From cd459c51f3d8a6a46a802759df1620ec43e5d2ae Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 1 Dec 2020 14:47:42 -0700
Subject: Return NoResult only when request doesn't have a token.

---
 Emby.Server.Implementations/HttpServer/Security/AuthService.cs   | 9 ++++++++-
 .../HttpServer/Security/AuthorizationContext.cs                  | 4 +++-
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'Emby.Server.Implementations/HttpServer/Security')

diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index df7a034e8..4a0fc8239 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
 #pragma warning disable CS1591
 
+using System;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
@@ -20,9 +21,15 @@ namespace Emby.Server.Implementations.HttpServer.Security
         public AuthorizationInfo Authenticate(HttpRequest request)
         {
             var auth = _authorizationContext.GetAuthorizationInfo(request);
+
+            if (!auth.HasToken)
+            {
+                throw new AuthenticationException("Request does not contain a token.");
+            }
+
             if (!auth.IsAuthenticated)
             {
-                throw new AuthenticationException("Invalid token.");
+                throw new SecurityException("Invalid token.");
             }
 
             if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
index fdf2e3908..d62e2eefe 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
@@ -102,7 +102,8 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 DeviceId = deviceId,
                 Version = version,
                 Token = token,
-                IsAuthenticated = false
+                IsAuthenticated = false,
+                HasToken = false
             };
 
             if (string.IsNullOrWhiteSpace(token))
@@ -111,6 +112,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 return authInfo;
             }
 
+            authInfo.HasToken = true;
             var result = _authRepo.Get(new AuthenticationInfoQuery
             {
                 AccessToken = token
-- 
cgit v1.2.3