From 958f8f71e8174aa3884cbafa54d07bf247517014 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Thu, 8 Jun 2023 10:36:04 +0200 Subject: Add wrapper object for authentication event information --- Emby.Server.Implementations/Session/SessionManager.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'Emby.Server.Implementations') diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs index 5f6dc93fb..f26cc5663 100644 --- a/Emby.Server.Implementations/Session/SessionManager.cs +++ b/Emby.Server.Implementations/Session/SessionManager.cs @@ -24,6 +24,7 @@ using MediaBrowser.Controller.Drawing; using MediaBrowser.Controller.Dto; using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Events; +using MediaBrowser.Controller.Events.Authentication; using MediaBrowser.Controller.Events.Session; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Net; @@ -1462,7 +1463,7 @@ namespace Emby.Server.Implementations.Session if (user is null) { - await _eventManager.PublishAsync(new GenericEventArgs(request)).ConfigureAwait(false); + await _eventManager.PublishAsync(new GenericEventArgs(new AuthenticationRequestEventArgs(request))).ConfigureAwait(false); throw new AuthenticationException("Invalid username or password entered."); } @@ -1498,7 +1499,7 @@ namespace Emby.Server.Implementations.Session ServerId = _appHost.SystemId }; - await _eventManager.PublishAsync(new GenericEventArgs(returnResult)).ConfigureAwait(false); + await _eventManager.PublishAsync(new GenericEventArgs(new AuthenticationResultEventArgs(returnResult))).ConfigureAwait(false); return returnResult; } -- cgit v1.2.3 From 05d98fe24c594ae43de4cd9f54139f8b04324119 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Fri, 9 Jun 2023 17:11:22 +0200 Subject: Enforce permissions on websocket connections --- .../HttpServer/WebSocketConnection.cs | 28 ++++++++++------------ .../HttpServer/WebSocketManager.cs | 3 ++- .../ActivityLogWebSocketListener.cs | 14 ++++++++++- .../SessionInfoWebSocketListener.cs | 12 ++++++++++ .../Net/BasePeriodicWebSocketListener.cs | 2 +- .../Net/IWebSocketConnection.cs | 17 ++++++++++--- .../HttpServer/WebSocketConnectionTests.cs | 8 +++---- 7 files changed, 58 insertions(+), 26 deletions(-) (limited to 'Emby.Server.Implementations') diff --git a/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs b/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs index fd7653a32..7f620d666 100644 --- a/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs +++ b/Emby.Server.Implementations/HttpServer/WebSocketConnection.cs @@ -12,6 +12,7 @@ using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Net.WebSocketMessages; using MediaBrowser.Controller.Net.WebSocketMessages.Outbound; using MediaBrowser.Model.Session; +using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; namespace Emby.Server.Implementations.HttpServer @@ -43,14 +44,17 @@ namespace Emby.Server.Implementations.HttpServer /// /// The logger. /// The socket. + /// The authorization information. /// The remote end point. public WebSocketConnection( ILogger logger, WebSocket socket, + AuthorizationInfo authorizationInfo, IPAddress? remoteEndPoint) { _logger = logger; _socket = socket; + AuthorizationInfo = authorizationInfo; RemoteEndPoint = remoteEndPoint; _jsonOptions = JsonDefaults.Options; @@ -60,30 +64,22 @@ namespace Emby.Server.Implementations.HttpServer /// public event EventHandler? Closed; - /// - /// Gets the remote end point. - /// + /// + public AuthorizationInfo AuthorizationInfo { get; } + + /// public IPAddress? RemoteEndPoint { get; } - /// - /// Gets or sets the receive action. - /// - /// The receive action. + /// public Func? OnReceive { get; set; } - /// - /// Gets the last activity date. - /// - /// The last activity date. + /// public DateTime LastActivityDate { get; private set; } /// public DateTime LastKeepAliveDate { get; set; } - /// - /// Gets the state. - /// - /// The state. + /// public WebSocketState State => _socket.State; /// @@ -101,7 +97,7 @@ namespace Emby.Server.Implementations.HttpServer } /// - public async Task ProcessAsync(CancellationToken cancellationToken = default) + public async Task ReceiveAsync(CancellationToken cancellationToken = default) { var pipe = new Pipe(); var writer = pipe.Writer; diff --git a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs index ecfb242f6..52f14b0b1 100644 --- a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs +++ b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs @@ -51,6 +51,7 @@ namespace Emby.Server.Implementations.HttpServer using var connection = new WebSocketConnection( _loggerFactory.CreateLogger(), webSocket, + authorizationInfo, context.GetNormalizedRemoteIP()) { OnReceive = ProcessWebSocketMessageReceived @@ -64,7 +65,7 @@ namespace Emby.Server.Implementations.HttpServer await Task.WhenAll(tasks).ConfigureAwait(false); - await connection.ProcessAsync().ConfigureAwait(false); + await connection.ReceiveAsync().ConfigureAwait(false); _logger.LogInformation("WS {IP} closed", context.Connection.RemoteIpAddress); } catch (Exception ex) // Otherwise ASP.Net will ignore the exception diff --git a/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs b/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs index 4a5e0ecd4..33d391f29 100644 --- a/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs +++ b/Jellyfin.Api/WebSocketListeners/ActivityLogWebSocketListener.cs @@ -1,6 +1,8 @@ using System; using System.Threading.Tasks; +using Jellyfin.Data.Enums; using Jellyfin.Data.Events; +using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Net; using MediaBrowser.Model.Activity; using MediaBrowser.Model.Session; @@ -9,7 +11,7 @@ using Microsoft.Extensions.Logging; namespace Jellyfin.Api.WebSocketListeners; /// -/// Class SessionInfoWebSocketListener. +/// Class ActivityLogWebSocketListener. /// public class ActivityLogWebSocketListener : BasePeriodicWebSocketListener { @@ -56,6 +58,16 @@ public class ActivityLogWebSocketListener : BasePeriodicWebSocketListener e) { await SendData(true).ConfigureAwait(false); diff --git a/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs b/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs index 0d8bf205c..0d614ba4f 100644 --- a/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs +++ b/Jellyfin.Api/WebSocketListeners/SessionInfoWebSocketListener.cs @@ -1,5 +1,7 @@ using System.Collections.Generic; using System.Threading.Tasks; +using Jellyfin.Data.Enums; +using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Net; using MediaBrowser.Controller.Session; @@ -66,6 +68,16 @@ public class SessionInfoWebSocketListener : BasePeriodicWebSocketListener /// The message. - private void Start(WebSocketMessageInfo message) + protected void Start(WebSocketMessageInfo message) { var vals = message.Data.Split(','); diff --git a/MediaBrowser.Controller/Net/IWebSocketConnection.cs b/MediaBrowser.Controller/Net/IWebSocketConnection.cs index 79f0846b4..bba5a6b85 100644 --- a/MediaBrowser.Controller/Net/IWebSocketConnection.cs +++ b/MediaBrowser.Controller/Net/IWebSocketConnection.cs @@ -1,5 +1,3 @@ -#pragma warning disable CS1591 - using System; using System.Net; using System.Net.WebSockets; @@ -9,6 +7,9 @@ using MediaBrowser.Controller.Net.WebSocketMessages; namespace MediaBrowser.Controller.Net { + /// + /// Interface for WebSocket connections. + /// public interface IWebSocketConnection : IAsyncDisposable, IDisposable { /// @@ -40,6 +41,11 @@ namespace MediaBrowser.Controller.Net /// The state. WebSocketState State { get; } + /// + /// Gets the authorization information. + /// + public AuthorizationInfo AuthorizationInfo { get; } + /// /// Gets the remote end point. /// @@ -65,6 +71,11 @@ namespace MediaBrowser.Controller.Net /// The message is null. Task SendAsync(OutboundWebSocketMessage message, CancellationToken cancellationToken); - Task ProcessAsync(CancellationToken cancellationToken = default); + /// + /// Receives a message asynchronously. + /// + /// The cancellation token. + /// Task. + Task ReceiveAsync(CancellationToken cancellationToken = default); } } diff --git a/tests/Jellyfin.Server.Implementations.Tests/HttpServer/WebSocketConnectionTests.cs b/tests/Jellyfin.Server.Implementations.Tests/HttpServer/WebSocketConnectionTests.cs index f01611819..22667ee82 100644 --- a/tests/Jellyfin.Server.Implementations.Tests/HttpServer/WebSocketConnectionTests.cs +++ b/tests/Jellyfin.Server.Implementations.Tests/HttpServer/WebSocketConnectionTests.cs @@ -13,7 +13,7 @@ namespace Jellyfin.Server.Implementations.Tests.HttpServer [Fact] public void DeserializeWebSocketMessage_SingleSegment_Success() { - var con = new WebSocketConnection(new NullLogger(), null!, null!); + var con = new WebSocketConnection(new NullLogger(), null!, null!, null!); var bytes = File.ReadAllBytes("Test Data/HttpServer/ForceKeepAlive.json"); con.DeserializeWebSocketMessage(new ReadOnlySequence(bytes), out var bytesConsumed); Assert.Equal(109, bytesConsumed); @@ -23,7 +23,7 @@ namespace Jellyfin.Server.Implementations.Tests.HttpServer public void DeserializeWebSocketMessage_MultipleSegments_Success() { const int SplitPos = 64; - var con = new WebSocketConnection(new NullLogger(), null!, null!); + var con = new WebSocketConnection(new NullLogger(), null!, null!, null!); var bytes = File.ReadAllBytes("Test Data/HttpServer/ForceKeepAlive.json"); var seg1 = new BufferSegment(new Memory(bytes, 0, SplitPos)); var seg2 = seg1.Append(new Memory(bytes, SplitPos, bytes.Length - SplitPos)); @@ -34,7 +34,7 @@ namespace Jellyfin.Server.Implementations.Tests.HttpServer [Fact] public void DeserializeWebSocketMessage_ValidPartial_Success() { - var con = new WebSocketConnection(new NullLogger(), null!, null!); + var con = new WebSocketConnection(new NullLogger(), null!, null!, null!); var bytes = File.ReadAllBytes("Test Data/HttpServer/ValidPartial.json"); con.DeserializeWebSocketMessage(new ReadOnlySequence(bytes), out var bytesConsumed); Assert.Equal(109, bytesConsumed); @@ -43,7 +43,7 @@ namespace Jellyfin.Server.Implementations.Tests.HttpServer [Fact] public void DeserializeWebSocketMessage_Partial_ThrowJsonException() { - var con = new WebSocketConnection(new NullLogger(), null!, null!); + var con = new WebSocketConnection(new NullLogger(), null!, null!, null!); var bytes = File.ReadAllBytes("Test Data/HttpServer/Partial.json"); Assert.Throws(() => con.DeserializeWebSocketMessage(new ReadOnlySequence(bytes), out var bytesConsumed)); } -- cgit v1.2.3 From 4bb17039d70683e8a159db92823fed6d992e2fe4 Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Sat, 29 Jul 2023 13:50:55 +0200 Subject: Apply review suggestions --- Emby.Server.Implementations/Session/SessionManager.cs | 4 ++-- .../Events/Consumers/Security/AuthenticationFailedLogger.cs | 9 ++++----- .../Events/Consumers/Security/AuthenticationSucceededLogger.cs | 10 +++++----- .../Events/EventingServiceCollectionExtensions.cs | 4 ++-- .../Events/Authentication/AuthenticationRequestEventArgs.cs | 2 +- .../Events/Authentication/AuthenticationResultEventArgs.cs | 3 ++- 6 files changed, 16 insertions(+), 16 deletions(-) (limited to 'Emby.Server.Implementations') diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs index f26cc5663..03ff96b19 100644 --- a/Emby.Server.Implementations/Session/SessionManager.cs +++ b/Emby.Server.Implementations/Session/SessionManager.cs @@ -1463,7 +1463,7 @@ namespace Emby.Server.Implementations.Session if (user is null) { - await _eventManager.PublishAsync(new GenericEventArgs(new AuthenticationRequestEventArgs(request))).ConfigureAwait(false); + await _eventManager.PublishAsync(new AuthenticationRequestEventArgs(request)).ConfigureAwait(false); throw new AuthenticationException("Invalid username or password entered."); } @@ -1499,7 +1499,7 @@ namespace Emby.Server.Implementations.Session ServerId = _appHost.SystemId }; - await _eventManager.PublishAsync(new GenericEventArgs(new AuthenticationResultEventArgs(returnResult))).ConfigureAwait(false); + await _eventManager.PublishAsync(new AuthenticationResultEventArgs(returnResult)).ConfigureAwait(false); return returnResult; } diff --git a/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationFailedLogger.cs b/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationFailedLogger.cs index f4835a585..b5f18d983 100644 --- a/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationFailedLogger.cs +++ b/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationFailedLogger.cs @@ -2,7 +2,6 @@ using System.Globalization; using System.Threading.Tasks; using Jellyfin.Data.Entities; -using Jellyfin.Data.Events; using MediaBrowser.Controller.Events; using MediaBrowser.Controller.Events.Authentication; using MediaBrowser.Model.Activity; @@ -14,7 +13,7 @@ namespace Jellyfin.Server.Implementations.Events.Consumers.Security /// /// Creates an entry in the activity log when there is a failed login attempt. /// - public class AuthenticationFailedLogger : IEventConsumer> + public class AuthenticationFailedLogger : IEventConsumer { private readonly ILocalizationManager _localizationManager; private readonly IActivityManager _activityManager; @@ -31,13 +30,13 @@ namespace Jellyfin.Server.Implementations.Events.Consumers.Security } /// - public async Task OnEvent(GenericEventArgs eventArgs) + public async Task OnEvent(AuthenticationRequestEventArgs eventArgs) { await _activityManager.CreateAsync(new ActivityLog( string.Format( CultureInfo.InvariantCulture, _localizationManager.GetLocalizedString("FailedLoginAttemptWithUserName"), - eventArgs.Argument.Username), + eventArgs.Username), "AuthenticationFailed", Guid.Empty) { @@ -45,7 +44,7 @@ namespace Jellyfin.Server.Implementations.Events.Consumers.Security ShortOverview = string.Format( CultureInfo.InvariantCulture, _localizationManager.GetLocalizedString("LabelIpAddressValue"), - eventArgs.Argument.RemoteEndPoint), + eventArgs.RemoteEndPoint), }).ConfigureAwait(false); } } diff --git a/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationSucceededLogger.cs b/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationSucceededLogger.cs index fe2737baf..2ee5b4e88 100644 --- a/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationSucceededLogger.cs +++ b/Jellyfin.Server.Implementations/Events/Consumers/Security/AuthenticationSucceededLogger.cs @@ -12,7 +12,7 @@ namespace Jellyfin.Server.Implementations.Events.Consumers.Security /// /// Creates an entry in the activity log when there is a successful login attempt. /// - public class AuthenticationSucceededLogger : IEventConsumer> + public class AuthenticationSucceededLogger : IEventConsumer { private readonly ILocalizationManager _localizationManager; private readonly IActivityManager _activityManager; @@ -29,20 +29,20 @@ namespace Jellyfin.Server.Implementations.Events.Consumers.Security } /// - public async Task OnEvent(GenericEventArgs eventArgs) + public async Task OnEvent(AuthenticationResultEventArgs eventArgs) { await _activityManager.CreateAsync(new ActivityLog( string.Format( CultureInfo.InvariantCulture, _localizationManager.GetLocalizedString("AuthenticationSucceededWithUserName"), - eventArgs.Argument.User.Name), + eventArgs.User.Name), "AuthenticationSucceeded", - eventArgs.Argument.User.Id) + eventArgs.User.Id) { ShortOverview = string.Format( CultureInfo.InvariantCulture, _localizationManager.GetLocalizedString("LabelIpAddressValue"), - eventArgs.Argument.SessionInfo?.RemoteEndPoint), + eventArgs.SessionInfo?.RemoteEndPoint), }).ConfigureAwait(false); } } diff --git a/Jellyfin.Server.Implementations/Events/EventingServiceCollectionExtensions.cs b/Jellyfin.Server.Implementations/Events/EventingServiceCollectionExtensions.cs index 93ab15e24..9a473de52 100644 --- a/Jellyfin.Server.Implementations/Events/EventingServiceCollectionExtensions.cs +++ b/Jellyfin.Server.Implementations/Events/EventingServiceCollectionExtensions.cs @@ -34,8 +34,8 @@ namespace Jellyfin.Server.Implementations.Events collection.AddScoped, SubtitleDownloadFailureLogger>(); // Security consumers - collection.AddScoped>, AuthenticationFailedLogger>(); - collection.AddScoped>, AuthenticationSucceededLogger>(); + collection.AddScoped, AuthenticationFailedLogger>(); + collection.AddScoped, AuthenticationSucceededLogger>(); // Session consumers collection.AddScoped, PlaybackStartLogger>(); diff --git a/MediaBrowser.Controller/Events/Authentication/AuthenticationRequestEventArgs.cs b/MediaBrowser.Controller/Events/Authentication/AuthenticationRequestEventArgs.cs index c0d8a277b..2143c6998 100644 --- a/MediaBrowser.Controller/Events/Authentication/AuthenticationRequestEventArgs.cs +++ b/MediaBrowser.Controller/Events/Authentication/AuthenticationRequestEventArgs.cs @@ -6,7 +6,7 @@ namespace MediaBrowser.Controller.Events.Authentication; /// /// A class representing an authentication result event. /// -public class AuthenticationRequestEventArgs +public class AuthenticationRequestEventArgs : EventArgs { /// /// Initializes a new instance of the class. diff --git a/MediaBrowser.Controller/Events/Authentication/AuthenticationResultEventArgs.cs b/MediaBrowser.Controller/Events/Authentication/AuthenticationResultEventArgs.cs index 5564fa1ce..357ef9406 100644 --- a/MediaBrowser.Controller/Events/Authentication/AuthenticationResultEventArgs.cs +++ b/MediaBrowser.Controller/Events/Authentication/AuthenticationResultEventArgs.cs @@ -1,3 +1,4 @@ +using System; using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Session; using MediaBrowser.Model.Dto; @@ -7,7 +8,7 @@ namespace MediaBrowser.Controller.Events.Authentication; /// /// A class representing an authentication result event. /// -public class AuthenticationResultEventArgs +public class AuthenticationResultEventArgs : EventArgs { /// /// Initializes a new instance of the class. -- cgit v1.2.3