5 files changed, 39 insertions, 6 deletions

diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index bb6192b03d..a753d60838 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -1,6 +1,7 @@
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using Jellyfin.Api.Enums;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
@@ -8,10 +9,21 @@ using Microsoft.Extensions.Options;
 
 namespace Jellyfin.Api.Auth
 {
+    /// <summary>
+    /// Custom authentication handler wrapping the legacy authentication.
+    /// </summary>
     public class CustomAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
     {
         private readonly IAuthService _authService;
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CustomAuthenticationHandler" /> class.
+        /// </summary>
+        /// <param name="authService">The jellyfin authentication service.</param>
+        /// <param name="options">Options monitor.</param>
+        /// <param name="logger">The logger.</param>
+        /// <param name="encoder">The url encoder.</param>
+        /// <param name="clock">The system clock.</param>
         public CustomAuthenticationHandler(
             IAuthService authService,
             IOptionsMonitor<AuthenticationSchemeOptions> options,
@@ -22,6 +34,7 @@ namespace Jellyfin.Api.Auth
             _authService = authService;
         }
 
+        /// <inheritdoc />
         protected override Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             var authenticatedAttribute = new AuthenticatedAttribute();
@@ -36,7 +49,9 @@ namespace Jellyfin.Api.Auth
                 var claims = new[]
                 {
                     new Claim(ClaimTypes.Name, user.Name),
-                    new Claim(ClaimTypes.Role, user.Policy.IsAdministrator ? "Administrator" : "User"),
+                    new Claim(
+                        ClaimTypes.Role,
+                        value: user.Policy.IsAdministrator ? UserRole.Administrator.ToString() : UserRole.User.ToString())
                 };
                 var identity = new ClaimsIdentity(claims, Scheme.Name);
                 var principal = new ClaimsPrincipal(identity);
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
index 73925cd616..f07e568dea 100644
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
+++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
@@ -1,27 +1,35 @@
 using System.Threading.Tasks;
+using Jellyfin.Api.Enums;
 using MediaBrowser.Common.Configuration;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
 {
+    /// <summary>
+    /// Authorization handler for requiring first time setup or elevated privileges.
+    /// </summary>
     public class FirstTimeSetupOrElevatedHandler : AuthorizationHandler<FirstTimeSetupOrElevatedRequirement>
     {
         private readonly IConfigurationManager _configurationManager;
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupOrElevatedHandler" /> class.
+        /// </summary>
+        /// <param name="configurationManager">The jellyfin configuration manager.</param>
         public FirstTimeSetupOrElevatedHandler(IConfigurationManager configurationManager)
         {
             _configurationManager = configurationManager;
         }
 
-        protected override  Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement firstTimeSetupOrElevatedRequirement)
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement firstTimeSetupOrElevatedRequirement)
         {
             if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
             {
                 context.Succeed(firstTimeSetupOrElevatedRequirement);
             }
-            else if (context.User.IsInRole("Administrator"))
+            else if (context.User.IsInRole(UserRole.Administrator.ToString()))
             {
-                // TODO user role enum
                 context.Succeed(firstTimeSetupOrElevatedRequirement);
             }
             else
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
index 42436c870d..a590155420 100644
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
+++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs
@@ -2,6 +2,9 @@ using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
 {
+    /// <summary>
+    /// The authorization requirement, requiring first time setup or elevated privileges, for the authorization handler.
+    /// </summary>
     public class FirstTimeSetupOrElevatedRequirement : IAuthorizationRequirement
     {
     }
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
index 6948274582..8674f3e262 100644
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
+++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
@@ -1,13 +1,18 @@
 using System.Threading.Tasks;
+using Jellyfin.Api.Enums;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.RequiresElevationPolicy
 {
+    /// <summary>
+    /// Authorization handler for requiring elevated privileges.
+    /// </summary>
     public class RequiresElevationHandler : AuthorizationHandler<RequiresElevationRequirement>
     {
+        /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
         {
-            if (context.User.IsInRole("Administrator"))
+            if (context.User.IsInRole(UserRole.Administrator.ToString()))
             {
                 context.Succeed(requirement);
             }
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
index dd51cd3c20..cfff1cc0c5 100644
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
+++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs
@@ -2,8 +2,10 @@ using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.RequiresElevationPolicy
 {
+    /// <summary>
+    /// The authorization requirement for requiring elevated privileges in the authorization handler.
+    /// </summary>
     public class RequiresElevationRequirement : IAuthorizationRequirement
     {
-
     }
 }