diff options
| -rw-r--r-- | Emby.Server.Implementations/HttpServer/Security/AuthService.cs | 5 | ||||
| -rw-r--r-- | Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs index 50c5b5b79..7d53e886f 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs @@ -19,6 +19,11 @@ namespace Emby.Server.Implementations.HttpServer.Security public AuthorizationInfo Authenticate(HttpRequest request) { var auth = _authorizationContext.GetAuthorizationInfo(request); + if (auth == null) + { + throw new SecurityException("Unauthenticated request."); + } + if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false) { throw new SecurityException("User account has been disabled."); diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs index c7666452c..1f647b78b 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs @@ -114,7 +114,7 @@ namespace Emby.Server.Implementations.HttpServer.Security if (string.IsNullOrWhiteSpace(token)) { // Request doesn't contain a token. - throw new SecurityException("Unauthorized."); + return (null, null); } var result = _authRepo.Get(new AuthenticationInfoQuery |