AuthenticationInfo GetTokenInfo(IRequest request) { object info; request.Items.TryGetValue("OriginalAuthenticationInfo", out info); @@ -212,7 +223,7 @@ namespace Emby.Server.Implementations.HttpServer.Security return ConnectManager.IsAuthorizationTokenValid(token); } - private void ValidateSecurityToken(IServiceRequest request, string token) + private void ValidateSecurityToken(IRequest request, string token) { if (string.IsNullOrWhiteSpace(token)) { diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs index f40277778..c9d5ed007 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs @@ -21,11 +21,10 @@ namespace Emby.Server.Implementations.HttpServer.Security public AuthorizationInfo GetAuthorizationInfo(object requestContext) { - var req = new ServiceRequest((IRequest)requestContext); - return GetAuthorizationInfo(req); + return GetAuthorizationInfo((IRequest)requestContext); } - public AuthorizationInfo GetAuthorizationInfo(IServiceRequest requestContext) + public AuthorizationInfo GetAuthorizationInfo(IRequest requestContext) { object cached; if (requestContext.Items.TryGetValue("AuthorizationInfo", out cached)) @@ -41,7 +40,7 @@ namespace Emby.Server.Implementations.HttpServer.Security /// </summary> /// <param name="httpReq">The HTTP req.</param> /// <returns>Dictionary{System.StringSystem.String}.</returns> - private AuthorizationInfo GetAuthorization(IServiceRequest httpReq) + private AuthorizationInfo GetAuthorization(IRequest httpReq) { var auth = GetAuthorizationDictionary(httpReq); @@ -135,7 +134,7 @@ namespace Emby.Server.Implementations.HttpServer.Security /// </summary> /// <param name="httpReq">The HTTP req.</param> /// <returns>Dictionary{System.StringSystem.String}.</returns> - private Dictionary<string, string> GetAuthorizationDictionary(IServiceRequest httpReq) + private Dictionary<string, string> GetAuthorizationDictionary(IRequest httpReq) { var auth = httpReq.Headers["X-Emby-Authorization"]; diff --git a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs index 33dd4e2d7..dd5d64bf6 100644 --- a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs +++ b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs @@ -21,7 +21,7 @@ namespace Emby.Server.Implementations.HttpServer.Security _sessionManager = sessionManager; } - public Task<SessionInfo> GetSession(IServiceRequest requestContext) + public Task<SessionInfo> GetSession(IRequest requestContext) { var authorization = _authContext.GetAuthorizationInfo(requestContext); @@ -38,7 +38,7 @@ namespace Emby.Server.Implementations.HttpServer.Security return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.RemoteIp, user); } - private AuthenticationInfo GetTokenInfo(IServiceRequest request) + private AuthenticationInfo GetTokenInfo(IRequest request) { object info; request.Items.TryGetValue("OriginalAuthenticationInfo", out info); @@ -47,11 +47,10 @@ namespace Emby.Server.Implementations.HttpServer.Security public Task<SessionInfo> GetSession(object requestContext) { - var req = new ServiceRequest((IRequest)requestContext); - return GetSession(req); + return GetSession((IRequest)requestContext); } - public async Task<User> GetUser(IServiceRequest requestContext) + public async Task<User> GetUser(IRequest requestContext) { var session = await GetSession(requestContext).ConfigureAwait(false); @@ -60,8 +59,7 @@ namespace Emby.Server.Implementations.HttpServer.Security public Task<User> GetUser(object requestContext) { - var req = new ServiceRequest((IRequest)requestContext); - return GetUser(req); + return GetUser((IRequest)requestContext); } } } diff --git a/MediaBrowser.Api/System/SystemService.cs b/MediaBrowser.Api/System/SystemService.cs index edb9f063d..6df2db26c 100644 --- a/MediaBrowser.Api/System/SystemService.cs +++ b/MediaBrowser.Api/System/SystemService.cs @@ -43,7 +43,7 @@ namespace MediaBrowser.Api.System /// Class RestartApplication /// </summary> [Route("/System/Restart", "POST", Summary = "Restarts the application, if needed")] - [Authenticated(Roles = "Admin")] + [Authenticated(Roles = "Admin", AllowLocal = true)] public class RestartApplication { } @@ -52,10 +52,9 @@ namespace MediaBrowser.Api.System /// This is currently not authenticated because the uninstaller needs to be able to shutdown the server. /// </summary> [Route("/System/Shutdown", "POST", Summary = "Shuts down the application")] + [Authenticated(Roles = "Admin", AllowLocal = true)] public class ShutdownApplication { - // TODO: This is not currently authenticated due to uninstaller - // Improve later } [Route("/System/Logs", "GET", Summary = "Gets a list of available server log files")] @@ -126,7 +125,7 @@ namespace MediaBrowser.Api.System } catch (IOException) { - files = new FileSystemMetadata[]{}; + files = new FileSystemMetadata[] { }; } var result = files.Select(i => new LogFile diff --git a/MediaBrowser.Controller/MediaBrowser.Controller.csproj b/MediaBrowser.Controller/MediaBrowser.Controller.csproj index 26766f51a..5ef763b62 100644 --- a/MediaBrowser.Controller/MediaBrowser.Controller.csproj +++ b/MediaBrowser.Controller/MediaBrowser.Controller.csproj @@ -183,14 +183,12 @@ <Compile Include="Net\IHttpResultFactory.cs" /> <Compile Include="Net\IHttpServer.cs" /> <Compile Include="Net\IServerManager.cs" /> - <Compile Include="Net\IServiceRequest.cs" /> <Compile Include="Net\ISessionContext.cs" /> <Compile Include="Net\IWebSocket.cs" /> <Compile Include="Net\IWebSocketConnection.cs" /> <Compile Include="Net\IWebSocketListener.cs" /> <Compile Include="Net\LoggedAttribute.cs" /> <Compile Include="Net\SecurityException.cs" /> - <Compile Include="Net\ServiceRequest.cs" /> <Compile Include="Net\StaticResultOptions.cs" /> <Compile Include="Net\WebSocketConnectEventArgs.cs" /> <Compile Include="Net\WebSocketMessageInfo.cs" /> diff --git a/MediaBrowser.Controller/Net/AuthenticatedAttribute.cs b/MediaBrowser.Controller/Net/AuthenticatedAttribute.cs index 6ded3761f..ecbfaecea 100644 --- a/MediaBrowser.Controller/Net/AuthenticatedAttribute.cs +++ b/MediaBrowser.Controller/Net/AuthenticatedAttribute.cs @@ -25,6 +25,8 @@ namespace MediaBrowser.Controller.Net /// <value><c>true</c> if [allow before startup wizard]; otherwise, <c>false</c>.</value> public bool AllowBeforeStartupWizard { get; set; } + public bool AllowLocal { get; set; } + /// <summary> /// The request filter is executed before the service. /// </summary> @@ -33,9 +35,7 @@ namespace MediaBrowser.Controller.Net /// <param name="requestDto">The request DTO</param> public void RequestFilter(IRequest request, IResponse response, object requestDto) { - var serviceRequest = new ServiceRequest(request); - - AuthService.Authenticate(serviceRequest, this); + AuthService.Authenticate(request, this); } /// <summary> @@ -59,6 +59,7 @@ namespace MediaBrowser.Controller.Net { bool EscapeParentalControl { get; } bool AllowBeforeStartupWizard { get; } + bool AllowLocal { get; } string[] GetRoles(); } diff --git a/MediaBrowser.Controller/Net/IAuthService.cs b/MediaBrowser.Controller/Net/IAuthService.cs index dc298c8d9..361320250 100644 --- a/MediaBrowser.Controller/Net/IAuthService.cs +++ b/MediaBrowser.Controller/Net/IAuthService.cs @@ -1,9 +1,9 @@ - +using MediaBrowser.Model.Services; + namespace MediaBrowser.Controller.Net { public interface IAuthService { - void Authenticate(IServiceRequest request, - IAuthenticationAttributes authAttribtues); + void Authenticate(IRequest request, IAuthenticationAttributes authAttribtues); } } diff --git a/MediaBrowser.Controller/Net/IAuthorizationContext.cs b/MediaBrowser.Controller/Net/IAuthorizationContext.cs index bdaed6046..5a9d0aa30 100644 --- a/MediaBrowser.Controller/Net/IAuthorizationContext.cs +++ b/MediaBrowser.Controller/Net/IAuthorizationContext.cs @@ -1,4 +1,5 @@ - +using MediaBrowser.Model.Services; + namespace MediaBrowser.Controller.Net { public interface IAuthorizationContext @@ -15,6 +16,6 @@ namespace MediaBrowser.Controller.Net /// </summary> /// <param name="requestContext">The request context.</param> /// <returns>AuthorizationInfo.</returns> - AuthorizationInfo GetAuthorizationInfo(IServiceRequest requestContext); + AuthorizationInfo GetAuthorizationInfo(IRequest requestContext); } } diff --git a/MediaBrowser.Controller/Net/IServiceRequest.cs b/MediaBrowser.Controller/Net/IServiceRequest.cs deleted file mode 100644 index ebc7e8d65..000000000 --- a/MediaBrowser.Controller/Net/IServiceRequest.cs +++ /dev/null @@ -1,14 +0,0 @@ -using System.Collections.Generic; -using MediaBrowser.Model.Services; - -namespace MediaBrowser.Controller.Net -{ - public interface IServiceRequest - { - string RemoteIp { get; } - QueryParamCollection Headers { get; } - QueryParamCollection QueryString { get; } - IDictionary<string,object> Items { get; } - void AddResponseHeader(string name, string value); - } -} diff --git a/MediaBrowser.Controller/Net/ISessionContext.cs b/MediaBrowser.Controller/Net/ISessionContext.cs index 167e17867..213a66dac 100644 --- a/MediaBrowser.Controller/Net/ISessionContext.cs +++ b/MediaBrowser.Controller/Net/ISessionContext.cs @@ -1,6 +1,7 @@ using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Session; using System.Threading.Tasks; +using MediaBrowser.Model.Services; namespace MediaBrowser.Controller.Net { @@ -9,7 +10,7 @@ namespace MediaBrowser.Controller.Net Task<SessionInfo> GetSession(object requestContext); Task<User> GetUser(object requestContext); - Task<SessionInfo> GetSession(IServiceRequest requestContext); - Task<User> GetUser(IServiceRequest requestContext); + Task<SessionInfo> GetSession(IRequest requestContext); + Task<User> GetUser(IRequest requestContext); } } diff --git a/MediaBrowser.Controller/Net/LoggedAttribute.cs b/MediaBrowser.Controller/Net/LoggedAttribute.cs index 6a2a5e2e3..eb57392e2 100644 --- a/MediaBrowser.Controller/Net/LoggedAttribute.cs +++ b/MediaBrowser.Controller/Net/LoggedAttribute.cs @@ -30,10 +30,8 @@ namespace MediaBrowser.Controller.Net /// <param name="requestDto">The request DTO</param> public void Filter(IRequest request, IResponse response, object requestDto) { - var serviceRequest = new ServiceRequest(request); - //This code is executed before the service - var auth = AuthorizationContext.GetAuthorizationInfo(serviceRequest); + var auth = AuthorizationContext.GetAuthorizationInfo(request); if (auth != null) { diff --git a/MediaBrowser.Controller/Net/ServiceRequest.cs b/MediaBrowser.Controller/Net/ServiceRequest.cs deleted file mode 100644 index 1f72d0eb2..000000000 --- a/MediaBrowser.Controller/Net/ServiceRequest.cs +++ /dev/null @@ -1,42 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Collections.Specialized; -using MediaBrowser.Model.Services; - -namespace MediaBrowser.Controller.Net -{ - public class ServiceRequest : IServiceRequest - { - private readonly IRequest _request; - - public ServiceRequest(IRequest request) - { - _request = request; - } - - public string RemoteIp - { - get { return _request.RemoteIp; } - } - - public QueryParamCollection Headers - { - get { return _request.Headers; } - } - - public QueryParamCollection QueryString - { - get { return _request.QueryString; } - } - - public IDictionary<string, object> Items - { - get { return _request.Items; } - } - - public void AddResponseHeader(string name, string value) - { - _request.Response.AddHeader(name, value); - } - } -} |