aboutsummaryrefslogtreecommitdiff
path: root/Emby.Server.Implementations/HttpServer/Security
diff options
context:
space:
mode:
Diffstat (limited to 'Emby.Server.Implementations/HttpServer/Security')
-rw-r--r--Emby.Server.Implementations/HttpServer/Security/AuthService.cs36
-rw-r--r--Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs15
-rw-r--r--Emby.Server.Implementations/HttpServer/Security/SessionContext.cs12
3 files changed, 35 insertions, 28 deletions
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 4d00c9b19..fadab4482 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -7,8 +7,8 @@ using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Security;
using MediaBrowser.Controller.Session;
using System;
-using System.Collections.Generic;
using System.Linq;
+using MediaBrowser.Model.Services;
namespace Emby.Server.Implementations.HttpServer.Security
{
@@ -38,19 +38,19 @@ namespace Emby.Server.Implementations.HttpServer.Security
/// </summary>
public string HtmlRedirect { get; set; }
- public void Authenticate(IServiceRequest request,
+ public void Authenticate(IRequest request,
IAuthenticationAttributes authAttribtues)
{
ValidateUser(request, authAttribtues);
}
- private void ValidateUser(IServiceRequest request,
+ private void ValidateUser(IRequest request,
IAuthenticationAttributes authAttribtues)
{
// This code is executed before the service
var auth = AuthorizationContext.GetAuthorizationInfo(request);
- if (!IsExemptFromAuthenticationToken(auth, authAttribtues))
+ if (!IsExemptFromAuthenticationToken(auth, authAttribtues, request))
{
var valid = IsValidConnectKey(auth.Token);
@@ -76,9 +76,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
var info = GetTokenInfo(request);
- if (!IsExemptFromRoles(auth, authAttribtues, info))
+ if (!IsExemptFromRoles(auth, authAttribtues, request, info))
{
- var roles = authAttribtues.GetRoles().ToList();
+ var roles = authAttribtues.GetRoles();
ValidateRoles(roles, user);
}
@@ -96,7 +96,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
}
}
- private void ValidateUserAccess(User user, IServiceRequest request,
+ private void ValidateUserAccess(User user, IRequest request,
IAuthenticationAttributes authAttribtues,
AuthorizationInfo auth)
{
@@ -112,7 +112,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
!authAttribtues.EscapeParentalControl &&
!user.IsParentalScheduleAllowed())
{
- request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");
+ request.Response.AddHeader("X-Application-Error-Code", "ParentalControl");
throw new SecurityException("This user account is not allowed access at this time.")
{
@@ -132,23 +132,33 @@ namespace Emby.Server.Implementations.HttpServer.Security
}
}
- private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
+ private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request)
{
if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
{
return true;
}
+ if (authAttribtues.AllowLocal && request.IsLocal)
+ {
+ return true;
+ }
+
return false;
}
- private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
+ private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, IRequest request, AuthenticationInfo tokenInfo)
{
if (!_config.Configuration.IsStartupWizardCompleted && authAttribtues.AllowBeforeStartupWizard)
{
return true;
}
+ if (authAttribtues.AllowLocal && request.IsLocal)
+ {
+ return true;
+ }
+
if (string.IsNullOrWhiteSpace(auth.Token))
{
return true;
@@ -162,7 +172,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
return false;
}
- private void ValidateRoles(List<string> roles, User user)
+ private void ValidateRoles(string[] roles, User user)
{
if (roles.Contains("admin", StringComparer.OrdinalIgnoreCase))
{
@@ -196,7 +206,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
}
}
- private AuthenticationInfo GetTokenInfo(IServiceRequest request)
+ private AuthenticationInfo GetTokenInfo(IRequest request)
{
object info;
request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
@@ -213,7 +223,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
return ConnectManager.IsAuthorizationTokenValid(token);
}
- private void ValidateSecurityToken(IServiceRequest request, string token)
+ private void ValidateSecurityToken(IRequest request, string token)
{
if (string.IsNullOrWhiteSpace(token))
{
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
index ede85fb67..c9d5ed007 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
@@ -3,8 +3,8 @@ using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Security;
using System;
using System.Collections.Generic;
-using System.Linq;
using MediaBrowser.Model.Services;
+using System.Linq;
namespace Emby.Server.Implementations.HttpServer.Security
{
@@ -21,11 +21,10 @@ namespace Emby.Server.Implementations.HttpServer.Security
public AuthorizationInfo GetAuthorizationInfo(object requestContext)
{
- var req = new ServiceRequest((IRequest)requestContext);
- return GetAuthorizationInfo(req);
+ return GetAuthorizationInfo((IRequest)requestContext);
}
- public AuthorizationInfo GetAuthorizationInfo(IServiceRequest requestContext)
+ public AuthorizationInfo GetAuthorizationInfo(IRequest requestContext)
{
object cached;
if (requestContext.Items.TryGetValue("AuthorizationInfo", out cached))
@@ -41,7 +40,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
/// </summary>
/// <param name="httpReq">The HTTP req.</param>
/// <returns>Dictionary{System.StringSystem.String}.</returns>
- private AuthorizationInfo GetAuthorization(IServiceRequest httpReq)
+ private AuthorizationInfo GetAuthorization(IRequest httpReq)
{
var auth = GetAuthorizationDictionary(httpReq);
@@ -90,7 +89,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
AccessToken = token
});
- var tokenInfo = result.Items.FirstOrDefault();
+ var tokenInfo = result.Items.Length > 0 ? result.Items[0] : null;
if (tokenInfo != null)
{
@@ -135,7 +134,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
/// </summary>
/// <param name="httpReq">The HTTP req.</param>
/// <returns>Dictionary{System.StringSystem.String}.</returns>
- private Dictionary<string, string> GetAuthorizationDictionary(IServiceRequest httpReq)
+ private Dictionary<string, string> GetAuthorizationDictionary(IRequest httpReq)
{
var auth = httpReq.Headers["X-Emby-Authorization"];
@@ -161,7 +160,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
// There should be at least to parts
if (parts.Length != 2) return null;
- var acceptedNames = new[] { "MediaBrowser", "Emby"};
+ var acceptedNames = new[] { "MediaBrowser", "Emby" };
// It has to be a digest request
if (!acceptedNames.Contains(parts[0] ?? string.Empty, StringComparer.OrdinalIgnoreCase))
diff --git a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
index 33dd4e2d7..dd5d64bf6 100644
--- a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
@@ -21,7 +21,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
_sessionManager = sessionManager;
}
- public Task<SessionInfo> GetSession(IServiceRequest requestContext)
+ public Task<SessionInfo> GetSession(IRequest requestContext)
{
var authorization = _authContext.GetAuthorizationInfo(requestContext);
@@ -38,7 +38,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.RemoteIp, user);
}
- private AuthenticationInfo GetTokenInfo(IServiceRequest request)
+ private AuthenticationInfo GetTokenInfo(IRequest request)
{
object info;
request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
@@ -47,11 +47,10 @@ namespace Emby.Server.Implementations.HttpServer.Security
public Task<SessionInfo> GetSession(object requestContext)
{
- var req = new ServiceRequest((IRequest)requestContext);
- return GetSession(req);
+ return GetSession((IRequest)requestContext);
}
- public async Task<User> GetUser(IServiceRequest requestContext)
+ public async Task<User> GetUser(IRequest requestContext)
{
var session = await GetSession(requestContext).ConfigureAwait(false);
@@ -60,8 +59,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
public Task<User> GetUser(object requestContext)
{
- var req = new ServiceRequest((IRequest)requestContext);
- return GetUser(req);
+ return GetUser((IRequest)requestContext);
}
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-07 15:32:20 +0000