From 3f651de24c76f9980fac690e51fa93b3d1163f72 Mon Sep 17 00:00:00 2001
From: Claus Vium <clausvium@gmail.com>
Date: Sat, 23 Nov 2019 16:31:02 +0100
Subject: Add authentication and remove versioning

---
 .../HttpServer/Security/AuthService.cs                  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'Emby.Server.Implementations/HttpServer/Security/AuthService.cs')

diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 93a61fe67..81dab83d5 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Linq;
+using Emby.Server.Implementations.SocketSharp;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Entities;
@@ -7,22 +8,27 @@ using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Services;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
 
 namespace Emby.Server.Implementations.HttpServer.Security
 {
     public class AuthService : IAuthService
     {
+        private readonly ILogger<AuthService> _logger;
         private readonly IAuthorizationContext _authorizationContext;
         private readonly ISessionManager _sessionManager;
         private readonly IServerConfigurationManager _config;
         private readonly INetworkManager _networkManager;
 
         public AuthService(
+            ILoggerFactory loggerFactory,
             IAuthorizationContext authorizationContext,
             IServerConfigurationManager config,
             ISessionManager sessionManager,
             INetworkManager networkManager)
         {
+            _logger = loggerFactory.CreateLogger<AuthService>();
             _authorizationContext = authorizationContext;
             _config = config;
             _sessionManager = sessionManager;
@@ -34,7 +40,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
             ValidateUser(request, authAttribtues);
         }
 
-        private void ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
+        public User Authenticate(HttpRequest request, IAuthenticationAttributes authAttributes)
+        {
+            var req = new WebSocketSharpRequest(request, null, request.Path, _logger);
+            var user = ValidateUser(req, authAttributes);
+            return user;
+        }
+
+        private User ValidateUser(IRequest request, IAuthenticationAttributes authAttribtues)
         {
             // This code is executed before the service
             var auth = _authorizationContext.GetAuthorizationInfo(request);
@@ -81,6 +94,8 @@ namespace Emby.Server.Implementations.HttpServer.Security
                     request.RemoteIp,
                     user);
             }
+
+            return user;
         }
 
         private void ValidateUserAccess(
-- 
cgit v1.2.3


From 2af5922af06c865d676e817112ef76a92a23e1b6 Mon Sep 17 00:00:00 2001
From: Claus Vium <clausvium@gmail.com>
Date: Sun, 24 Nov 2019 18:25:43 +0100
Subject: Fix review comments

---
 Emby.Server.Implementations/ApplicationHost.cs     |  7 +++++--
 .../HttpServer/Security/AuthService.cs             |  4 ++--
 Jellyfin.Api/Auth/CustomAuthenticationHandler.cs   |  4 ++--
 .../FirstTimeSetupOrElevatedHandler.cs             |  4 ++--
 .../RequiresElevationHandler.cs                    |  4 ++--
 Jellyfin.Api/Constants/UserRole.cs                 | 23 ++++++++++++++++++++++
 Jellyfin.Api/Enums/UserRole.cs                     | 23 ----------------------
 Jellyfin.Api/Jellyfin.Api.csproj                   |  2 +-
 8 files changed, 37 insertions(+), 34 deletions(-)
 create mode 100644 Jellyfin.Api/Constants/UserRole.cs
 delete mode 100644 Jellyfin.Api/Enums/UserRole.cs

(limited to 'Emby.Server.Implementations/HttpServer/Security/AuthService.cs')

diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 3b9ea4121..4fd08258a 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -231,7 +231,10 @@ namespace Emby.Server.Implementations
             }
         }
 
-        public IServiceProvider ServiceProvider;
+        /// <summary>
+        /// Gets or sets the service provider.
+        /// </summary>
+        public IServiceProvider ServiceProvider { get; set; }
 
         /// <summary>
         /// Gets the server configuration manager.
@@ -835,7 +838,7 @@ namespace Emby.Server.Implementations
             serviceCollection.AddSingleton<IAuthorizationContext>(authContext);
             serviceCollection.AddSingleton<ISessionContext>(new SessionContext(UserManager, authContext, SessionManager));
 
-            AuthService = new AuthService(LoggerFactory, authContext, ServerConfigurationManager, SessionManager, NetworkManager);
+            AuthService = new AuthService(LoggerFactory.CreateLogger<AuthService>(), authContext, ServerConfigurationManager, SessionManager, NetworkManager);
             serviceCollection.AddSingleton(AuthService);
 
             SubtitleEncoder = new MediaBrowser.MediaEncoding.Subtitles.SubtitleEncoder(LibraryManager, LoggerFactory, ApplicationPaths, FileSystemManager, MediaEncoder, JsonSerializer, HttpClient, MediaSourceManager, ProcessFactory);
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 81dab83d5..594f46498 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -22,13 +22,13 @@ namespace Emby.Server.Implementations.HttpServer.Security
         private readonly INetworkManager _networkManager;
 
         public AuthService(
-            ILoggerFactory loggerFactory,
+            ILogger<AuthService> logger,
             IAuthorizationContext authorizationContext,
             IServerConfigurationManager config,
             ISessionManager sessionManager,
             INetworkManager networkManager)
         {
-            _logger = loggerFactory.CreateLogger<AuthService>();
+            _logger = logger;
             _authorizationContext = authorizationContext;
             _config = config;
             _sessionManager = sessionManager;
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index a753d6083..6ca992c61 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -1,7 +1,7 @@
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
-using Jellyfin.Api.Enums;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;
@@ -51,7 +51,7 @@ namespace Jellyfin.Api.Auth
                     new Claim(ClaimTypes.Name, user.Name),
                     new Claim(
                         ClaimTypes.Role,
-                        value: user.Policy.IsAdministrator ? UserRole.Administrator.ToString() : UserRole.User.ToString())
+                        value: user.Policy.IsAdministrator ? UserRole.Administrator : UserRole.User)
                 };
                 var identity = new ClaimsIdentity(claims, Scheme.Name);
                 var principal = new ClaimsPrincipal(identity);
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
index f07e568de..2450e7bc7 100644
--- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
+++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs
@@ -1,5 +1,5 @@
 using System.Threading.Tasks;
-using Jellyfin.Api.Enums;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Common.Configuration;
 using Microsoft.AspNetCore.Authorization;
 
@@ -28,7 +28,7 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy
             {
                 context.Succeed(firstTimeSetupOrElevatedRequirement);
             }
-            else if (context.User.IsInRole(UserRole.Administrator.ToString()))
+            else if (context.User.IsInRole(UserRole.Administrator))
             {
                 context.Succeed(firstTimeSetupOrElevatedRequirement);
             }
diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
index 8674f3e26..108c29a2c 100644
--- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
+++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs
@@ -1,5 +1,5 @@
 using System.Threading.Tasks;
-using Jellyfin.Api.Enums;
+using Jellyfin.Api.Constants;
 using Microsoft.AspNetCore.Authorization;
 
 namespace Jellyfin.Api.Auth.RequiresElevationPolicy
@@ -12,7 +12,7 @@ namespace Jellyfin.Api.Auth.RequiresElevationPolicy
         /// <inheritdoc />
         protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement)
         {
-            if (context.User.IsInRole(UserRole.Administrator.ToString()))
+            if (context.User.IsInRole(UserRole.Administrator))
             {
                 context.Succeed(requirement);
             }
diff --git a/Jellyfin.Api/Constants/UserRole.cs b/Jellyfin.Api/Constants/UserRole.cs
new file mode 100644
index 000000000..b1da61557
--- /dev/null
+++ b/Jellyfin.Api/Constants/UserRole.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Api.Constants
+{
+    /// <summary>
+    /// Constants for user roles used in the authentication and authorization for the API.
+    /// </summary>
+    public static class UserRole
+    {
+        /// <summary>
+        /// Guest user.
+        /// </summary>
+        public const string Guest = "Guest";
+
+        /// <summary>
+        /// Regular user with no special privileges.
+        /// </summary>
+        public const string User = "User";
+
+        /// <summary>
+        /// Administrator user with elevated privileges.
+        /// </summary>
+        public const string Administrator = "Administrator";
+    }
+}
diff --git a/Jellyfin.Api/Enums/UserRole.cs b/Jellyfin.Api/Enums/UserRole.cs
deleted file mode 100644
index 05826d9f4..000000000
--- a/Jellyfin.Api/Enums/UserRole.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-namespace Jellyfin.Api.Enums
-{
-    /// <summary>
-    /// Enum for user roles used in the authentication and authorization for the API.
-    /// </summary>
-    public enum UserRole
-    {
-        /// <summary>
-        /// Guest user.
-        /// </summary>
-        Guest = 0,
-
-        /// <summary>
-        /// Regular user with no special privileges.
-        /// </summary>
-        User = 1,
-
-        /// <summary>
-        /// Administrator user with elevated privileges.
-        /// </summary>
-        Administrator = 2
-    }
-}
diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj
index 1cc23c07b..6ad97b60f 100644
--- a/Jellyfin.Api/Jellyfin.Api.csproj
+++ b/Jellyfin.Api/Jellyfin.Api.csproj
@@ -19,7 +19,7 @@
 
   <!-- Code analysers-->
   <ItemGroup Condition=" '$(Configuration)' == 'Debug' ">
-    <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.9.4" />
+    <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="2.9.7" PrivateAssets="All" />
     <PackageReference Include="SerilogAnalyzer" Version="0.15.0" />
     <PackageReference Include="StyleCop.Analyzers" Version="1.1.118" />
     <PackageReference Include="SmartAnalyzers.MultithreadingAnalyzer" Version="1.1.31" />
-- 
cgit v1.2.3