From 21b54b4ad8477d654e4f79e9805701c9737346a6 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sun, 19 Apr 2020 19:33:55 -0600
Subject: Move DeviceService to DevicesController

---
 Jellyfin.Api/Controllers/DevicesController.cs | 260 ++++++++++++++++++++++++++
 1 file changed, 260 insertions(+)
 create mode 100644 Jellyfin.Api/Controllers/DevicesController.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
new file mode 100644
index 000000000..7407c4487
--- /dev/null
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -0,0 +1,260 @@
+#nullable enable
+
+using System;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Net;
+using MediaBrowser.Controller.Security;
+using MediaBrowser.Controller.Session;
+using MediaBrowser.Model.Devices;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+    /// <summary>
+    /// Devices Controller.
+    /// </summary>
+    [Authenticated]
+    public class DevicesController : BaseJellyfinApiController
+    {
+        private readonly IDeviceManager _deviceManager;
+        private readonly IAuthenticationRepository _authenticationRepository;
+        private readonly ISessionManager _sessionManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DevicesController"/> class.
+        /// </summary>
+        /// <param name="deviceManager">Instance of <see cref="IDeviceManager"/> interface.</param>
+        /// <param name="authenticationRepository">Instance of <see cref="IAuthenticationRepository"/> interface.</param>
+        /// <param name="sessionManager">Instance of <see cref="ISessionManager"/> interface.</param>
+        public DevicesController(
+            IDeviceManager deviceManager,
+            IAuthenticationRepository authenticationRepository,
+            ISessionManager sessionManager)
+        {
+            _deviceManager = deviceManager;
+            _authenticationRepository = authenticationRepository;
+            _sessionManager = sessionManager;
+        }
+
+        /// <summary>
+        /// Get Devices.
+        /// </summary>
+        /// <param name="supportsSync">/// Gets or sets a value indicating whether [supports synchronize].</param>
+        /// <param name="userId">/// Gets or sets the user identifier.</param>
+        /// <returns>Device Infos.</returns>
+        [HttpGet]
+        [ProducesResponseType(typeof(DeviceInfo[]), StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        {
+            try
+            {
+                var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
+                var devices = _deviceManager.GetDevices(deviceQuery);
+                return Ok(devices);
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Get info for a device.
+        /// </summary>
+        /// <param name="id">Device Id.</param>
+        /// <returns>Device Info.</returns>
+        [HttpGet("Info")]
+        [ProducesResponseType(typeof(DeviceInfo), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult GetDeviceInfo([FromQuery, BindRequired] string id)
+        {
+            try
+            {
+                var deviceInfo = _deviceManager.GetDevice(id);
+                if (deviceInfo == null)
+                {
+                    return NotFound();
+                }
+
+                return Ok(deviceInfo);
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Get options for a device.
+        /// </summary>
+        /// <param name="id">Device Id.</param>
+        /// <returns>Device Info.</returns>
+        [HttpGet("Options")]
+        [ProducesResponseType(typeof(DeviceOptions), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult GetDeviceOptions([FromQuery, BindRequired] string id)
+        {
+            try
+            {
+                var deviceInfo = _deviceManager.GetDeviceOptions(id);
+                if (deviceInfo == null)
+                {
+                    return NotFound();
+                }
+
+                return Ok(deviceInfo);
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Update device options.
+        /// </summary>
+        /// <param name="id">Device Id.</param>
+        /// <param name="deviceOptions">Device Options.</param>
+        /// <returns>Status.</returns>
+        [HttpPost("Options")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult UpdateDeviceOptions(
+            [FromQuery, BindRequired] string id,
+            [FromBody, BindRequired] DeviceOptions deviceOptions)
+        {
+            try
+            {
+                var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
+                if (existingDeviceOptions == null)
+                {
+                    return NotFound();
+                }
+
+                _deviceManager.UpdateDeviceOptions(id, deviceOptions);
+                return Ok();
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Deletes a device.
+        /// </summary>
+        /// <param name="id">Device Id.</param>
+        /// <returns>Status.</returns>
+        [HttpDelete]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult DeleteDevice([FromQuery, BindRequired] string id)
+        {
+            try
+            {
+                var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
+
+                foreach (var session in sessions)
+                {
+                    _sessionManager.Logout(session);
+                }
+
+                return Ok();
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Gets camera upload history for a device.
+        /// </summary>
+        /// <param name="id">Device Id.</param>
+        /// <returns>Content Upload History.</returns>
+        [HttpGet("CameraUploads")]
+        [ProducesResponseType(typeof(ContentUploadHistory), StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public IActionResult GetCameraUploads([FromQuery, BindRequired] string id)
+        {
+            try
+            {
+                var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
+                return Ok(uploadHistory);
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+
+        /// <summary>
+        /// Uploads content.
+        /// </summary>
+        /// <param name="deviceId">Device Id.</param>
+        /// <param name="album">Album.</param>
+        /// <param name="name">Name.</param>
+        /// <param name="id">Id.</param>
+        /// <returns>Status.</returns>
+        [HttpPost("CameraUploads")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
+        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
+        public async Task<IActionResult> PostCameraUploadAsync(
+            [FromQuery, BindRequired] string deviceId,
+            [FromQuery, BindRequired] string album,
+            [FromQuery, BindRequired] string name,
+            [FromQuery, BindRequired] string id)
+        {
+            try
+            {
+                Stream fileStream;
+                string contentType;
+
+                if (Request.HasFormContentType)
+                {
+                    if (Request.Form.Files.Any())
+                    {
+                        fileStream = Request.Form.Files[0].OpenReadStream();
+                        contentType = Request.Form.Files[0].ContentType;
+                    }
+                    else
+                    {
+                        return BadRequest();
+                    }
+                }
+                else
+                {
+                    fileStream = Request.Body;
+                    contentType = Request.ContentType;
+                }
+
+                await _deviceManager.AcceptCameraUpload(
+                    deviceId,
+                    fileStream,
+                    new LocalFileInfo
+                    {
+                        MimeType = contentType,
+                        Album = album,
+                        Name = name,
+                        Id = id
+                    }).ConfigureAwait(false);
+
+                return Ok();
+            }
+            catch (Exception e)
+            {
+                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+            }
+        }
+    }
+}
-- 
cgit v1.2.3


From 440f060da6cfa8336d51bd05b723d67cfcf168eb Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sun, 19 Apr 2020 19:36:18 -0600
Subject: Fix Authenticated Roles

---
 Jellyfin.Api/Controllers/DevicesController.cs | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 7407c4487..a9dcfb955 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -48,6 +48,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="userId">/// Gets or sets the user identifier.</param>
         /// <returns>Device Infos.</returns>
         [HttpGet]
+        [Authenticated(Roles = "Admin")]
         [ProducesResponseType(typeof(DeviceInfo[]), StatusCodes.Status200OK)]
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
@@ -70,6 +71,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="id">Device Id.</param>
         /// <returns>Device Info.</returns>
         [HttpGet("Info")]
+        [Authenticated(Roles = "Admin")]
         [ProducesResponseType(typeof(DeviceInfo), StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
@@ -97,6 +99,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="id">Device Id.</param>
         /// <returns>Device Info.</returns>
         [HttpGet("Options")]
+        [Authenticated(Roles = "Admin")]
         [ProducesResponseType(typeof(DeviceOptions), StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
@@ -125,6 +128,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="deviceOptions">Device Options.</param>
         /// <returns>Status.</returns>
         [HttpPost("Options")]
+        [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-- 
cgit v1.2.3


From 5ef71d592b84b73290e3e7a34cd7fa8b9f337f50 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 21 Apr 2020 07:55:01 -0600
Subject: Remove exception handler

---
 Jellyfin.Api/Controllers/DevicesController.cs | 143 ++++++++------------------
 1 file changed, 44 insertions(+), 99 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index a9dcfb955..5dc3f27ee 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -53,16 +53,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
-            try
-            {
-                var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
-                var devices = _deviceManager.GetDevices(deviceQuery);
-                return Ok(devices);
-            }
-            catch (Exception e)
-            {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
-            }
+            var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
+            var devices = _deviceManager.GetDevices(deviceQuery);
+            return Ok(devices);
         }
 
         /// <summary>
@@ -77,20 +70,13 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult GetDeviceInfo([FromQuery, BindRequired] string id)
         {
-            try
-            {
-                var deviceInfo = _deviceManager.GetDevice(id);
-                if (deviceInfo == null)
-                {
-                    return NotFound();
-                }
-
-                return Ok(deviceInfo);
-            }
-            catch (Exception e)
+            var deviceInfo = _deviceManager.GetDevice(id);
+            if (deviceInfo == null)
             {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+                return NotFound();
             }
+
+            return Ok(deviceInfo);
         }
 
         /// <summary>
@@ -105,20 +91,13 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult GetDeviceOptions([FromQuery, BindRequired] string id)
         {
-            try
+            var deviceInfo = _deviceManager.GetDeviceOptions(id);
+            if (deviceInfo == null)
             {
-                var deviceInfo = _deviceManager.GetDeviceOptions(id);
-                if (deviceInfo == null)
-                {
-                    return NotFound();
-                }
-
-                return Ok(deviceInfo);
-            }
-            catch (Exception e)
-            {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+                return NotFound();
             }
+
+            return Ok(deviceInfo);
         }
 
         /// <summary>
@@ -136,21 +115,14 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, BindRequired] string id,
             [FromBody, BindRequired] DeviceOptions deviceOptions)
         {
-            try
-            {
-                var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
-                if (existingDeviceOptions == null)
-                {
-                    return NotFound();
-                }
-
-                _deviceManager.UpdateDeviceOptions(id, deviceOptions);
-                return Ok();
-            }
-            catch (Exception e)
+            var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
+            if (existingDeviceOptions == null)
             {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+                return NotFound();
             }
+
+            _deviceManager.UpdateDeviceOptions(id, deviceOptions);
+            return Ok();
         }
 
         /// <summary>
@@ -163,21 +135,14 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult DeleteDevice([FromQuery, BindRequired] string id)
         {
-            try
-            {
-                var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
-
-                foreach (var session in sessions)
-                {
-                    _sessionManager.Logout(session);
-                }
+            var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
 
-                return Ok();
-            }
-            catch (Exception e)
+            foreach (var session in sessions)
             {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+                _sessionManager.Logout(session);
             }
+
+            return Ok();
         }
 
         /// <summary>
@@ -190,15 +155,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
         public IActionResult GetCameraUploads([FromQuery, BindRequired] string id)
         {
-            try
-            {
-                var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
-                return Ok(uploadHistory);
-            }
-            catch (Exception e)
-            {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
-            }
+            var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
+            return Ok(uploadHistory);
         }
 
         /// <summary>
@@ -219,46 +177,33 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, BindRequired] string name,
             [FromQuery, BindRequired] string id)
         {
-            try
-            {
-                Stream fileStream;
-                string contentType;
+            Stream fileStream;
+            string contentType;
 
-                if (Request.HasFormContentType)
+            if (Request.HasFormContentType)
+            {
+                if (Request.Form.Files.Any())
                 {
-                    if (Request.Form.Files.Any())
-                    {
-                        fileStream = Request.Form.Files[0].OpenReadStream();
-                        contentType = Request.Form.Files[0].ContentType;
-                    }
-                    else
-                    {
-                        return BadRequest();
-                    }
+                    fileStream = Request.Form.Files[0].OpenReadStream();
+                    contentType = Request.Form.Files[0].ContentType;
                 }
                 else
                 {
-                    fileStream = Request.Body;
-                    contentType = Request.ContentType;
+                    return BadRequest();
                 }
-
-                await _deviceManager.AcceptCameraUpload(
-                    deviceId,
-                    fileStream,
-                    new LocalFileInfo
-                    {
-                        MimeType = contentType,
-                        Album = album,
-                        Name = name,
-                        Id = id
-                    }).ConfigureAwait(false);
-
-                return Ok();
             }
-            catch (Exception e)
+            else
             {
-                return StatusCode(StatusCodes.Status500InternalServerError, e.Message);
+                fileStream = Request.Body;
+                contentType = Request.ContentType;
             }
+
+            await _deviceManager.AcceptCameraUpload(
+                deviceId,
+                fileStream,
+                new LocalFileInfo { MimeType = contentType, Album = album, Name = name, Id = id }).ConfigureAwait(false);
+
+            return Ok();
         }
     }
 }
-- 
cgit v1.2.3


From 927696c4036960018864864a4acbf0aeb797f7ac Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 21 Apr 2020 13:59:43 -0600
Subject: move to ActionResult<T>

---
 Jellyfin.Api/Controllers/DevicesController.cs | 29 ++++++++++-----------------
 1 file changed, 11 insertions(+), 18 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 5dc3f27ee..559a26007 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -49,9 +49,8 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Device Infos.</returns>
         [HttpGet]
         [Authenticated(Roles = "Admin")]
-        [ProducesResponseType(typeof(DeviceInfo[]), StatusCodes.Status200OK)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public ActionResult<DeviceInfo[]> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
             var devices = _deviceManager.GetDevices(deviceQuery);
@@ -65,10 +64,9 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Device Info.</returns>
         [HttpGet("Info")]
         [Authenticated(Roles = "Admin")]
-        [ProducesResponseType(typeof(DeviceInfo), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult GetDeviceInfo([FromQuery, BindRequired] string id)
+        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, BindRequired] string id)
         {
             var deviceInfo = _deviceManager.GetDevice(id);
             if (deviceInfo == null)
@@ -86,10 +84,9 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Device Info.</returns>
         [HttpGet("Options")]
         [Authenticated(Roles = "Admin")]
-        [ProducesResponseType(typeof(DeviceOptions), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult GetDeviceOptions([FromQuery, BindRequired] string id)
+        public ActionResult<DeviceInfo> GetDeviceOptions([FromQuery, BindRequired] string id)
         {
             var deviceInfo = _deviceManager.GetDeviceOptions(id);
             if (deviceInfo == null)
@@ -110,8 +107,7 @@ namespace Jellyfin.Api.Controllers
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult UpdateDeviceOptions(
+        public ActionResult UpdateDeviceOptions(
             [FromQuery, BindRequired] string id,
             [FromBody, BindRequired] DeviceOptions deviceOptions)
         {
@@ -132,8 +128,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Status.</returns>
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult DeleteDevice([FromQuery, BindRequired] string id)
+        public ActionResult DeleteDevice([FromQuery, BindRequired] string id)
         {
             var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
 
@@ -151,9 +146,8 @@ namespace Jellyfin.Api.Controllers
         /// <param name="id">Device Id.</param>
         /// <returns>Content Upload History.</returns>
         [HttpGet("CameraUploads")]
-        [ProducesResponseType(typeof(ContentUploadHistory), StatusCodes.Status200OK)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public IActionResult GetCameraUploads([FromQuery, BindRequired] string id)
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        public ActionResult<ContentUploadHistory> GetCameraUploads([FromQuery, BindRequired] string id)
         {
             var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
             return Ok(uploadHistory);
@@ -170,8 +164,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("CameraUploads")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        [ProducesResponseType(typeof(string), StatusCodes.Status500InternalServerError)]
-        public async Task<IActionResult> PostCameraUploadAsync(
+        public async Task<ActionResult> PostCameraUploadAsync(
             [FromQuery, BindRequired] string deviceId,
             [FromQuery, BindRequired] string album,
             [FromQuery, BindRequired] string name,
-- 
cgit v1.2.3


From 4d894c4344fd23026bbfdc0a1cdd24231441a444 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 23 Apr 2020 07:55:47 -0600
Subject: Remove unneeded Ok calls.

---
 Jellyfin.Api/Controllers/DevicesController.cs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 559a26007..cebb51ccf 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -74,7 +74,7 @@ namespace Jellyfin.Api.Controllers
                 return NotFound();
             }
 
-            return Ok(deviceInfo);
+            return deviceInfo;
         }
 
         /// <summary>
@@ -86,7 +86,7 @@ namespace Jellyfin.Api.Controllers
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceInfo> GetDeviceOptions([FromQuery, BindRequired] string id)
+        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, BindRequired] string id)
         {
             var deviceInfo = _deviceManager.GetDeviceOptions(id);
             if (deviceInfo == null)
@@ -94,7 +94,7 @@ namespace Jellyfin.Api.Controllers
                 return NotFound();
             }
 
-            return Ok(deviceInfo);
+            return deviceInfo;
         }
 
         /// <summary>
@@ -150,7 +150,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<ContentUploadHistory> GetCameraUploads([FromQuery, BindRequired] string id)
         {
             var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
-            return Ok(uploadHistory);
+            return uploadHistory;
         }
 
         /// <summary>
-- 
cgit v1.2.3


From 25002483a3fd7f9d1c79c74338ac18c8eabfb0ed Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sat, 2 May 2020 17:23:02 -0600
Subject: Update endpoint docs

---
 Jellyfin.Api/Controllers/DevicesController.cs | 53 +++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 8 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index cebb51ccf..02cf1bc44 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -1,6 +1,7 @@
 #nullable enable
 
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
@@ -46,11 +47,12 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="supportsSync">/// Gets or sets a value indicating whether [supports synchronize].</param>
         /// <param name="userId">/// Gets or sets the user identifier.</param>
-        /// <returns>Device Infos.</returns>
+        /// <response code="200">Devices retrieved.</response>
+        /// <returns>An <see cref="OkResult"/> containing the list of devices.</returns>
         [HttpGet]
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<DeviceInfo[]> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        public ActionResult<IEnumerable<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
             var devices = _deviceManager.GetDevices(deviceQuery);
@@ -61,7 +63,9 @@ namespace Jellyfin.Api.Controllers
         /// Get info for a device.
         /// </summary>
         /// <param name="id">Device Id.</param>
-        /// <returns>Device Info.</returns>
+        /// <response code="200">Device info retrieved.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Info")]
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
@@ -81,7 +85,9 @@ namespace Jellyfin.Api.Controllers
         /// Get options for a device.
         /// </summary>
         /// <param name="id">Device Id.</param>
-        /// <returns>Device Info.</returns>
+        /// <response code="200">Device options retrieved.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Options")]
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
@@ -102,7 +108,9 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="id">Device Id.</param>
         /// <param name="deviceOptions">Device Options.</param>
-        /// <returns>Status.</returns>
+        /// <response code="200">Device options updated.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpPost("Options")]
         [Authenticated(Roles = "Admin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
@@ -125,11 +133,19 @@ namespace Jellyfin.Api.Controllers
         /// Deletes a device.
         /// </summary>
         /// <param name="id">Device Id.</param>
-        /// <returns>Status.</returns>
+        /// <response code="200">Device deleted.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult DeleteDevice([FromQuery, BindRequired] string id)
         {
+            var existingDevice = _deviceManager.GetDevice(id);
+            if (existingDevice == null)
+            {
+                return NotFound();
+            }
+
             var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
 
             foreach (var session in sessions)
@@ -144,11 +160,19 @@ namespace Jellyfin.Api.Controllers
         /// Gets camera upload history for a device.
         /// </summary>
         /// <param name="id">Device Id.</param>
-        /// <returns>Content Upload History.</returns>
+        /// <response code="200">Device upload history retrieved.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>An <see cref="OkResult"/> containing the device upload history on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("CameraUploads")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<ContentUploadHistory> GetCameraUploads([FromQuery, BindRequired] string id)
         {
+            var existingDevice = _deviceManager.GetDevice(id);
+            if (existingDevice == null)
+            {
+                return NotFound();
+            }
+
             var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
             return uploadHistory;
         }
@@ -160,7 +184,14 @@ namespace Jellyfin.Api.Controllers
         /// <param name="album">Album.</param>
         /// <param name="name">Name.</param>
         /// <param name="id">Id.</param>
-        /// <returns>Status.</returns>
+        /// <response code="200">Contents uploaded.</response>
+        /// <response code="400">No uploaded contents.</response>
+        /// <response code="404">Device not found.</response>
+        /// <returns>
+        /// An <see cref="OkResult"/> on success,
+        /// or a <see cref="NotFoundResult"/> if the device could not be found
+        /// or a <see cref="BadRequestResult"/> if the upload contains no files.
+        /// </returns>
         [HttpPost("CameraUploads")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
@@ -170,6 +201,12 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, BindRequired] string name,
             [FromQuery, BindRequired] string id)
         {
+            var existingDevice = _deviceManager.GetDevice(id);
+            if (existingDevice == null)
+            {
+                return NotFound();
+            }
+
             Stream fileStream;
             string contentType;
 
-- 
cgit v1.2.3


From a11a1934399b8cbce0487ced49d2f8e7065b436a Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 19 May 2020 10:04:09 -0600
Subject: Remove CameraUpload endpoints

---
 Jellyfin.Api/Controllers/DevicesController.cs | 83 ---------------------------
 1 file changed, 83 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 02cf1bc44..64dc2322d 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -2,9 +2,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Threading.Tasks;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
@@ -155,85 +152,5 @@ namespace Jellyfin.Api.Controllers
 
             return Ok();
         }
-
-        /// <summary>
-        /// Gets camera upload history for a device.
-        /// </summary>
-        /// <param name="id">Device Id.</param>
-        /// <response code="200">Device upload history retrieved.</response>
-        /// <response code="404">Device not found.</response>
-        /// <returns>An <see cref="OkResult"/> containing the device upload history on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
-        [HttpGet("CameraUploads")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<ContentUploadHistory> GetCameraUploads([FromQuery, BindRequired] string id)
-        {
-            var existingDevice = _deviceManager.GetDevice(id);
-            if (existingDevice == null)
-            {
-                return NotFound();
-            }
-
-            var uploadHistory = _deviceManager.GetCameraUploadHistory(id);
-            return uploadHistory;
-        }
-
-        /// <summary>
-        /// Uploads content.
-        /// </summary>
-        /// <param name="deviceId">Device Id.</param>
-        /// <param name="album">Album.</param>
-        /// <param name="name">Name.</param>
-        /// <param name="id">Id.</param>
-        /// <response code="200">Contents uploaded.</response>
-        /// <response code="400">No uploaded contents.</response>
-        /// <response code="404">Device not found.</response>
-        /// <returns>
-        /// An <see cref="OkResult"/> on success,
-        /// or a <see cref="NotFoundResult"/> if the device could not be found
-        /// or a <see cref="BadRequestResult"/> if the upload contains no files.
-        /// </returns>
-        [HttpPost("CameraUploads")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public async Task<ActionResult> PostCameraUploadAsync(
-            [FromQuery, BindRequired] string deviceId,
-            [FromQuery, BindRequired] string album,
-            [FromQuery, BindRequired] string name,
-            [FromQuery, BindRequired] string id)
-        {
-            var existingDevice = _deviceManager.GetDevice(id);
-            if (existingDevice == null)
-            {
-                return NotFound();
-            }
-
-            Stream fileStream;
-            string contentType;
-
-            if (Request.HasFormContentType)
-            {
-                if (Request.Form.Files.Any())
-                {
-                    fileStream = Request.Form.Files[0].OpenReadStream();
-                    contentType = Request.Form.Files[0].ContentType;
-                }
-                else
-                {
-                    return BadRequest();
-                }
-            }
-            else
-            {
-                fileStream = Request.Body;
-                contentType = Request.ContentType;
-            }
-
-            await _deviceManager.AcceptCameraUpload(
-                deviceId,
-                fileStream,
-                new LocalFileInfo { MimeType = contentType, Album = album, Name = name, Id = id }).ConfigureAwait(false);
-
-            return Ok();
-        }
     }
 }
-- 
cgit v1.2.3


From cf78edc979b626ff11ff88889f618cba50c5ee5f Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 19 May 2020 10:05:23 -0600
Subject: Fix Authorize attributes

---
 Jellyfin.Api/Controllers/DevicesController.cs | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 64dc2322d..b22b5f985 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -2,11 +2,13 @@
 
 using System;
 using System.Collections.Generic;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Devices;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
@@ -16,7 +18,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Devices Controller.
     /// </summary>
-    [Authenticated]
+    [Authorize]
     public class DevicesController : BaseJellyfinApiController
     {
         private readonly IDeviceManager _deviceManager;
@@ -47,7 +49,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Devices retrieved.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of devices.</returns>
         [HttpGet]
-        [Authenticated(Roles = "Admin")]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
@@ -64,7 +66,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Info")]
-        [Authenticated(Roles = "Admin")]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, BindRequired] string id)
@@ -86,7 +88,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Options")]
-        [Authenticated(Roles = "Admin")]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, BindRequired] string id)
@@ -109,7 +111,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpPost("Options")]
-        [Authenticated(Roles = "Admin")]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
-- 
cgit v1.2.3


From cdb25e355c6ebf9ba09f44a7bb7e35286e50976e Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 19 May 2020 10:06:25 -0600
Subject: Fix return value

---
 Jellyfin.Api/Controllers/DevicesController.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index b22b5f985..a46d3f937 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -8,6 +8,7 @@ using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Devices;
+using MediaBrowser.Model.Querying;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -51,11 +52,10 @@ namespace Jellyfin.Api.Controllers
         [HttpGet]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<IEnumerable<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
-            var devices = _deviceManager.GetDevices(deviceQuery);
-            return Ok(devices);
+            return _deviceManager.GetDevices(deviceQuery);
         }
 
         /// <summary>
-- 
cgit v1.2.3


From 3e749eabdf10f9a070a6c303ec37a912f9657e58 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 4 Jun 2020 07:29:00 -0600
Subject: Fix doc errors

---
 Jellyfin.Api/Controllers/DevicesController.cs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index a46d3f937..1e7557903 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -1,10 +1,8 @@
 #nullable enable
 
 using System;
-using System.Collections.Generic;
 using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Devices;
@@ -45,8 +43,8 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Get Devices.
         /// </summary>
-        /// <param name="supportsSync">/// Gets or sets a value indicating whether [supports synchronize].</param>
-        /// <param name="userId">/// Gets or sets the user identifier.</param>
+        /// <param name="supportsSync">Gets or sets a value indicating whether [supports synchronize].</param>
+        /// <param name="userId">Gets or sets the user identifier.</param>
         /// <response code="200">Devices retrieved.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of devices.</returns>
         [HttpGet]
-- 
cgit v1.2.3


From 043d76bd6e9e4a2e1093ae0e5ba025de1438b528 Mon Sep 17 00:00:00 2001
From: David <daullmer@gmail.com>
Date: Fri, 12 Jun 2020 12:38:13 +0200
Subject: Use Http status code 204 instead of 200

---
 .../Controllers/ConfigurationController.cs         | 18 ++++++------
 Jellyfin.Api/Controllers/DevicesController.cs      | 16 +++++------
 .../Controllers/NotificationsController.cs         | 24 ++++++++--------
 Jellyfin.Api/Controllers/PackageController.cs      | 15 +++++-----
 Jellyfin.Api/Controllers/StartupController.cs      | 32 +++++++++++-----------
 5 files changed, 53 insertions(+), 52 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 2a1dce74d..780a38aa8 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -53,15 +53,15 @@ namespace Jellyfin.Api.Controllers
         /// Updates application configuration.
         /// </summary>
         /// <param name="configuration">Configuration.</param>
-        /// <response code="200">Configuration updated.</response>
+        /// <response code="204">Configuration updated.</response>
         /// <returns>Update status.</returns>
         [HttpPost("Configuration")]
         [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateConfiguration([FromBody, BindRequired] ServerConfiguration configuration)
         {
             _configurationManager.ReplaceConfiguration(configuration);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -81,17 +81,17 @@ namespace Jellyfin.Api.Controllers
         /// Updates named configuration.
         /// </summary>
         /// <param name="key">Configuration key.</param>
-        /// <response code="200">Named configuration updated.</response>
+        /// <response code="204">Named configuration updated.</response>
         /// <returns>Update status.</returns>
         [HttpPost("Configuration/{Key}")]
         [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> UpdateNamedConfiguration([FromRoute] string key)
         {
             var configurationType = _configurationManager.GetConfigurationType(key);
             var configuration = await JsonSerializer.DeserializeAsync(Request.Body, configurationType).ConfigureAwait(false);
             _configurationManager.SaveConfiguration(key, configuration);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -111,15 +111,15 @@ namespace Jellyfin.Api.Controllers
         /// Updates the path to the media encoder.
         /// </summary>
         /// <param name="mediaEncoderPath">Media encoder path form body.</param>
-        /// <response code="200">Media encoder path updated.</response>
+        /// <response code="204">Media encoder path updated.</response>
         /// <returns>Status.</returns>
         [HttpPost("MediaEncoder/Path")]
         [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateMediaEncoderPath([FromForm, BindRequired] MediaEncoderPathDto mediaEncoderPath)
         {
             _mediaEncoder.UpdateEncoderPath(mediaEncoderPath.Path, mediaEncoderPath.PathType);
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 1e7557903..1754b0cbd 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -105,12 +105,12 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="id">Device Id.</param>
         /// <param name="deviceOptions">Device Options.</param>
-        /// <response code="200">Device options updated.</response>
+        /// <response code="204">Device options updated.</response>
         /// <response code="404">Device not found.</response>
-        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
+        /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpPost("Options")]
         [Authorize(Policy = Policies.RequiresElevation)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
             [FromQuery, BindRequired] string id,
@@ -123,18 +123,18 @@ namespace Jellyfin.Api.Controllers
             }
 
             _deviceManager.UpdateDeviceOptions(id, deviceOptions);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
         /// Deletes a device.
         /// </summary>
         /// <param name="id">Device Id.</param>
-        /// <response code="200">Device deleted.</response>
+        /// <response code="204">Device deleted.</response>
         /// <response code="404">Device not found.</response>
-        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
+        /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpDelete]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult DeleteDevice([FromQuery, BindRequired] string id)
         {
             var existingDevice = _deviceManager.GetDevice(id);
@@ -150,7 +150,7 @@ namespace Jellyfin.Api.Controllers
                 _sessionManager.Logout(session);
             }
 
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index 8d82ca10f..5af194756 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -99,10 +99,10 @@ namespace Jellyfin.Api.Controllers
         /// <param name="description">The description of the notification.</param>
         /// <param name="url">The URL of the notification.</param>
         /// <param name="level">The level of the notification.</param>
-        /// <response code="200">Notification sent.</response>
-        /// <returns>An <cref see="OkResult"/>.</returns>
+        /// <response code="204">Notification sent.</response>
+        /// <returns>A <cref see="NoContentResult"/>.</returns>
         [HttpPost("Admin")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult CreateAdminNotification(
             [FromQuery] string name,
             [FromQuery] string description,
@@ -121,7 +121,7 @@ namespace Jellyfin.Api.Controllers
 
             _notificationManager.SendNotification(notification, CancellationToken.None);
 
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -129,15 +129,15 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="userId">The userID.</param>
         /// <param name="ids">A comma-separated list of the IDs of notifications which should be set as read.</param>
-        /// <response code="200">Notifications set as read.</response>
-        /// <returns>An <cref see="OkResult"/>.</returns>
+        /// <response code="204">Notifications set as read.</response>
+        /// <returns>A <cref see="NoContentResult"/>.</returns>
         [HttpPost("{UserID}/Read")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SetRead(
             [FromRoute] string userId,
             [FromQuery] string ids)
         {
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -145,15 +145,15 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="userId">The userID.</param>
         /// <param name="ids">A comma-separated list of the IDs of notifications which should be set as unread.</param>
-        /// <response code="200">Notifications set as unread.</response>
-        /// <returns>An <cref see="OkResult"/>.</returns>
+        /// <response code="204">Notifications set as unread.</response>
+        /// <returns>A <cref see="NoContentResult"/>.</returns>
         [HttpPost("{UserID}/Unread")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SetUnread(
             [FromRoute] string userId,
             [FromQuery] string ids)
         {
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index f37319c19..8200f891c 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -72,11 +72,11 @@ namespace Jellyfin.Api.Controllers
         /// <param name="name">Package name.</param>
         /// <param name="assemblyGuid">GUID of the associated assembly.</param>
         /// <param name="version">Optional version. Defaults to latest version.</param>
-        /// <response code="200">Package found.</response>
+        /// <response code="204">Package found.</response>
         /// <response code="404">Package not found.</response>
-        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the package could not be found.</returns>
+        /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the package could not be found.</returns>
         [HttpPost("/Installed/{Name}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [Authorize(Policy = Policies.RequiresElevation)]
         public async Task<ActionResult> InstallPackage(
@@ -98,23 +98,24 @@ namespace Jellyfin.Api.Controllers
 
             await _installationManager.InstallPackage(package).ConfigureAwait(false);
 
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
         /// Cancels a package installation.
         /// </summary>
         /// <param name="id">Installation Id.</param>
-        /// <response code="200">Installation cancelled.</response>
-        /// <returns>An <see cref="OkResult"/> on successfully cancelling a package installation.</returns>
+        /// <response code="204">Installation cancelled.</response>
+        /// <returns>A <see cref="NoContentResult"/> on successfully cancelling a package installation.</returns>
         [HttpDelete("/Installing/{id}")]
         [Authorize(Policy = Policies.RequiresElevation)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public IActionResult CancelPackageInstallation(
             [FromRoute] [Required] string id)
         {
             _installationManager.CancelInstallation(new Guid(id));
 
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs
index 57a02e62a..aae066e0e 100644
--- a/Jellyfin.Api/Controllers/StartupController.cs
+++ b/Jellyfin.Api/Controllers/StartupController.cs
@@ -33,16 +33,16 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Completes the startup wizard.
         /// </summary>
-        /// <response code="200">Startup wizard completed.</response>
-        /// <returns>An <see cref="OkResult"/> indicating success.</returns>
+        /// <response code="204">Startup wizard completed.</response>
+        /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("Complete")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult CompleteWizard()
         {
             _config.Configuration.IsStartupWizardCompleted = true;
             _config.SetOptimalValues();
             _config.SaveConfiguration();
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -70,10 +70,10 @@ namespace Jellyfin.Api.Controllers
         /// <param name="uiCulture">The UI language culture.</param>
         /// <param name="metadataCountryCode">The metadata country code.</param>
         /// <param name="preferredMetadataLanguage">The preferred language for metadata.</param>
-        /// <response code="200">Configuration saved.</response>
-        /// <returns>An <see cref="OkResult"/> indicating success.</returns>
+        /// <response code="204">Configuration saved.</response>
+        /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("Configuration")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateInitialConfiguration(
             [FromForm] string uiCulture,
             [FromForm] string metadataCountryCode,
@@ -83,7 +83,7 @@ namespace Jellyfin.Api.Controllers
             _config.Configuration.MetadataCountryCode = metadataCountryCode;
             _config.Configuration.PreferredMetadataLanguage = preferredMetadataLanguage;
             _config.SaveConfiguration();
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -91,16 +91,16 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="enableRemoteAccess">Enable remote access.</param>
         /// <param name="enableAutomaticPortMapping">Enable UPnP.</param>
-        /// <response code="200">Configuration saved.</response>
-        /// <returns>An <see cref="OkResult"/> indicating success.</returns>
+        /// <response code="204">Configuration saved.</response>
+        /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("RemoteAccess")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SetRemoteAccess([FromForm] bool enableRemoteAccess, [FromForm] bool enableAutomaticPortMapping)
         {
             _config.Configuration.EnableRemoteAccess = enableRemoteAccess;
             _config.Configuration.EnableUPnP = enableAutomaticPortMapping;
             _config.SaveConfiguration();
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -121,13 +121,13 @@ namespace Jellyfin.Api.Controllers
         /// Sets the user name and password.
         /// </summary>
         /// <param name="startupUserDto">The DTO containing username and password.</param>
-        /// <response code="200">Updated user name and password.</response>
+        /// <response code="204">Updated user name and password.</response>
         /// <returns>
         /// A <see cref="Task" /> that represents the asynchronous update operation.
-        /// The task result contains an <see cref="OkResult"/> indicating success.
+        /// The task result contains a <see cref="NoContentResult"/> indicating success.
         /// </returns>
         [HttpPost("User")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> UpdateUser([FromForm] StartupUserDto startupUserDto)
         {
             var user = _userManager.Users.First();
@@ -141,7 +141,7 @@ namespace Jellyfin.Api.Controllers
                 await _userManager.ChangePassword(user, startupUserDto.Password).ConfigureAwait(false);
             }
 
-            return Ok();
+            return NoContent();
         }
     }
 }
-- 
cgit v1.2.3


From c24666253c48ef17402bd8ddb7688821616ec6ba Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Tue, 16 Jun 2020 14:15:58 -0600
Subject: Add Default authorization policy

---
 Jellyfin.Api/Controllers/ConfigurationController.cs    | 2 +-
 Jellyfin.Api/Controllers/DevicesController.cs          | 2 +-
 Jellyfin.Api/Controllers/PackageController.cs          | 2 +-
 Jellyfin.Api/Controllers/SearchController.cs           | 3 ++-
 Jellyfin.Api/Controllers/SubtitleController.cs         | 8 ++++----
 Jellyfin.Api/Controllers/VideoAttachmentsController.cs | 3 ++-
 6 files changed, 11 insertions(+), 9 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 780a38aa8..5d37c9ade 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -18,7 +18,7 @@ namespace Jellyfin.Api.Controllers
     /// Configuration Controller.
     /// </summary>
     [Route("System")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class ConfigurationController : BaseJellyfinApiController
     {
         private readonly IServerConfigurationManager _configurationManager;
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 1754b0cbd..2f5362851 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -17,7 +17,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Devices Controller.
     /// </summary>
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class DevicesController : BaseJellyfinApiController
     {
         private readonly IDeviceManager _deviceManager;
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 8200f891c..b5b21fdee 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -18,7 +18,7 @@ namespace Jellyfin.Api.Controllers
     /// Package Controller.
     /// </summary>
     [Route("Packages")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class PackageController : BaseJellyfinApiController
     {
         private readonly IInstallationManager _installationManager;
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index ec05e4fb4..d971889db 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -3,6 +3,7 @@ using System.ComponentModel;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using MediaBrowser.Controller.Drawing;
 using MediaBrowser.Controller.Dto;
@@ -23,7 +24,7 @@ namespace Jellyfin.Api.Controllers
     /// Search controller.
     /// </summary>
     [Route("/Search/Hints")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class SearchController : BaseJellyfinApiController
     {
         private readonly ISearchEngine _searchEngine;
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 97df8c60d..9aff35996 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -110,7 +110,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Subtitles retrieved.</response>
         /// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns>
         [HttpGet("/Items/{id}/RemoteSearch/Subtitles/{language}")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
             [FromRoute] Guid id,
@@ -130,7 +130,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Subtitle downloaded.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("/Items/{id}/RemoteSearch/Subtitles/{subtitleId}")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> DownloadRemoteSubtitles(
             [FromRoute] Guid id,
@@ -160,7 +160,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">File returned.</response>
         /// <returns>A <see cref="FileStreamResult"/> with the subtitle file.</returns>
         [HttpGet("/Providers/Subtitles/Subtitles/{id}")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [Produces(MediaTypeNames.Application.Octet)]
         public async Task<ActionResult> GetRemoteSubtitles([FromRoute] string id)
@@ -250,7 +250,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Subtitle playlist retrieved.</response>
         /// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns>
         [HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
-        [Authorize]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult> GetSubtitlePlaylist(
             [FromRoute] Guid id,
diff --git a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
index 86d9322fe..32e26ff0b 100644
--- a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
+++ b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
@@ -4,6 +4,7 @@ using System;
 using System.Net.Mime;
 using System.Threading;
 using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.MediaEncoding;
@@ -17,7 +18,7 @@ namespace Jellyfin.Api.Controllers
     /// Attachments controller.
     /// </summary>
     [Route("Videos")]
-    [Authorize]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class VideoAttachmentsController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;
-- 
cgit v1.2.3


From 9a51f484af3dbbb5717a88fb85473aec78234e32 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 18 Jun 2020 07:11:46 -0600
Subject: Remove nullable, add async task

---
 Jellyfin.Api/Controllers/ActivityLogController.cs  |   1 -
 .../Controllers/ConfigurationController.cs         |   2 -
 Jellyfin.Api/Controllers/DevicesController.cs      |   2 -
 Jellyfin.Api/Controllers/FilterController.cs       |   3 +-
 Jellyfin.Api/Controllers/ImageByNameController.cs  |   2 -
 .../Controllers/Images/RemoteImageController.cs    | 267 ---------------------
 Jellyfin.Api/Controllers/ItemRefreshController.cs  |   1 -
 .../Controllers/LibraryStructureController.cs      |  25 +-
 .../Controllers/NotificationsController.cs         |   1 -
 Jellyfin.Api/Controllers/PackageController.cs      |   2 -
 Jellyfin.Api/Controllers/PluginsController.cs      |   3 +-
 Jellyfin.Api/Controllers/RemoteImageController.cs  | 265 ++++++++++++++++++++
 Jellyfin.Api/Controllers/SubtitleController.cs     |   1 -
 .../Controllers/VideoAttachmentsController.cs      |   2 -
 .../ConfigurationDtos/MediaEncoderPathDto.cs       |   2 -
 .../Models/NotificationDtos/NotificationDto.cs     |   2 -
 .../NotificationDtos/NotificationResultDto.cs      |   2 -
 .../NotificationDtos/NotificationsSummaryDto.cs    |   2 -
 .../Models/PluginDtos/MBRegistrationRecord.cs      |   4 +-
 .../Models/PluginDtos/PluginSecurityInfo.cs        |   4 +-
 .../Models/StartupDtos/StartupConfigurationDto.cs  |   8 +-
 Jellyfin.Api/Models/StartupDtos/StartupUserDto.cs  |   6 +-
 22 files changed, 283 insertions(+), 324 deletions(-)
 delete mode 100644 Jellyfin.Api/Controllers/Images/RemoteImageController.cs
 create mode 100644 Jellyfin.Api/Controllers/RemoteImageController.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/ActivityLogController.cs b/Jellyfin.Api/Controllers/ActivityLogController.cs
index 895d9f719..4ae7cf506 100644
--- a/Jellyfin.Api/Controllers/ActivityLogController.cs
+++ b/Jellyfin.Api/Controllers/ActivityLogController.cs
@@ -1,4 +1,3 @@
-#nullable enable
 #pragma warning disable CA1801
 
 using System;
diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 780a38aa8..ae5685156 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System.Text.Json;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 1754b0cbd..1575307c5 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Devices;
diff --git a/Jellyfin.Api/Controllers/FilterController.cs b/Jellyfin.Api/Controllers/FilterController.cs
index 46911ce93..6a6e6a64a 100644
--- a/Jellyfin.Api/Controllers/FilterController.cs
+++ b/Jellyfin.Api/Controllers/FilterController.cs
@@ -1,5 +1,4 @@
-#nullable enable
-#pragma warning disable CA1801
+#pragma warning disable CA1801
 
 using System;
 using System.Linq;
diff --git a/Jellyfin.Api/Controllers/ImageByNameController.cs b/Jellyfin.Api/Controllers/ImageByNameController.cs
index fa46b6dd1..70f46ffa4 100644
--- a/Jellyfin.Api/Controllers/ImageByNameController.cs
+++ b/Jellyfin.Api/Controllers/ImageByNameController.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using System.Collections.Generic;
 using System.IO;
diff --git a/Jellyfin.Api/Controllers/Images/RemoteImageController.cs b/Jellyfin.Api/Controllers/Images/RemoteImageController.cs
deleted file mode 100644
index 7c5f17e9e..000000000
--- a/Jellyfin.Api/Controllers/Images/RemoteImageController.cs
+++ /dev/null
@@ -1,267 +0,0 @@
-#nullable enable
-
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Net.Mime;
-using System.Threading;
-using System.Threading.Tasks;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Providers;
-using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.IO;
-using MediaBrowser.Model.Net;
-using MediaBrowser.Model.Providers;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
-
-namespace Jellyfin.Api.Controllers.Images
-{
-    /// <summary>
-    /// Remote Images Controller.
-    /// </summary>
-    [Route("Images")]
-    [Authorize]
-    public class RemoteImageController : BaseJellyfinApiController
-    {
-        private readonly IProviderManager _providerManager;
-        private readonly IServerApplicationPaths _applicationPaths;
-        private readonly IHttpClient _httpClient;
-        private readonly ILibraryManager _libraryManager;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="RemoteImageController"/> class.
-        /// </summary>
-        /// <param name="providerManager">Instance of the <see cref="IProviderManager"/> interface.</param>
-        /// <param name="applicationPaths">Instance of the <see cref="IServerApplicationPaths"/> interface.</param>
-        /// <param name="httpClient">Instance of the <see cref="IHttpClient"/> interface.</param>
-        /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
-        public RemoteImageController(
-            IProviderManager providerManager,
-            IServerApplicationPaths applicationPaths,
-            IHttpClient httpClient,
-            ILibraryManager libraryManager)
-        {
-            _providerManager = providerManager;
-            _applicationPaths = applicationPaths;
-            _httpClient = httpClient;
-            _libraryManager = libraryManager;
-        }
-
-        /// <summary>
-        /// Gets available remote images for an item.
-        /// </summary>
-        /// <param name="id">Item Id.</param>
-        /// <param name="type">The image type.</param>
-        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
-        /// <param name="limit">Optional. The maximum number of records to return.</param>
-        /// <param name="providerName">Optional. The image provider to use.</param>
-        /// <param name="includeAllLanguages">Optional. Include all languages.</param>
-        /// <response code="200">Remote Images returned.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>Remote Image Result.</returns>
-        [HttpGet("{Id}/RemoteImages")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
-            [FromRoute] string id,
-            [FromQuery] ImageType? type,
-            [FromQuery] int? startIndex,
-            [FromQuery] int? limit,
-            [FromQuery] string providerName,
-            [FromQuery] bool includeAllLanguages)
-        {
-            var item = _libraryManager.GetItemById(id);
-            if (item == null)
-            {
-                return NotFound();
-            }
-
-            var images = await _providerManager.GetAvailableRemoteImages(
-                    item,
-                    new RemoteImageQuery(providerName)
-                    {
-                        IncludeAllLanguages = includeAllLanguages,
-                        IncludeDisabledProviders = true,
-                        ImageType = type
-                    }, CancellationToken.None)
-                .ConfigureAwait(false);
-
-            var imageArray = images.ToArray();
-            var allProviders = _providerManager.GetRemoteImageProviderInfo(item);
-            if (type.HasValue)
-            {
-                allProviders = allProviders.Where(o => o.SupportedImages.Contains(type.Value));
-            }
-
-            var result = new RemoteImageResult
-            {
-                TotalRecordCount = imageArray.Length,
-                Providers = allProviders.Select(o => o.Name)
-                    .Distinct(StringComparer.OrdinalIgnoreCase)
-                    .ToArray()
-            };
-
-            if (startIndex.HasValue)
-            {
-                imageArray = imageArray.Skip(startIndex.Value).ToArray();
-            }
-
-            if (limit.HasValue)
-            {
-                imageArray = imageArray.Take(limit.Value).ToArray();
-            }
-
-            result.Images = imageArray;
-            return result;
-        }
-
-        /// <summary>
-        /// Gets available remote image providers for an item.
-        /// </summary>
-        /// <param name="id">Item Id.</param>
-        /// <response code="200">Returned remote image providers.</response>
-        /// <response code="404">Item not found.</response>
-        /// <returns>List of remote image providers.</returns>
-        [HttpGet("{Id}/RemoteImages/Providers")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute] string id)
-        {
-            var item = _libraryManager.GetItemById(id);
-            if (item == null)
-            {
-                return NotFound();
-            }
-
-            return Ok(_providerManager.GetRemoteImageProviderInfo(item));
-        }
-
-        /// <summary>
-        /// Gets a remote image.
-        /// </summary>
-        /// <param name="imageUrl">The image url.</param>
-        /// <response code="200">Remote image returned.</response>
-        /// <response code="404">Remote image not found.</response>
-        /// <returns>Image Stream.</returns>
-        [HttpGet("Remote")]
-        [Produces(MediaTypeNames.Application.Octet)]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult<FileStreamResult>> GetRemoteImage([FromQuery, BindRequired] string imageUrl)
-        {
-            var urlHash = imageUrl.GetMD5();
-            var pointerCachePath = GetFullCachePath(urlHash.ToString());
-
-            string? contentPath = null;
-            var hasFile = false;
-
-            try
-            {
-                contentPath = await System.IO.File.ReadAllTextAsync(pointerCachePath).ConfigureAwait(false);
-                if (System.IO.File.Exists(contentPath))
-                {
-                    hasFile = true;
-                }
-            }
-            catch (FileNotFoundException)
-            {
-                // The file isn't cached yet
-            }
-            catch (IOException)
-            {
-                // The file isn't cached yet
-            }
-
-            if (!hasFile)
-            {
-                await DownloadImage(imageUrl, urlHash, pointerCachePath).ConfigureAwait(false);
-                contentPath = await System.IO.File.ReadAllTextAsync(pointerCachePath).ConfigureAwait(false);
-            }
-
-            if (string.IsNullOrEmpty(contentPath))
-            {
-                return NotFound();
-            }
-
-            var contentType = MimeTypes.GetMimeType(contentPath);
-            return File(System.IO.File.OpenRead(contentPath), contentType);
-        }
-
-        /// <summary>
-        /// Downloads a remote image for an item.
-        /// </summary>
-        /// <param name="id">Item Id.</param>
-        /// <param name="type">The image type.</param>
-        /// <param name="imageUrl">The image url.</param>
-        /// <response code="200">Remote image downloaded.</response>
-        /// <response code="404">Remote image not found.</response>
-        /// <returns>Download status.</returns>
-        [HttpPost("{Id}/RemoteImages/Download")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult> DownloadRemoteImage(
-            [FromRoute] string id,
-            [FromQuery, BindRequired] ImageType type,
-            [FromQuery] string imageUrl)
-        {
-            var item = _libraryManager.GetItemById(id);
-            if (item == null)
-            {
-                return NotFound();
-            }
-
-            await _providerManager.SaveImage(item, imageUrl, type, null, CancellationToken.None)
-                .ConfigureAwait(false);
-
-            item.UpdateToRepository(ItemUpdateType.ImageUpdate, CancellationToken.None);
-            return Ok();
-        }
-
-        /// <summary>
-        /// Gets the full cache path.
-        /// </summary>
-        /// <param name="filename">The filename.</param>
-        /// <returns>System.String.</returns>
-        private string GetFullCachePath(string filename)
-        {
-            return Path.Combine(_applicationPaths.CachePath, "remote-images", filename.Substring(0, 1), filename);
-        }
-
-        /// <summary>
-        /// Downloads the image.
-        /// </summary>
-        /// <param name="url">The URL.</param>
-        /// <param name="urlHash">The URL hash.</param>
-        /// <param name="pointerCachePath">The pointer cache path.</param>
-        /// <returns>Task.</returns>
-        private async Task DownloadImage(string url, Guid urlHash, string pointerCachePath)
-        {
-            using var result = await _httpClient.GetResponse(new HttpRequestOptions
-            {
-                Url = url,
-                BufferContent = false
-            }).ConfigureAwait(false);
-            var ext = result.ContentType.Split('/').Last();
-
-            var fullCachePath = GetFullCachePath(urlHash + "." + ext);
-
-            Directory.CreateDirectory(Path.GetDirectoryName(fullCachePath));
-            await using (var stream = result.Content)
-            {
-                await using var fileStream = new FileStream(fullCachePath, FileMode.Create, FileAccess.Write, FileShare.Read, IODefaults.FileStreamBufferSize, true);
-                await stream.CopyToAsync(fileStream).ConfigureAwait(false);
-            }
-
-            Directory.CreateDirectory(Path.GetDirectoryName(pointerCachePath));
-            await System.IO.File.WriteAllTextAsync(pointerCachePath, fullCachePath, CancellationToken.None)
-                .ConfigureAwait(false);
-        }
-    }
-}
diff --git a/Jellyfin.Api/Controllers/ItemRefreshController.cs b/Jellyfin.Api/Controllers/ItemRefreshController.cs
index d9b8357d2..a1df22e41 100644
--- a/Jellyfin.Api/Controllers/ItemRefreshController.cs
+++ b/Jellyfin.Api/Controllers/ItemRefreshController.cs
@@ -1,4 +1,3 @@
-#nullable enable
 #pragma warning disable CA1801
 
 using System.ComponentModel;
diff --git a/Jellyfin.Api/Controllers/LibraryStructureController.cs b/Jellyfin.Api/Controllers/LibraryStructureController.cs
index a989efe7f..ca2905b11 100644
--- a/Jellyfin.Api/Controllers/LibraryStructureController.cs
+++ b/Jellyfin.Api/Controllers/LibraryStructureController.cs
@@ -1,4 +1,3 @@
-#nullable enable
 #pragma warning disable CA1801
 
 using System;
@@ -175,20 +174,18 @@ namespace Jellyfin.Api.Controllers
             {
                 CollectionFolder.OnCollectionFolderChange();
 
-                Task.Run(() =>
+                Task.Run(async () =>
                 {
                     // No need to start if scanning the library because it will handle it
                     if (refreshLibrary)
                     {
-                        _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None);
+                        await _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None).ConfigureAwait(false);
                     }
                     else
                     {
                         // Need to add a delay here or directory watchers may still pick up the changes
-                        var task = Task.Delay(1000);
                         // Have to block here to allow exceptions to bubble
-                        Task.WaitAll(task);
-
+                        await Task.Delay(1000).ConfigureAwait(false);
                         _libraryMonitor.Start();
                     }
                 });
@@ -230,20 +227,18 @@ namespace Jellyfin.Api.Controllers
             }
             finally
             {
-                Task.Run(() =>
+                Task.Run(async () =>
                 {
                     // No need to start if scanning the library because it will handle it
                     if (refreshLibrary)
                     {
-                        _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None);
+                        await _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None).ConfigureAwait(false);
                     }
                     else
                     {
                         // Need to add a delay here or directory watchers may still pick up the changes
-                        var task = Task.Delay(1000);
                         // Have to block here to allow exceptions to bubble
-                        Task.WaitAll(task);
-
+                        await Task.Delay(1000).ConfigureAwait(false);
                         _libraryMonitor.Start();
                     }
                 });
@@ -304,20 +299,18 @@ namespace Jellyfin.Api.Controllers
             }
             finally
             {
-                Task.Run(() =>
+                Task.Run(async () =>
                 {
                     // No need to start if scanning the library because it will handle it
                     if (refreshLibrary)
                     {
-                        _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None);
+                        await _libraryManager.ValidateMediaLibrary(new SimpleProgress<double>(), CancellationToken.None).ConfigureAwait(false);
                     }
                     else
                     {
                         // Need to add a delay here or directory watchers may still pick up the changes
-                        var task = Task.Delay(1000);
                         // Have to block here to allow exceptions to bubble
-                        Task.WaitAll(task);
-
+                        await Task.Delay(1000).ConfigureAwait(false);
                         _libraryMonitor.Start();
                     }
                 });
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index a76675d5a..a1f9b9e8f 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -1,4 +1,3 @@
-#nullable enable
 #pragma warning disable CA1801
 
 using System;
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 8200f891c..4f125f16b 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index 59196a41a..fdb2f4c35 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -1,5 +1,4 @@
-#nullable enable
-#pragma warning disable CA1801
+#pragma warning disable CA1801
 
 using System;
 using System.Collections.Generic;
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
new file mode 100644
index 000000000..80983ee64
--- /dev/null
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -0,0 +1,265 @@
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System.Net.Mime;
+using System.Threading;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Providers;
+using MediaBrowser.Model.Entities;
+using MediaBrowser.Model.IO;
+using MediaBrowser.Model.Net;
+using MediaBrowser.Model.Providers;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ModelBinding;
+
+namespace Jellyfin.Api.Controllers
+{
+    /// <summary>
+    /// Remote Images Controller.
+    /// </summary>
+    [Route("Images")]
+    [Authorize]
+    public class RemoteImageController : BaseJellyfinApiController
+    {
+        private readonly IProviderManager _providerManager;
+        private readonly IServerApplicationPaths _applicationPaths;
+        private readonly IHttpClient _httpClient;
+        private readonly ILibraryManager _libraryManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RemoteImageController"/> class.
+        /// </summary>
+        /// <param name="providerManager">Instance of the <see cref="IProviderManager"/> interface.</param>
+        /// <param name="applicationPaths">Instance of the <see cref="IServerApplicationPaths"/> interface.</param>
+        /// <param name="httpClient">Instance of the <see cref="IHttpClient"/> interface.</param>
+        /// <param name="libraryManager">Instance of the <see cref="ILibraryManager"/> interface.</param>
+        public RemoteImageController(
+            IProviderManager providerManager,
+            IServerApplicationPaths applicationPaths,
+            IHttpClient httpClient,
+            ILibraryManager libraryManager)
+        {
+            _providerManager = providerManager;
+            _applicationPaths = applicationPaths;
+            _httpClient = httpClient;
+            _libraryManager = libraryManager;
+        }
+
+        /// <summary>
+        /// Gets available remote images for an item.
+        /// </summary>
+        /// <param name="id">Item Id.</param>
+        /// <param name="type">The image type.</param>
+        /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
+        /// <param name="limit">Optional. The maximum number of records to return.</param>
+        /// <param name="providerName">Optional. The image provider to use.</param>
+        /// <param name="includeAllLanguages">Optional. Include all languages.</param>
+        /// <response code="200">Remote Images returned.</response>
+        /// <response code="404">Item not found.</response>
+        /// <returns>Remote Image Result.</returns>
+        [HttpGet("{Id}/RemoteImages")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
+            [FromRoute] string id,
+            [FromQuery] ImageType? type,
+            [FromQuery] int? startIndex,
+            [FromQuery] int? limit,
+            [FromQuery] string providerName,
+            [FromQuery] bool includeAllLanguages)
+        {
+            var item = _libraryManager.GetItemById(id);
+            if (item == null)
+            {
+                return NotFound();
+            }
+
+            var images = await _providerManager.GetAvailableRemoteImages(
+                    item,
+                    new RemoteImageQuery(providerName)
+                    {
+                        IncludeAllLanguages = includeAllLanguages,
+                        IncludeDisabledProviders = true,
+                        ImageType = type
+                    }, CancellationToken.None)
+                .ConfigureAwait(false);
+
+            var imageArray = images.ToArray();
+            var allProviders = _providerManager.GetRemoteImageProviderInfo(item);
+            if (type.HasValue)
+            {
+                allProviders = allProviders.Where(o => o.SupportedImages.Contains(type.Value));
+            }
+
+            var result = new RemoteImageResult
+            {
+                TotalRecordCount = imageArray.Length,
+                Providers = allProviders.Select(o => o.Name)
+                    .Distinct(StringComparer.OrdinalIgnoreCase)
+                    .ToArray()
+            };
+
+            if (startIndex.HasValue)
+            {
+                imageArray = imageArray.Skip(startIndex.Value).ToArray();
+            }
+
+            if (limit.HasValue)
+            {
+                imageArray = imageArray.Take(limit.Value).ToArray();
+            }
+
+            result.Images = imageArray;
+            return result;
+        }
+
+        /// <summary>
+        /// Gets available remote image providers for an item.
+        /// </summary>
+        /// <param name="id">Item Id.</param>
+        /// <response code="200">Returned remote image providers.</response>
+        /// <response code="404">Item not found.</response>
+        /// <returns>List of remote image providers.</returns>
+        [HttpGet("{Id}/RemoteImages/Providers")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute] string id)
+        {
+            var item = _libraryManager.GetItemById(id);
+            if (item == null)
+            {
+                return NotFound();
+            }
+
+            return Ok(_providerManager.GetRemoteImageProviderInfo(item));
+        }
+
+        /// <summary>
+        /// Gets a remote image.
+        /// </summary>
+        /// <param name="imageUrl">The image url.</param>
+        /// <response code="200">Remote image returned.</response>
+        /// <response code="404">Remote image not found.</response>
+        /// <returns>Image Stream.</returns>
+        [HttpGet("Remote")]
+        [Produces(MediaTypeNames.Application.Octet)]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult<FileStreamResult>> GetRemoteImage([FromQuery, BindRequired] string imageUrl)
+        {
+            var urlHash = imageUrl.GetMD5();
+            var pointerCachePath = GetFullCachePath(urlHash.ToString());
+
+            string? contentPath = null;
+            var hasFile = false;
+
+            try
+            {
+                contentPath = await System.IO.File.ReadAllTextAsync(pointerCachePath).ConfigureAwait(false);
+                if (System.IO.File.Exists(contentPath))
+                {
+                    hasFile = true;
+                }
+            }
+            catch (FileNotFoundException)
+            {
+                // The file isn't cached yet
+            }
+            catch (IOException)
+            {
+                // The file isn't cached yet
+            }
+
+            if (!hasFile)
+            {
+                await DownloadImage(imageUrl, urlHash, pointerCachePath).ConfigureAwait(false);
+                contentPath = await System.IO.File.ReadAllTextAsync(pointerCachePath).ConfigureAwait(false);
+            }
+
+            if (string.IsNullOrEmpty(contentPath))
+            {
+                return NotFound();
+            }
+
+            var contentType = MimeTypes.GetMimeType(contentPath);
+            return File(System.IO.File.OpenRead(contentPath), contentType);
+        }
+
+        /// <summary>
+        /// Downloads a remote image for an item.
+        /// </summary>
+        /// <param name="id">Item Id.</param>
+        /// <param name="type">The image type.</param>
+        /// <param name="imageUrl">The image url.</param>
+        /// <response code="200">Remote image downloaded.</response>
+        /// <response code="404">Remote image not found.</response>
+        /// <returns>Download status.</returns>
+        [HttpPost("{Id}/RemoteImages/Download")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult> DownloadRemoteImage(
+            [FromRoute] string id,
+            [FromQuery, BindRequired] ImageType type,
+            [FromQuery] string imageUrl)
+        {
+            var item = _libraryManager.GetItemById(id);
+            if (item == null)
+            {
+                return NotFound();
+            }
+
+            await _providerManager.SaveImage(item, imageUrl, type, null, CancellationToken.None)
+                .ConfigureAwait(false);
+
+            item.UpdateToRepository(ItemUpdateType.ImageUpdate, CancellationToken.None);
+            return Ok();
+        }
+
+        /// <summary>
+        /// Gets the full cache path.
+        /// </summary>
+        /// <param name="filename">The filename.</param>
+        /// <returns>System.String.</returns>
+        private string GetFullCachePath(string filename)
+        {
+            return Path.Combine(_applicationPaths.CachePath, "remote-images", filename.Substring(0, 1), filename);
+        }
+
+        /// <summary>
+        /// Downloads the image.
+        /// </summary>
+        /// <param name="url">The URL.</param>
+        /// <param name="urlHash">The URL hash.</param>
+        /// <param name="pointerCachePath">The pointer cache path.</param>
+        /// <returns>Task.</returns>
+        private async Task DownloadImage(string url, Guid urlHash, string pointerCachePath)
+        {
+            using var result = await _httpClient.GetResponse(new HttpRequestOptions
+            {
+                Url = url,
+                BufferContent = false
+            }).ConfigureAwait(false);
+            var ext = result.ContentType.Split('/').Last();
+
+            var fullCachePath = GetFullCachePath(urlHash + "." + ext);
+
+            Directory.CreateDirectory(Path.GetDirectoryName(fullCachePath));
+            await using (var stream = result.Content)
+            {
+                await using var fileStream = new FileStream(fullCachePath, FileMode.Create, FileAccess.Write, FileShare.Read, IODefaults.FileStreamBufferSize, true);
+                await stream.CopyToAsync(fileStream).ConfigureAwait(false);
+            }
+
+            Directory.CreateDirectory(Path.GetDirectoryName(pointerCachePath));
+            await System.IO.File.WriteAllTextAsync(pointerCachePath, fullCachePath, CancellationToken.None)
+                .ConfigureAwait(false);
+        }
+    }
+}
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 97df8c60d..caf30031b 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -1,4 +1,3 @@
-#nullable enable
 #pragma warning disable CA1801
 
 using System;
diff --git a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
index 86d9322fe..268aecad8 100644
--- a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
+++ b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using System.Net.Mime;
 using System.Threading;
diff --git a/Jellyfin.Api/Models/ConfigurationDtos/MediaEncoderPathDto.cs b/Jellyfin.Api/Models/ConfigurationDtos/MediaEncoderPathDto.cs
index 3706a11e3..3b827ec12 100644
--- a/Jellyfin.Api/Models/ConfigurationDtos/MediaEncoderPathDto.cs
+++ b/Jellyfin.Api/Models/ConfigurationDtos/MediaEncoderPathDto.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 namespace Jellyfin.Api.Models.ConfigurationDtos
 {
     /// <summary>
diff --git a/Jellyfin.Api/Models/NotificationDtos/NotificationDto.cs b/Jellyfin.Api/Models/NotificationDtos/NotificationDto.cs
index 502b22623..af5239ec2 100644
--- a/Jellyfin.Api/Models/NotificationDtos/NotificationDto.cs
+++ b/Jellyfin.Api/Models/NotificationDtos/NotificationDto.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using MediaBrowser.Model.Notifications;
 
diff --git a/Jellyfin.Api/Models/NotificationDtos/NotificationResultDto.cs b/Jellyfin.Api/Models/NotificationDtos/NotificationResultDto.cs
index e34e176cb..64e92bd83 100644
--- a/Jellyfin.Api/Models/NotificationDtos/NotificationResultDto.cs
+++ b/Jellyfin.Api/Models/NotificationDtos/NotificationResultDto.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using System;
 using System.Collections.Generic;
 
diff --git a/Jellyfin.Api/Models/NotificationDtos/NotificationsSummaryDto.cs b/Jellyfin.Api/Models/NotificationDtos/NotificationsSummaryDto.cs
index b3746ee2d..0568dea66 100644
--- a/Jellyfin.Api/Models/NotificationDtos/NotificationsSummaryDto.cs
+++ b/Jellyfin.Api/Models/NotificationDtos/NotificationsSummaryDto.cs
@@ -1,5 +1,3 @@
-#nullable enable
-
 using MediaBrowser.Model.Notifications;
 
 namespace Jellyfin.Api.Models.NotificationDtos
diff --git a/Jellyfin.Api/Models/PluginDtos/MBRegistrationRecord.cs b/Jellyfin.Api/Models/PluginDtos/MBRegistrationRecord.cs
index aaaf54267..7f1255f4b 100644
--- a/Jellyfin.Api/Models/PluginDtos/MBRegistrationRecord.cs
+++ b/Jellyfin.Api/Models/PluginDtos/MBRegistrationRecord.cs
@@ -1,6 +1,4 @@
-#nullable enable
-
-using System;
+using System;
 
 namespace Jellyfin.Api.Models.PluginDtos
 {
diff --git a/Jellyfin.Api/Models/PluginDtos/PluginSecurityInfo.cs b/Jellyfin.Api/Models/PluginDtos/PluginSecurityInfo.cs
index 793002a6c..a90398425 100644
--- a/Jellyfin.Api/Models/PluginDtos/PluginSecurityInfo.cs
+++ b/Jellyfin.Api/Models/PluginDtos/PluginSecurityInfo.cs
@@ -1,6 +1,4 @@
-#nullable enable
-
-namespace Jellyfin.Api.Models.PluginDtos
+namespace Jellyfin.Api.Models.PluginDtos
 {
     /// <summary>
     /// Plugin security info.
diff --git a/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs b/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
index 5a83a030d..a5f012245 100644
--- a/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
+++ b/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 namespace Jellyfin.Api.Models.StartupDtos
 {
     /// <summary>
@@ -10,16 +8,16 @@ namespace Jellyfin.Api.Models.StartupDtos
         /// <summary>
         /// Gets or sets UI language culture.
         /// </summary>
-        public string UICulture { get; set; }
+        public string? UICulture { get; set; }
 
         /// <summary>
         /// Gets or sets the metadata country code.
         /// </summary>
-        public string MetadataCountryCode { get; set; }
+        public string? MetadataCountryCode { get; set; }
 
         /// <summary>
         /// Gets or sets the preferred language for the metadata.
         /// </summary>
-        public string PreferredMetadataLanguage { get; set; }
+        public string? PreferredMetadataLanguage { get; set; }
     }
 }
diff --git a/Jellyfin.Api/Models/StartupDtos/StartupUserDto.cs b/Jellyfin.Api/Models/StartupDtos/StartupUserDto.cs
index 0dbb245ec..e4c973548 100644
--- a/Jellyfin.Api/Models/StartupDtos/StartupUserDto.cs
+++ b/Jellyfin.Api/Models/StartupDtos/StartupUserDto.cs
@@ -1,5 +1,3 @@
-#nullable disable
-
 namespace Jellyfin.Api.Models.StartupDtos
 {
     /// <summary>
@@ -10,11 +8,11 @@ namespace Jellyfin.Api.Models.StartupDtos
         /// <summary>
         /// Gets or sets the username.
         /// </summary>
-        public string Name { get; set; }
+        public string? Name { get; set; }
 
         /// <summary>
         /// Gets or sets the user's password.
         /// </summary>
-        public string Password { get; set; }
+        public string? Password { get; set; }
     }
 }
-- 
cgit v1.2.3


From 10ddbc34ecfc5542f3b32fe3cc4740e30b62cccd Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sat, 20 Jun 2020 18:02:07 -0600
Subject: Add missing attributes, fix response codes, fix route parameter
 casing

---
 .../Controllers/ConfigurationController.cs         |  4 +-
 Jellyfin.Api/Controllers/DevicesController.cs      |  1 +
 .../Controllers/DisplayPreferencesController.cs    | 22 +++----
 Jellyfin.Api/Controllers/ImageByNameController.cs  |  6 +-
 Jellyfin.Api/Controllers/ItemRefreshController.cs  | 15 +++--
 .../Controllers/NotificationsController.cs         |  8 +--
 Jellyfin.Api/Controllers/PackageController.cs      | 19 +++---
 Jellyfin.Api/Controllers/PluginsController.cs      | 28 +++++---
 Jellyfin.Api/Controllers/RemoteImageController.cs  | 30 ++++-----
 Jellyfin.Api/Controllers/SessionController.cs      | 72 ++++++++++-----------
 Jellyfin.Api/Controllers/SubtitleController.cs     | 54 ++++++++--------
 Jellyfin.Api/Controllers/UserController.cs         | 74 +++++++++++-----------
 .../Controllers/VideoAttachmentsController.cs      |  2 +-
 13 files changed, 172 insertions(+), 163 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 74f1677bd..d275ed2eb 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -68,7 +68,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="key">Configuration key.</param>
         /// <response code="200">Configuration returned.</response>
         /// <returns>Configuration.</returns>
-        [HttpGet("Configuration/{Key}")]
+        [HttpGet("Configuration/{key}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<object> GetNamedConfiguration([FromRoute] string key)
         {
@@ -81,7 +81,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="key">Configuration key.</param>
         /// <response code="204">Named configuration updated.</response>
         /// <returns>Update status.</returns>
-        [HttpPost("Configuration/{Key}")]
+        [HttpPost("Configuration/{key}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> UpdateNamedConfiguration([FromRoute] string key)
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 78368eed6..55ca7b7c0 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -133,6 +133,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult DeleteDevice([FromQuery, BindRequired] string id)
         {
             var existingDevice = _deviceManager.GetDevice(id);
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 697a0baf4..56ac215a9 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using System.Diagnostics.CodeAnalysis;
 using System.Threading;
 using MediaBrowser.Controller.Persistence;
 using MediaBrowser.Model.Entities;
@@ -34,9 +35,8 @@ namespace Jellyfin.Api.Controllers
         /// <param name="client">Client.</param>
         /// <response code="200">Display preferences retrieved.</response>
         /// <returns>An <see cref="OkResult"/> containing the display preferences on success, or a <see cref="NotFoundResult"/> if the display preferences could not be found.</returns>
-        [HttpGet("{DisplayPreferencesId}")]
+        [HttpGet("{displayPreferencesId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<DisplayPreferences> GetDisplayPreferences(
             [FromRoute] string displayPreferencesId,
             [FromQuery] [Required] string userId,
@@ -52,30 +52,24 @@ namespace Jellyfin.Api.Controllers
         /// <param name="userId">User Id.</param>
         /// <param name="client">Client.</param>
         /// <param name="displayPreferences">New Display Preferences object.</param>
-        /// <response code="200">Display preferences updated.</response>
-        /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the display preferences could not be found.</returns>
-        [HttpPost("{DisplayPreferencesId}")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
-        [ProducesResponseType(typeof(ModelStateDictionary), StatusCodes.Status400BadRequest)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        /// <response code="204">Display preferences updated.</response>
+        /// <returns>An <see cref="OkResult"/> on success.</returns>
+        [HttpPost("{displayPreferencesId}")]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "displayPreferencesId", Justification = "Imported from ServiceStack")]
         public ActionResult UpdateDisplayPreferences(
             [FromRoute] string displayPreferencesId,
             [FromQuery, BindRequired] string userId,
             [FromQuery, BindRequired] string client,
             [FromBody, BindRequired] DisplayPreferences displayPreferences)
         {
-            if (displayPreferencesId == null)
-            {
-                // TODO - refactor so parameter doesn't exist or is actually used.
-            }
-
             _displayPreferencesRepository.SaveDisplayPreferences(
                 displayPreferences,
                 userId,
                 client,
                 CancellationToken.None);
 
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/ImageByNameController.cs b/Jellyfin.Api/Controllers/ImageByNameController.cs
index 70f46ffa4..0e3c32d3c 100644
--- a/Jellyfin.Api/Controllers/ImageByNameController.cs
+++ b/Jellyfin.Api/Controllers/ImageByNameController.cs
@@ -58,7 +58,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Image stream retrieved.</response>
         /// <response code="404">Image not found.</response>
         /// <returns>A <see cref="FileStreamResult"/> containing the image contents on success, or a <see cref="NotFoundResult"/> if the image could not be found.</returns>
-        [HttpGet("General/{Name}/{Type}")]
+        [HttpGet("General/{name}/{type}")]
         [AllowAnonymous]
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
@@ -103,7 +103,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Image stream retrieved.</response>
         /// <response code="404">Image not found.</response>
         /// <returns>A <see cref="FileStreamResult"/> containing the image contents on success, or a <see cref="NotFoundResult"/> if the image could not be found.</returns>
-        [HttpGet("Ratings/{Theme}/{Name}")]
+        [HttpGet("Ratings/{theme}/{name}")]
         [AllowAnonymous]
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
@@ -136,7 +136,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Image stream retrieved.</response>
         /// <response code="404">Image not found.</response>
         /// <returns>A <see cref="FileStreamResult"/> containing the image contents on success, or a <see cref="NotFoundResult"/> if the image could not be found.</returns>
-        [HttpGet("MediaInfo/{Theme}/{Name}")]
+        [HttpGet("MediaInfo/{theme}/{name}")]
         [AllowAnonymous]
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
diff --git a/Jellyfin.Api/Controllers/ItemRefreshController.cs b/Jellyfin.Api/Controllers/ItemRefreshController.cs
index 6a16a89c5..f10f9fb3d 100644
--- a/Jellyfin.Api/Controllers/ItemRefreshController.cs
+++ b/Jellyfin.Api/Controllers/ItemRefreshController.cs
@@ -1,3 +1,4 @@
+using System;
 using System.ComponentModel;
 using System.Diagnostics.CodeAnalysis;
 using MediaBrowser.Controller.Library;
@@ -40,29 +41,29 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Refreshes metadata for an item.
         /// </summary>
-        /// <param name="id">Item id.</param>
+        /// <param name="itemId">Item id.</param>
         /// <param name="metadataRefreshMode">(Optional) Specifies the metadata refresh mode.</param>
         /// <param name="imageRefreshMode">(Optional) Specifies the image refresh mode.</param>
         /// <param name="replaceAllMetadata">(Optional) Determines if metadata should be replaced. Only applicable if mode is FullRefresh.</param>
         /// <param name="replaceAllImages">(Optional) Determines if images should be replaced. Only applicable if mode is FullRefresh.</param>
         /// <param name="recursive">(Unused) Indicates if the refresh should occur recursively.</param>
-        /// <response code="200">Item metadata refresh queued.</response>
+        /// <response code="204">Item metadata refresh queued.</response>
         /// <response code="404">Item to refresh not found.</response>
         /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the item could not be found.</returns>
-        [HttpPost("{Id}/Refresh")]
+        [HttpPost("{itemId}/Refresh")]
         [Description("Refreshes metadata for an item.")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "recursive", Justification = "Imported from ServiceStack")]
         public ActionResult Post(
-            [FromRoute] string id,
+            [FromRoute] Guid itemId,
             [FromQuery] MetadataRefreshMode metadataRefreshMode = MetadataRefreshMode.None,
             [FromQuery] MetadataRefreshMode imageRefreshMode = MetadataRefreshMode.None,
             [FromQuery] bool replaceAllMetadata = false,
             [FromQuery] bool replaceAllImages = false,
             [FromQuery] bool recursive = false)
         {
-            var item = _libraryManager.GetItemById(id);
+            var item = _libraryManager.GetItemById(itemId);
             if (item == null)
             {
                 return NotFound();
@@ -82,7 +83,7 @@ namespace Jellyfin.Api.Controllers
             };
 
             _providerManager.QueueRefresh(item.Id, refreshOptions, RefreshPriority.High);
-            return Ok();
+            return NoContent();
         }
     }
 }
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index 01dd23c77..f22636489 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -42,7 +42,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="limit">An optional limit on the number of notifications returned.</param>
         /// <response code="200">Notifications returned.</response>
         /// <returns>An <see cref="OkResult"/> containing a list of notifications.</returns>
-        [HttpGet("{UserID}")]
+        [HttpGet("{userId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isRead", Justification = "Imported from ServiceStack")]
@@ -63,7 +63,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="userId">The user's ID.</param>
         /// <response code="200">Summary of user's notifications returned.</response>
         /// <returns>An <cref see="OkResult"/> containing a summary of the users notifications.</returns>
-        [HttpGet("{UserID}/Summary")]
+        [HttpGet("{userId}/Summary")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
         public ActionResult<NotificationsSummaryDto> GetNotificationsSummary(
@@ -138,7 +138,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="ids">A comma-separated list of the IDs of notifications which should be set as read.</param>
         /// <response code="204">Notifications set as read.</response>
         /// <returns>A <cref see="NoContentResult"/>.</returns>
-        [HttpPost("{UserID}/Read")]
+        [HttpPost("{userId}/Read")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
@@ -156,7 +156,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="ids">A comma-separated list of the IDs of notifications which should be set as unread.</param>
         /// <response code="204">Notifications set as unread.</response>
         /// <returns>A <cref see="NoContentResult"/>.</returns>
-        [HttpPost("{UserID}/Unread")]
+        [HttpPost("{userId}/Unread")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "userId", Justification = "Imported from ServiceStack")]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "ids", Justification = "Imported from ServiceStack")]
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 943c23f8e..486575d23 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -35,9 +35,10 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="name">The name of the package.</param>
         /// <param name="assemblyGuid">The GUID of the associated assembly.</param>
+        /// <response code="200">Package retrieved.</response>
         /// <returns>A <see cref="PackageInfo"/> containing package information.</returns>
-        [HttpGet("/{Name}")]
-        [ProducesResponseType(typeof(PackageInfo), StatusCodes.Status200OK)]
+        [HttpGet("/{name}")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<PackageInfo>> GetPackageInfo(
             [FromRoute] [Required] string name,
             [FromQuery] string? assemblyGuid)
@@ -54,9 +55,10 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets available packages.
         /// </summary>
+        /// <response code="200">Available packages returned.</response>
         /// <returns>An <see cref="PackageInfo"/> containing available packages information.</returns>
         [HttpGet]
-        [ProducesResponseType(typeof(PackageInfo[]), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<IEnumerable<PackageInfo>> GetPackages()
         {
             IEnumerable<PackageInfo> packages = await _installationManager.GetAvailablePackages().ConfigureAwait(false);
@@ -73,7 +75,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Package found.</response>
         /// <response code="404">Package not found.</response>
         /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the package could not be found.</returns>
-        [HttpPost("/Installed/{Name}")]
+        [HttpPost("/Installed/{name}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [Authorize(Policy = Policies.RequiresElevation)]
@@ -102,17 +104,16 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Cancels a package installation.
         /// </summary>
-        /// <param name="id">Installation Id.</param>
+        /// <param name="packageId">Installation Id.</param>
         /// <response code="204">Installation cancelled.</response>
         /// <returns>A <see cref="NoContentResult"/> on successfully cancelling a package installation.</returns>
-        [HttpDelete("/Installing/{id}")]
+        [HttpDelete("/Installing/{packageId}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public IActionResult CancelPackageInstallation(
-            [FromRoute] [Required] string id)
+            [FromRoute] [Required] Guid packageId)
         {
-            _installationManager.CancelInstallation(new Guid(id));
-
+            _installationManager.CancelInstallation(packageId);
             return NoContent();
         }
     }
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index 6075544cf..8a0913307 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -11,6 +11,7 @@ using MediaBrowser.Common.Plugins;
 using MediaBrowser.Common.Updates;
 using MediaBrowser.Model.Plugins;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
 
@@ -45,6 +46,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Installed plugins returned.</response>
         /// <returns>List of currently installed plugins.</returns>
         [HttpGet]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "isAppStoreEnabled", Justification = "Imported from ServiceStack")]
         public ActionResult<IEnumerable<PluginInfo>> GetPlugins([FromRoute] bool? isAppStoreEnabled)
         {
@@ -55,11 +57,13 @@ namespace Jellyfin.Api.Controllers
         /// Uninstalls a plugin.
         /// </summary>
         /// <param name="pluginId">Plugin id.</param>
-        /// <response code="200">Plugin uninstalled.</response>
+        /// <response code="204">Plugin uninstalled.</response>
         /// <response code="404">Plugin not found.</response>
         /// <returns>An <see cref="OkResult"/> on success, or a <see cref="NotFoundResult"/> if the file could not be found.</returns>
         [HttpDelete("{pluginId}")]
         [Authorize(Policy = Policies.RequiresElevation)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UninstallPlugin([FromRoute] Guid pluginId)
         {
             var plugin = _appHost.Plugins.FirstOrDefault(p => p.Id == pluginId);
@@ -69,7 +73,7 @@ namespace Jellyfin.Api.Controllers
             }
 
             _installationManager.UninstallPlugin(plugin);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -80,6 +84,8 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Plugin not found or plugin configuration not found.</response>
         /// <returns>Plugin configuration.</returns>
         [HttpGet("{pluginId}/Configuration")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<BasePluginConfiguration> GetPluginConfiguration([FromRoute] Guid pluginId)
         {
             if (!(_appHost.Plugins.FirstOrDefault(p => p.Id == pluginId) is IHasPluginConfiguration plugin))
@@ -97,14 +103,16 @@ namespace Jellyfin.Api.Controllers
         /// Accepts plugin configuration as JSON body.
         /// </remarks>
         /// <param name="pluginId">Plugin id.</param>
-        /// <response code="200">Plugin configuration updated.</response>
-        /// <response code="200">Plugin not found or plugin does not have configuration.</response>
+        /// <response code="204">Plugin configuration updated.</response>
+        /// <response code="404">Plugin not found or plugin does not have configuration.</response>
         /// <returns>
         /// A <see cref="Task" /> that represents the asynchronous operation to update plugin configuration.
         ///    The task result contains an <see cref="OkResult"/> indicating success, or <see cref="NotFoundResult"/>
         ///    when plugin not found or plugin doesn't have configuration.
         /// </returns>
         [HttpPost("{pluginId}/Configuration")]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> UpdatePluginConfiguration([FromRoute] Guid pluginId)
         {
             if (!(_appHost.Plugins.FirstOrDefault(p => p.Id == pluginId) is IHasPluginConfiguration plugin))
@@ -116,7 +124,7 @@ namespace Jellyfin.Api.Controllers
                 .ConfigureAwait(false);
 
             plugin.UpdateConfiguration(configuration);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -126,6 +134,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Plugin security info.</returns>
         [Obsolete("This endpoint should not be used.")]
         [HttpGet("SecurityInfo")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<PluginSecurityInfo> GetPluginSecurityInfo()
         {
             return new PluginSecurityInfo
@@ -139,14 +148,15 @@ namespace Jellyfin.Api.Controllers
         /// Updates plugin security info.
         /// </summary>
         /// <param name="pluginSecurityInfo">Plugin security info.</param>
-        /// <response code="200">Plugin security info updated.</response>
-        /// <returns>An <see cref="OkResult"/>.</returns>
+        /// <response code="204">Plugin security info updated.</response>
+        /// <returns>An <see cref="NoContentResult"/>.</returns>
         [Obsolete("This endpoint should not be used.")]
         [HttpPost("SecurityInfo")]
         [Authorize(Policy = Policies.RequiresElevation)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdatePluginSecurityInfo([FromBody, BindRequired] PluginSecurityInfo pluginSecurityInfo)
         {
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
@@ -157,6 +167,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Mb registration record.</returns>
         [Obsolete("This endpoint should not be used.")]
         [HttpPost("RegistrationRecords/{name}")]
+        [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<MBRegistrationRecord> GetRegistrationStatus([FromRoute] string name)
         {
             return new MBRegistrationRecord
@@ -178,6 +189,7 @@ namespace Jellyfin.Api.Controllers
         /// <exception cref="NotImplementedException">This endpoint is not implemented.</exception>
         [Obsolete("Paid plugins are not supported")]
         [HttpGet("/Registrations/{name}")]
+        [ProducesResponseType(StatusCodes.Status501NotImplemented)]
         public ActionResult GetRegistration([FromRoute] string name)
         {
             // TODO Once we have proper apps and plugins and decide to break compatibility with paid plugins,
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index 80983ee64..41b7f98ee 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -55,7 +55,7 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets available remote images for an item.
         /// </summary>
-        /// <param name="id">Item Id.</param>
+        /// <param name="itemId">Item Id.</param>
         /// <param name="type">The image type.</param>
         /// <param name="startIndex">Optional. The record index to start at. All items with a lower index will be dropped from the results.</param>
         /// <param name="limit">Optional. The maximum number of records to return.</param>
@@ -64,18 +64,18 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Remote Images returned.</response>
         /// <response code="404">Item not found.</response>
         /// <returns>Remote Image Result.</returns>
-        [HttpGet("{Id}/RemoteImages")]
+        [HttpGet("{itemId}/RemoteImages")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<RemoteImageResult>> GetRemoteImages(
-            [FromRoute] string id,
+            [FromRoute] Guid itemId,
             [FromQuery] ImageType? type,
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] string providerName,
             [FromQuery] bool includeAllLanguages)
         {
-            var item = _libraryManager.GetItemById(id);
+            var item = _libraryManager.GetItemById(itemId);
             if (item == null)
             {
                 return NotFound();
@@ -123,16 +123,16 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets available remote image providers for an item.
         /// </summary>
-        /// <param name="id">Item Id.</param>
+        /// <param name="itemId">Item Id.</param>
         /// <response code="200">Returned remote image providers.</response>
         /// <response code="404">Item not found.</response>
         /// <returns>List of remote image providers.</returns>
-        [HttpGet("{Id}/RemoteImages/Providers")]
+        [HttpGet("{itemId}/RemoteImages/Providers")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute] string id)
+        public ActionResult<IEnumerable<ImageProviderInfo>> GetRemoteImageProviders([FromRoute] Guid itemId)
         {
-            var item = _libraryManager.GetItemById(id);
+            var item = _libraryManager.GetItemById(itemId);
             if (item == null)
             {
                 return NotFound();
@@ -195,21 +195,21 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Downloads a remote image for an item.
         /// </summary>
-        /// <param name="id">Item Id.</param>
+        /// <param name="itemId">Item Id.</param>
         /// <param name="type">The image type.</param>
         /// <param name="imageUrl">The image url.</param>
-        /// <response code="200">Remote image downloaded.</response>
+        /// <response code="204">Remote image downloaded.</response>
         /// <response code="404">Remote image not found.</response>
         /// <returns>Download status.</returns>
-        [HttpPost("{Id}/RemoteImages/Download")]
-        [ProducesResponseType(StatusCodes.Status200OK)]
+        [HttpPost("{itemId}/RemoteImages/Download")]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> DownloadRemoteImage(
-            [FromRoute] string id,
+            [FromRoute] Guid itemId,
             [FromQuery, BindRequired] ImageType type,
             [FromQuery] string imageUrl)
         {
-            var item = _libraryManager.GetItemById(id);
+            var item = _libraryManager.GetItemById(itemId);
             if (item == null)
             {
                 return NotFound();
@@ -219,7 +219,7 @@ namespace Jellyfin.Api.Controllers
                 .ConfigureAwait(false);
 
             item.UpdateToRepository(ItemUpdateType.ImageUpdate, CancellationToken.None);
-            return Ok();
+            return NoContent();
         }
 
         /// <summary>
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 4f259536a..315bc9728 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -113,16 +113,16 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Instructs a session to browse to an item or view.
         /// </summary>
-        /// <param name="id">The session Id.</param>
+        /// <param name="sessionId">The session Id.</param>
         /// <param name="itemType">The type of item to browse to.</param>
         /// <param name="itemId">The Id of the item.</param>
         /// <param name="itemName">The name of the item.</param>
         /// <response code="204">Instruction sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Viewing")]
+        [HttpPost("/Sessions/{sessionId}/Viewing")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult DisplayContent(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromQuery] string itemType,
             [FromQuery] string itemId,
             [FromQuery] string itemName)
@@ -136,7 +136,7 @@ namespace Jellyfin.Api.Controllers
 
             _sessionManager.SendBrowseCommand(
                 RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
-                id,
+                sessionId,
                 command,
                 CancellationToken.None);
 
@@ -146,17 +146,17 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Instructs a session to play an item.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="itemIds">The ids of the items to play, comma delimited.</param>
         /// <param name="startPositionTicks">The starting position of the first item.</param>
         /// <param name="playCommand">The type of play command to issue (PlayNow, PlayNext, PlayLast). Clients who have not yet implemented play next and play last may play now.</param>
         /// <param name="playRequest">The <see cref="PlayRequest"/>.</param>
         /// <response code="204">Instruction sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Playing")]
+        [HttpPost("/Sessions/{sessionId}/Playing")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult Play(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromQuery] Guid[] itemIds,
             [FromQuery] long? startPositionTicks,
             [FromQuery] PlayCommand playCommand,
@@ -173,7 +173,7 @@ namespace Jellyfin.Api.Controllers
 
             _sessionManager.SendPlayCommand(
                 RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
-                id,
+                sessionId,
                 playRequest,
                 CancellationToken.None);
 
@@ -183,19 +183,19 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Issues a playstate command to a client.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="playstateRequest">The <see cref="PlaystateRequest"/>.</param>
         /// <response code="204">Playstate command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Playing/{command}")]
+        [HttpPost("/Sessions/{sessionId}/Playing/{command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendPlaystateCommand(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromBody] PlaystateRequest playstateRequest)
         {
             _sessionManager.SendPlaystateCommand(
                 RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
-                id,
+                sessionId,
                 playstateRequest,
                 CancellationToken.None);
 
@@ -205,14 +205,14 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Issues a system command to a client.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="command">The command to send.</param>
         /// <response code="204">System command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/System/{Command}")]
+        [HttpPost("/Sessions/{sessionId}/System/{command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendSystemCommand(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromRoute] string command)
         {
             var name = command;
@@ -228,7 +228,7 @@ namespace Jellyfin.Api.Controllers
                 ControllingUserId = currentSession.UserId
             };
 
-            _sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
+            _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None);
 
             return NoContent();
         }
@@ -236,14 +236,14 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Issues a general command to a client.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="command">The command to send.</param>
         /// <response code="204">General command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Command/{Command}")]
+        [HttpPost("/Sessions/{sessionId}/Command/{Command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendGeneralCommand(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromRoute] string command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
@@ -254,7 +254,7 @@ namespace Jellyfin.Api.Controllers
                 ControllingUserId = currentSession.UserId
             };
 
-            _sessionManager.SendGeneralCommand(currentSession.Id, id, generalCommand, CancellationToken.None);
+            _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None);
 
             return NoContent();
         }
@@ -262,14 +262,14 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Issues a full general command to a client.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="command">The <see cref="GeneralCommand"/>.</param>
         /// <response code="204">Full general command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Command")]
+        [HttpPost("/Sessions/{sessionId}/Command")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendFullGeneralCommand(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromBody, Required] GeneralCommand command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
@@ -283,7 +283,7 @@ namespace Jellyfin.Api.Controllers
 
             _sessionManager.SendGeneralCommand(
                 currentSession.Id,
-                id,
+                sessionId,
                 command,
                 CancellationToken.None);
 
@@ -293,16 +293,16 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Issues a command to a client to display a message to the user.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="text">The message test.</param>
         /// <param name="header">The message header.</param>
         /// <param name="timeoutMs">The message timeout. If omitted the user will have to confirm viewing the message.</param>
         /// <response code="204">Message sent.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/Message")]
+        [HttpPost("/Sessions/{sessionId}/Message")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendMessageCommand(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromQuery] string text,
             [FromQuery] string header,
             [FromQuery] long? timeoutMs)
@@ -314,7 +314,7 @@ namespace Jellyfin.Api.Controllers
                 Text = text
             };
 
-            _sessionManager.SendMessageCommand(RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id, id, command, CancellationToken.None);
+            _sessionManager.SendMessageCommand(RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id, sessionId, command, CancellationToken.None);
 
             return NoContent();
         }
@@ -322,34 +322,34 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Adds an additional user to a session.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="userId">The user id.</param>
         /// <response code="204">User added to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Sessions/{id}/User/{userId}")]
+        [HttpPost("/Sessions/{sessionId}/User/{userId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddUserToSession(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromRoute] Guid userId)
         {
-            _sessionManager.AddAdditionalUser(id, userId);
+            _sessionManager.AddAdditionalUser(sessionId, userId);
             return NoContent();
         }
 
         /// <summary>
         /// Removes an additional user from a session.
         /// </summary>
-        /// <param name="id">The session id.</param>
+        /// <param name="sessionId">The session id.</param>
         /// <param name="userId">The user id.</param>
         /// <response code="204">User removed from session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("/Sessions/{id}/User/{userId}")]
+        [HttpDelete("/Sessions/{sessionId}/User/{userId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult RemoveUserFromSession(
-            [FromRoute] string id,
+            [FromRoute] string sessionId,
             [FromRoute] Guid userId)
         {
-            _sessionManager.RemoveAdditionalUser(id, userId);
+            _sessionManager.RemoveAdditionalUser(sessionId, userId);
             return NoContent();
         }
 
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 74ec5f9b5..95cc39524 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -75,20 +75,20 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Deletes an external subtitle file.
         /// </summary>
-        /// <param name="id">The item id.</param>
+        /// <param name="itemId">The item id.</param>
         /// <param name="index">The index of the subtitle file.</param>
         /// <response code="204">Subtitle deleted.</response>
         /// <response code="404">Item not found.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpDelete("/Videos/{id}/Subtitles/{index}")]
+        [HttpDelete("/Videos/{itemId}/Subtitles/{index}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<Task> DeleteSubtitle(
-            [FromRoute] Guid id,
+            [FromRoute] Guid itemId,
             [FromRoute] int index)
         {
-            var item = _libraryManager.GetItemById(id);
+            var item = _libraryManager.GetItemById(itemId);
 
             if (item == null)
             {
@@ -102,20 +102,20 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Search remote subtitles.
         /// </summary>
-        /// <param name="id">The item id.</param>
+        /// <param name="itemId">The item id.</param>
         /// <param name="language">The language of the subtitles.</param>
         /// <param name="isPerfectMatch">Optional. Only show subtitles which are a perfect match.</param>
         /// <response code="200">Subtitles retrieved.</response>
         /// <returns>An array of <see cref="RemoteSubtitleInfo"/>.</returns>
-        [HttpGet("/Items/{id}/RemoteSearch/Subtitles/{language}")]
+        [HttpGet("/Items/{itemId}/RemoteSearch/Subtitles/{language}")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
-            [FromRoute] Guid id,
+            [FromRoute] Guid itemId,
             [FromRoute] string language,
             [FromQuery] bool? isPerfectMatch)
         {
-            var video = (Video)_libraryManager.GetItemById(id);
+            var video = (Video)_libraryManager.GetItemById(itemId);
 
             return await _subtitleManager.SearchSubtitles(video, language, isPerfectMatch, CancellationToken.None).ConfigureAwait(false);
         }
@@ -123,18 +123,18 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Downloads a remote subtitle.
         /// </summary>
-        /// <param name="id">The item id.</param>
+        /// <param name="itemId">The item id.</param>
         /// <param name="subtitleId">The subtitle id.</param>
         /// <response code="204">Subtitle downloaded.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
-        [HttpPost("/Items/{id}/RemoteSearch/Subtitles/{subtitleId}")]
+        [HttpPost("/Items/{itemId}/RemoteSearch/Subtitles/{subtitleId}")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> DownloadRemoteSubtitles(
-            [FromRoute] Guid id,
+            [FromRoute] Guid itemId,
             [FromRoute] string subtitleId)
         {
-            var video = (Video)_libraryManager.GetItemById(id);
+            var video = (Video)_libraryManager.GetItemById(itemId);
 
             try
             {
@@ -171,28 +171,28 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets subtitles in a specified format.
         /// </summary>
-        /// <param name="id">The item id.</param>
+        /// <param name="itemId">The item id.</param>
         /// <param name="mediaSourceId">The media source id.</param>
         /// <param name="index">The subtitle stream index.</param>
         /// <param name="format">The format of the returned subtitle.</param>
-        /// <param name="startPositionTicks">Optional. The start position of the subtitle in ticks.</param>
         /// <param name="endPositionTicks">Optional. The end position of the subtitle in ticks.</param>
         /// <param name="copyTimestamps">Optional. Whether to copy the timestamps.</param>
         /// <param name="addVttTimeMap">Optional. Whether to add a VTT time map.</param>
+        /// <param name="startPositionTicks">Optional. The start position of the subtitle in ticks.</param>
         /// <response code="200">File returned.</response>
         /// <returns>A <see cref="FileContentResult"/> with the subtitle file.</returns>
-        [HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/Stream.{format}")]
-        [HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/{startPositionTicks}/Stream.{format}")]
+        [HttpGet("/Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/Stream.{format}")]
+        [HttpGet("/Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/{startPositionTicks?}/Stream.{format}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult> GetSubtitle(
-            [FromRoute, Required] Guid id,
+            [FromRoute, Required] Guid itemId,
             [FromRoute, Required] string mediaSourceId,
             [FromRoute, Required] int index,
             [FromRoute, Required] string format,
-            [FromRoute] long startPositionTicks,
             [FromQuery] long? endPositionTicks,
             [FromQuery] bool copyTimestamps,
-            [FromQuery] bool addVttTimeMap)
+            [FromQuery] bool addVttTimeMap,
+            [FromRoute] long startPositionTicks = 0)
         {
             if (string.Equals(format, "js", StringComparison.OrdinalIgnoreCase))
             {
@@ -201,9 +201,9 @@ namespace Jellyfin.Api.Controllers
 
             if (string.IsNullOrEmpty(format))
             {
-                var item = (Video)_libraryManager.GetItemById(id);
+                var item = (Video)_libraryManager.GetItemById(itemId);
 
-                var idString = id.ToString("N", CultureInfo.InvariantCulture);
+                var idString = itemId.ToString("N", CultureInfo.InvariantCulture);
                 var mediaSource = _mediaSourceManager.GetStaticMediaSources(item, false)
                     .First(i => string.Equals(i.Id, mediaSourceId ?? idString, StringComparison.Ordinal));
 
@@ -216,7 +216,7 @@ namespace Jellyfin.Api.Controllers
 
             if (string.Equals(format, "vtt", StringComparison.OrdinalIgnoreCase) && addVttTimeMap)
             {
-                await using Stream stream = await EncodeSubtitles(id, mediaSourceId, index, format, startPositionTicks, endPositionTicks, copyTimestamps).ConfigureAwait(false);
+                await using Stream stream = await EncodeSubtitles(itemId, mediaSourceId, index, format, startPositionTicks, endPositionTicks, copyTimestamps).ConfigureAwait(false);
                 using var reader = new StreamReader(stream);
 
                 var text = await reader.ReadToEndAsync().ConfigureAwait(false);
@@ -228,7 +228,7 @@ namespace Jellyfin.Api.Controllers
 
             return File(
                 await EncodeSubtitles(
-                    id,
+                    itemId,
                     mediaSourceId,
                     index,
                     format,
@@ -241,23 +241,23 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets an HLS subtitle playlist.
         /// </summary>
-        /// <param name="id">The item id.</param>
+        /// <param name="itemId">The item id.</param>
         /// <param name="index">The subtitle stream index.</param>
         /// <param name="mediaSourceId">The media source id.</param>
         /// <param name="segmentLength">The subtitle segment length.</param>
         /// <response code="200">Subtitle playlist retrieved.</response>
         /// <returns>A <see cref="FileContentResult"/> with the HLS subtitle playlist.</returns>
-        [HttpGet("/Videos/{id}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
+        [HttpGet("/Videos/{itemId}/{mediaSourceId}/Subtitles/{index}/subtitles.m3u8")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "index", Justification = "Imported from ServiceStack")]
         public async Task<ActionResult> GetSubtitlePlaylist(
-            [FromRoute] Guid id,
+            [FromRoute] Guid itemId,
             [FromRoute] int index,
             [FromRoute] string mediaSourceId,
             [FromQuery, Required] int segmentLength)
         {
-            var item = (Video)_libraryManager.GetItemById(id);
+            var item = (Video)_libraryManager.GetItemById(itemId);
 
             var mediaSource = await _mediaSourceManager.GetMediaSource(item, mediaSourceId, null, false, CancellationToken.None).ConfigureAwait(false);
 
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 68ab5813c..0d57dcc83 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -105,17 +105,17 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Gets a user by Id.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <response code="200">User returned.</response>
         /// <response code="404">User not found.</response>
         /// <returns>An <see cref="UserDto"/> with information about the user or a <see cref="NotFoundResult"/> if the user was not found.</returns>
-        [HttpGet("{id}")]
+        [HttpGet("{userId}")]
         [Authorize(Policy = Policies.IgnoreSchedule)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<UserDto> GetUserById([FromRoute] Guid id)
+        public ActionResult<UserDto> GetUserById([FromRoute] Guid userId)
         {
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (user == null)
             {
@@ -129,17 +129,17 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Deletes a user.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <response code="200">User deleted.</response>
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="NotFoundResult"/> if the user was not found.</returns>
-        [HttpDelete("{id}")]
+        [HttpDelete("{userId}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteUser([FromRoute] Guid id)
+        public ActionResult DeleteUser([FromRoute] Guid userId)
         {
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (user == null)
             {
@@ -154,23 +154,23 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Authenticates a user.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="pw">The password as plain text.</param>
         /// <param name="password">The password sha1-hash.</param>
         /// <response code="200">User authenticated.</response>
         /// <response code="403">Sha1-hashed password only is not allowed.</response>
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="Task"/> containing an <see cref="AuthenticationResult"/>.</returns>
-        [HttpPost("{id}/Authenticate")]
+        [HttpPost("{userId}/Authenticate")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateUser(
-            [FromRoute, Required] Guid id,
+            [FromRoute, Required] Guid userId,
             [FromQuery, BindRequired] string pw,
             [FromQuery, BindRequired] string password)
         {
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (user == null)
             {
@@ -230,27 +230,27 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Updates a user's password.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="request">The <see cref="UpdateUserPassword"/> request.</param>
         /// <response code="200">Password successfully reset.</response>
         /// <response code="403">User is not allowed to update the password.</response>
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
-        [HttpPost("{id}/Password")]
+        [HttpPost("{userId}/Password")]
         [Authorize]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> UpdateUserPassword(
-            [FromRoute] Guid id,
+            [FromRoute] Guid userId,
             [FromBody] UpdateUserPassword request)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
             {
                 return Forbid("User is not allowed to update the password.");
             }
 
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (user == null)
             {
@@ -288,27 +288,27 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Updates a user's easy password.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="request">The <see cref="UpdateUserEasyPassword"/> request.</param>
         /// <response code="200">Password successfully reset.</response>
         /// <response code="403">User is not allowed to update the password.</response>
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
-        [HttpPost("{id}/EasyPassword")]
+        [HttpPost("{userId}/EasyPassword")]
         [Authorize]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateUserEasyPassword(
-            [FromRoute] Guid id,
+            [FromRoute] Guid userId,
             [FromBody] UpdateUserEasyPassword request)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, true))
+            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
             {
                 return Forbid("User is not allowed to update the easy password.");
             }
 
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (user == null)
             {
@@ -330,19 +330,19 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Updates a user.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="updateUser">The updated user model.</param>
         /// <response code="204">User updated.</response>
         /// <response code="400">User information was not supplied.</response>
         /// <response code="403">User update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure.</returns>
-        [HttpPost("{id}")]
+        [HttpPost("{userId}")]
         [Authorize]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<ActionResult> UpdateUser(
-            [FromRoute] Guid id,
+            [FromRoute] Guid userId,
             [FromBody] UserDto updateUser)
         {
             if (updateUser == null)
@@ -350,12 +350,12 @@ namespace Jellyfin.Api.Controllers
                 return BadRequest();
             }
 
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
             {
                 return Forbid("User update not allowed.");
             }
 
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             if (string.Equals(user.Username, updateUser.Name, StringComparison.Ordinal))
             {
@@ -374,19 +374,19 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Updates a user policy.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="newPolicy">The new user policy.</param>
         /// <response code="204">User policy updated.</response>
         /// <response code="400">User policy was not supplied.</response>
         /// <response code="403">User policy update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
-        [HttpPost("{id}/Policy")]
+        [HttpPost("{userId}/Policy")]
         [Authorize]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public ActionResult UpdateUserPolicy(
-            [FromRoute] Guid id,
+            [FromRoute] Guid userId,
             [FromBody] UserPolicy newPolicy)
         {
             if (newPolicy == null)
@@ -394,7 +394,7 @@ namespace Jellyfin.Api.Controllers
                 return BadRequest();
             }
 
-            var user = _userManager.GetUserById(id);
+            var user = _userManager.GetUserById(userId);
 
             // If removing admin access
             if (!(newPolicy.IsAdministrator && user.HasPermission(PermissionKind.IsAdministrator)))
@@ -423,7 +423,7 @@ namespace Jellyfin.Api.Controllers
                 _sessionManager.RevokeUserTokens(user.Id, currentToken);
             }
 
-            _userManager.UpdatePolicy(id, newPolicy);
+            _userManager.UpdatePolicy(userId, newPolicy);
 
             return NoContent();
         }
@@ -431,25 +431,25 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Updates a user configuration.
         /// </summary>
-        /// <param name="id">The user id.</param>
+        /// <param name="userId">The user id.</param>
         /// <param name="userConfig">The new user configuration.</param>
         /// <response code="204">User configuration updated.</response>
         /// <response code="403">User configuration update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
-        [HttpPost("{id}/Configuration")]
+        [HttpPost("{userId}/Configuration")]
         [Authorize]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public ActionResult UpdateUserConfiguration(
-            [FromRoute] Guid id,
+            [FromRoute] Guid userId,
             [FromBody] UserConfiguration userConfig)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, id, false))
+            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
             {
                 return Forbid("User configuration update not allowed");
             }
 
-            _userManager.UpdateConfiguration(id, userConfig);
+            _userManager.UpdateConfiguration(userId, userConfig);
 
             return NoContent();
         }
diff --git a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
index 2528fd75d..943ba8af3 100644
--- a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
+++ b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
@@ -44,7 +44,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Attachment retrieved.</response>
         /// <response code="404">Video or attachment not found.</response>
         /// <returns>An <see cref="FileStreamResult"/> containing the attachment stream on success, or a <see cref="NotFoundResult"/> if the attachment could not be found.</returns>
-        [HttpGet("{VideoID}/{MediaSourceID}/Attachments/{Index}")]
+        [HttpGet("{videoId}/{mediaSourceId}/Attachments/{index}")]
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-- 
cgit v1.2.3


From 73bcda7eac6d0785745179fe4b7f58b6bc4ec488 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sat, 27 Jun 2020 10:50:44 -0600
Subject: Make all optional strings nullable

---
 Jellyfin.Api/Controllers/AlbumsController.cs       |  4 +-
 Jellyfin.Api/Controllers/ApiKeyController.cs       |  4 +-
 Jellyfin.Api/Controllers/CollectionController.cs   |  8 ++--
 .../Controllers/ConfigurationController.cs         |  4 +-
 Jellyfin.Api/Controllers/DashboardController.cs    |  2 +-
 Jellyfin.Api/Controllers/DevicesController.cs      |  8 ++--
 .../Controllers/DisplayPreferencesController.cs    | 12 +++---
 Jellyfin.Api/Controllers/ImageByNameController.cs  | 12 +++---
 Jellyfin.Api/Controllers/InstantMixController.cs   | 16 ++++----
 Jellyfin.Api/Controllers/ItemUpdateController.cs   |  2 +-
 Jellyfin.Api/Controllers/LibraryController.cs      | 16 ++++----
 .../Controllers/LibraryStructureController.cs      | 22 +++++------
 .../Controllers/NotificationsController.cs         |  4 +-
 Jellyfin.Api/Controllers/PackageController.cs      |  8 ++--
 Jellyfin.Api/Controllers/PlaylistsController.cs    | 14 +++----
 Jellyfin.Api/Controllers/PluginsController.cs      |  4 +-
 Jellyfin.Api/Controllers/RemoteImageController.cs  |  2 +-
 .../Controllers/ScheduledTasksController.cs        |  8 ++--
 Jellyfin.Api/Controllers/SearchController.cs       | 10 ++---
 Jellyfin.Api/Controllers/SessionController.cs      | 46 +++++++++++-----------
 Jellyfin.Api/Controllers/StartupController.cs      |  6 +--
 Jellyfin.Api/Controllers/SubtitleController.cs     | 14 +++----
 Jellyfin.Api/Controllers/SystemController.cs       |  2 +-
 Jellyfin.Api/Controllers/TvShowsController.cs      |  8 ++--
 Jellyfin.Api/Controllers/UserController.cs         |  8 ++--
 Jellyfin.Api/Controllers/UserLibraryController.cs  |  6 +--
 Jellyfin.Api/Controllers/UserViewsController.cs    |  2 +-
 .../Controllers/VideoAttachmentsController.cs      |  2 +-
 Jellyfin.Api/Controllers/VideosController.cs       |  2 +-
 Jellyfin.Api/Controllers/YearsController.cs        | 16 ++++----
 Jellyfin.Api/Extensions/DtoExtensions.cs           |  4 +-
 Jellyfin.Api/Helpers/RequestHelpers.cs             | 10 ++---
 Jellyfin.Api/Helpers/SimilarItemsHelper.cs         |  2 +-
 33 files changed, 143 insertions(+), 145 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/AlbumsController.cs b/Jellyfin.Api/Controllers/AlbumsController.cs
index 622123873..70315b0a3 100644
--- a/Jellyfin.Api/Controllers/AlbumsController.cs
+++ b/Jellyfin.Api/Controllers/AlbumsController.cs
@@ -53,7 +53,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<QueryResult<BaseItemDto>> GetSimilarAlbums(
             [FromRoute] string albumId,
             [FromQuery] Guid userId,
-            [FromQuery] string excludeArtistIds,
+            [FromQuery] string? excludeArtistIds,
             [FromQuery] int? limit)
         {
             var dtoOptions = new DtoOptions().AddClientFields(Request);
@@ -85,7 +85,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<QueryResult<BaseItemDto>> GetSimilarArtists(
             [FromRoute] string artistId,
             [FromQuery] Guid userId,
-            [FromQuery] string excludeArtistIds,
+            [FromQuery] string? excludeArtistIds,
             [FromQuery] int? limit)
         {
             var dtoOptions = new DtoOptions().AddClientFields(Request);
diff --git a/Jellyfin.Api/Controllers/ApiKeyController.cs b/Jellyfin.Api/Controllers/ApiKeyController.cs
index ed521c1fc..fef4d7262 100644
--- a/Jellyfin.Api/Controllers/ApiKeyController.cs
+++ b/Jellyfin.Api/Controllers/ApiKeyController.cs
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Keys")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult CreateKey([FromQuery, Required] string app)
+        public ActionResult CreateKey([FromQuery, Required] string? app)
         {
             _authRepo.Create(new AuthenticationInfo
             {
@@ -88,7 +88,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("Keys/{key}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult RevokeKey([FromRoute] string key)
+        public ActionResult RevokeKey([FromRoute] string? key)
         {
             _sessionManager.RevokeToken(key);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index 29db0b178..7ff98b251 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -51,8 +51,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<CollectionCreationResult> CreateCollection(
-            [FromQuery] string name,
-            [FromQuery] string ids,
+            [FromQuery] string? name,
+            [FromQuery] string? ids,
             [FromQuery] bool isLocked,
             [FromQuery] Guid? parentId)
         {
@@ -86,7 +86,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult AddToCollection([FromRoute] Guid collectionId, [FromQuery] string itemIds)
+        public ActionResult AddToCollection([FromRoute] Guid collectionId, [FromQuery] string? itemIds)
         {
             _collectionManager.AddToCollection(collectionId, RequestHelpers.Split(itemIds, ',', true));
             return NoContent();
@@ -101,7 +101,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpDelete("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult RemoveFromCollection([FromRoute] Guid collectionId, [FromQuery] string itemIds)
+        public ActionResult RemoveFromCollection([FromRoute] Guid collectionId, [FromQuery] string? itemIds)
         {
             _collectionManager.RemoveFromCollection(collectionId, RequestHelpers.Split(itemIds, ',', true));
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index d275ed2eb..13933cb33 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -70,7 +70,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Configuration.</returns>
         [HttpGet("Configuration/{key}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<object> GetNamedConfiguration([FromRoute] string key)
+        public ActionResult<object> GetNamedConfiguration([FromRoute] string? key)
         {
             return _configurationManager.GetConfiguration(key);
         }
@@ -84,7 +84,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Configuration/{key}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> UpdateNamedConfiguration([FromRoute] string key)
+        public async Task<ActionResult> UpdateNamedConfiguration([FromRoute] string? key)
         {
             var configurationType = _configurationManager.GetConfigurationType(key);
             var configuration = await JsonSerializer.DeserializeAsync(Request.Body, configurationType).ConfigureAwait(false);
diff --git a/Jellyfin.Api/Controllers/DashboardController.cs b/Jellyfin.Api/Controllers/DashboardController.cs
index 6cfee2463..699ef6bf7 100644
--- a/Jellyfin.Api/Controllers/DashboardController.cs
+++ b/Jellyfin.Api/Controllers/DashboardController.cs
@@ -122,7 +122,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("/web/ConfigurationPage")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult GetDashboardConfigurationPage([FromQuery] string name)
+        public ActionResult GetDashboardConfigurationPage([FromQuery] string? name)
         {
             IPlugin? plugin = null;
             Stream? stream = null;
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 55ca7b7c0..3cf7b3378 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, BindRequired] string id)
+        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, BindRequired] string? id)
         {
             var deviceInfo = _deviceManager.GetDevice(id);
             if (deviceInfo == null)
@@ -87,7 +87,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, BindRequired] string id)
+        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, BindRequired] string? id)
         {
             var deviceInfo = _deviceManager.GetDeviceOptions(id);
             if (deviceInfo == null)
@@ -111,7 +111,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
-            [FromQuery, BindRequired] string id,
+            [FromQuery, BindRequired] string? id,
             [FromBody, BindRequired] DeviceOptions deviceOptions)
         {
             var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
@@ -134,7 +134,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteDevice([FromQuery, BindRequired] string id)
+        public ActionResult DeleteDevice([FromQuery, BindRequired] string? id)
         {
             var existingDevice = _deviceManager.GetDevice(id);
             if (existingDevice == null)
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 3f946d9d2..1255e6dab 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -39,9 +39,9 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("{displayPreferencesId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<DisplayPreferences> GetDisplayPreferences(
-            [FromRoute] string displayPreferencesId,
-            [FromQuery] [Required] string userId,
-            [FromQuery] [Required] string client)
+            [FromRoute] string? displayPreferencesId,
+            [FromQuery] [Required] string? userId,
+            [FromQuery] [Required] string? client)
         {
             return _displayPreferencesRepository.GetDisplayPreferences(displayPreferencesId, userId, client);
         }
@@ -59,9 +59,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "displayPreferencesId", Justification = "Imported from ServiceStack")]
         public ActionResult UpdateDisplayPreferences(
-            [FromRoute] string displayPreferencesId,
-            [FromQuery, BindRequired] string userId,
-            [FromQuery, BindRequired] string client,
+            [FromRoute] string? displayPreferencesId,
+            [FromQuery, BindRequired] string? userId,
+            [FromQuery, BindRequired] string? client,
             [FromBody, BindRequired] DisplayPreferences displayPreferences)
         {
             _displayPreferencesRepository.SaveDisplayPreferences(
diff --git a/Jellyfin.Api/Controllers/ImageByNameController.cs b/Jellyfin.Api/Controllers/ImageByNameController.cs
index 4800c0608..5244c35b8 100644
--- a/Jellyfin.Api/Controllers/ImageByNameController.cs
+++ b/Jellyfin.Api/Controllers/ImageByNameController.cs
@@ -64,7 +64,7 @@ namespace Jellyfin.Api.Controllers
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<FileStreamResult> GetGeneralImage([FromRoute] string name, [FromRoute] string type)
+        public ActionResult<FileStreamResult> GetGeneralImage([FromRoute] string? name, [FromRoute] string? type)
         {
             var filename = string.Equals(type, "primary", StringComparison.OrdinalIgnoreCase)
                 ? "folder"
@@ -110,8 +110,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<FileStreamResult> GetRatingImage(
-            [FromRoute] string theme,
-            [FromRoute] string name)
+            [FromRoute] string? theme,
+            [FromRoute] string? name)
         {
             return GetImageFile(_applicationPaths.RatingsPath, theme, name);
         }
@@ -143,8 +143,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<FileStreamResult> GetMediaInfoImage(
-            [FromRoute] string theme,
-            [FromRoute] string name)
+            [FromRoute] string? theme,
+            [FromRoute] string? name)
         {
             return GetImageFile(_applicationPaths.MediaInfoImagesPath, theme, name);
         }
@@ -156,7 +156,7 @@ namespace Jellyfin.Api.Controllers
         /// <param name="theme">Theme to search.</param>
         /// <param name="name">File name to search for.</param>
         /// <returns>A <see cref="FileStreamResult"/> containing the image contents on success, or a <see cref="NotFoundResult"/> if the image could not be found.</returns>
-        private ActionResult<FileStreamResult> GetImageFile(string basePath, string theme, string name)
+        private ActionResult<FileStreamResult> GetImageFile(string basePath, string? theme, string? name)
         {
             var themeFolder = Path.Combine(basePath, theme);
             if (Directory.Exists(themeFolder))
diff --git a/Jellyfin.Api/Controllers/InstantMixController.cs b/Jellyfin.Api/Controllers/InstantMixController.cs
index f1ff770a4..9d945fe2b 100644
--- a/Jellyfin.Api/Controllers/InstantMixController.cs
+++ b/Jellyfin.Api/Controllers/InstantMixController.cs
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -100,7 +100,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -135,7 +135,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -167,10 +167,10 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("/MusicGenres/{name}/InstantMix")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetInstantMixFromMusicGenre(
-            [FromRoute] string name,
+            [FromRoute] string? name,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -204,7 +204,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -239,7 +239,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
@@ -274,7 +274,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid id,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? enableImages,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
diff --git a/Jellyfin.Api/Controllers/ItemUpdateController.cs b/Jellyfin.Api/Controllers/ItemUpdateController.cs
index 384f250ec..c9b2aafcc 100644
--- a/Jellyfin.Api/Controllers/ItemUpdateController.cs
+++ b/Jellyfin.Api/Controllers/ItemUpdateController.cs
@@ -193,7 +193,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Items/{itemId}/ContentType")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateItemContentType([FromRoute] Guid itemId, [FromQuery, BindRequired] string contentType)
+        public ActionResult UpdateItemContentType([FromRoute] Guid itemId, [FromQuery, BindRequired] string? contentType)
         {
             var item = _libraryManager.GetItemById(itemId);
             if (item == null)
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 1ecf2ac73..f1106cda6 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -524,7 +524,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Library/Series/Updated")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedSeries([FromQuery] string tvdbId)
+        public ActionResult PostUpdatedSeries([FromQuery] string? tvdbId)
         {
             var series = _libraryManager.GetItemList(new InternalItemsQuery
             {
@@ -554,7 +554,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Library/Movies/Updated")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedMovies([FromRoute] string tmdbId, [FromRoute] string imdbId)
+        public ActionResult PostUpdatedMovies([FromRoute] string? tmdbId, [FromRoute] string? imdbId)
         {
             var movies = _libraryManager.GetItemList(new InternalItemsQuery
             {
@@ -687,10 +687,10 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
             [FromRoute] Guid itemId,
-            [FromQuery] string excludeArtistIds,
+            [FromQuery] string? excludeArtistIds,
             [FromQuery] Guid userId,
             [FromQuery] int? limit,
-            [FromQuery] string fields)
+            [FromQuery] string? fields)
         {
             var item = itemId.Equals(Guid.Empty)
                 ? (!userId.Equals(Guid.Empty)
@@ -737,7 +737,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("/Libraries/AvailableOptions")]
         [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<LibraryOptionsResultDto> GetLibraryOptionsInfo([FromQuery] string libraryContentType, [FromQuery] bool isNewLibrary)
+        public ActionResult<LibraryOptionsResultDto> GetLibraryOptionsInfo([FromQuery] string? libraryContentType, [FromQuery] bool isNewLibrary)
         {
             var result = new LibraryOptionsResultDto();
 
@@ -877,10 +877,10 @@ namespace Jellyfin.Api.Controllers
 
         private QueryResult<BaseItemDto> GetSimilarItemsResult(
             BaseItem item,
-            string excludeArtistIds,
+            string? excludeArtistIds,
             Guid userId,
             int? limit,
-            string fields,
+            string? fields,
             string[] includeItemTypes,
             bool isMovie)
         {
@@ -942,7 +942,7 @@ namespace Jellyfin.Api.Controllers
             return result;
         }
 
-        private static string[] GetRepresentativeItemTypes(string contentType)
+        private static string[] GetRepresentativeItemTypes(string? contentType)
         {
             return contentType switch
             {
diff --git a/Jellyfin.Api/Controllers/LibraryStructureController.cs b/Jellyfin.Api/Controllers/LibraryStructureController.cs
index e4ac019c9..0c91f8447 100644
--- a/Jellyfin.Api/Controllers/LibraryStructureController.cs
+++ b/Jellyfin.Api/Controllers/LibraryStructureController.cs
@@ -72,8 +72,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> AddVirtualFolder(
-            [FromQuery] string name,
-            [FromQuery] string collectionType,
+            [FromQuery] string? name,
+            [FromQuery] string? collectionType,
             [FromQuery] bool refreshLibrary,
             [FromQuery] string[] paths,
             [FromQuery] LibraryOptions libraryOptions)
@@ -100,7 +100,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> RemoveVirtualFolder(
-            [FromQuery] string name,
+            [FromQuery] string? name,
             [FromQuery] bool refreshLibrary)
         {
             await _libraryManager.RemoveVirtualFolder(name, refreshLibrary).ConfigureAwait(false);
@@ -123,8 +123,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(StatusCodes.Status409Conflict)]
         public ActionResult RenameVirtualFolder(
-            [FromQuery] string name,
-            [FromQuery] string newName,
+            [FromQuery] string? name,
+            [FromQuery] string? newName,
             [FromQuery] bool refreshLibrary)
         {
             if (string.IsNullOrWhiteSpace(name))
@@ -205,8 +205,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Paths")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddMediaPath(
-            [FromQuery] string name,
-            [FromQuery] string path,
+            [FromQuery] string? name,
+            [FromQuery] string? path,
             [FromQuery] MediaPathInfo pathInfo,
             [FromQuery] bool refreshLibrary)
         {
@@ -256,7 +256,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Paths/Update")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateMediaPath(
-            [FromQuery] string name,
+            [FromQuery] string? name,
             [FromQuery] MediaPathInfo pathInfo)
         {
             if (string.IsNullOrWhiteSpace(name))
@@ -280,8 +280,8 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("Paths")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult RemoveMediaPath(
-            [FromQuery] string name,
-            [FromQuery] string path,
+            [FromQuery] string? name,
+            [FromQuery] string? path,
             [FromQuery] bool refreshLibrary)
         {
             if (string.IsNullOrWhiteSpace(name))
@@ -327,7 +327,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("LibraryOptions")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateLibraryOptions(
-            [FromQuery] string id,
+            [FromQuery] string? id,
             [FromQuery] LibraryOptions libraryOptions)
         {
             var collectionFolder = (CollectionFolder)_libraryManager.GetItemById(id);
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index cfa7545c9..02aa39b24 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -93,8 +93,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Admin")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult CreateAdminNotification(
-            [FromQuery] string name,
-            [FromQuery] string description,
+            [FromQuery] string? name,
+            [FromQuery] string? description,
             [FromQuery] string? url,
             [FromQuery] NotificationLevel? level)
         {
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 486575d23..68ae05658 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -40,7 +40,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("/{name}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<PackageInfo>> GetPackageInfo(
-            [FromRoute] [Required] string name,
+            [FromRoute] [Required] string? name,
             [FromQuery] string? assemblyGuid)
         {
             var packages = await _installationManager.GetAvailablePackages().ConfigureAwait(false);
@@ -80,9 +80,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [Authorize(Policy = Policies.RequiresElevation)]
         public async Task<ActionResult> InstallPackage(
-            [FromRoute] [Required] string name,
-            [FromQuery] string assemblyGuid,
-            [FromQuery] string version)
+            [FromRoute] [Required] string? name,
+            [FromQuery] string? assemblyGuid,
+            [FromQuery] string? version)
         {
             var packages = await _installationManager.GetAvailablePackages().ConfigureAwait(false);
             var package = _installationManager.GetCompatibleVersions(
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index 2dc0d2dc7..d62404fc9 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -84,8 +84,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("{playlistId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddToPlaylist(
-            [FromRoute] string playlistId,
-            [FromQuery] string ids,
+            [FromRoute] string? playlistId,
+            [FromQuery] string? ids,
             [FromQuery] Guid userId)
         {
             _playlistManager.AddToPlaylist(playlistId, RequestHelpers.GetGuids(ids), userId);
@@ -103,8 +103,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("{playlistId}/Items/{itemId}/Move/{newIndex}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult MoveItem(
-            [FromRoute] string playlistId,
-            [FromRoute] string itemId,
+            [FromRoute] string? playlistId,
+            [FromRoute] string? itemId,
             [FromRoute] int newIndex)
         {
             _playlistManager.MoveItem(playlistId, itemId, newIndex);
@@ -120,7 +120,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="NoContentResult"/> on success.</returns>
         [HttpDelete("{playlistId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult RemoveFromPlaylist([FromRoute] string playlistId, [FromQuery] string entryIds)
+        public ActionResult RemoveFromPlaylist([FromRoute] string? playlistId, [FromQuery] string? entryIds)
         {
             _playlistManager.RemoveFromPlaylist(playlistId, RequestHelpers.Split(entryIds, ',', true));
             return NoContent();
@@ -147,11 +147,11 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid userId,
             [FromRoute] int? startIndex,
             [FromRoute] int? limit,
-            [FromRoute] string fields,
+            [FromRoute] string? fields,
             [FromRoute] bool? enableImages,
             [FromRoute] bool? enableUserData,
             [FromRoute] int? imageTypeLimit,
-            [FromRoute] string enableImageTypes)
+            [FromRoute] string? enableImageTypes)
         {
             var playlist = (Playlist)_libraryManager.GetItemById(playlistId);
             if (playlist == null)
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index fd48983ea..056395a51 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -166,7 +166,7 @@ namespace Jellyfin.Api.Controllers
         [Obsolete("This endpoint should not be used.")]
         [HttpPost("RegistrationRecords/{name}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<MBRegistrationRecord> GetRegistrationStatus([FromRoute] string name)
+        public ActionResult<MBRegistrationRecord> GetRegistrationStatus([FromRoute] string? name)
         {
             return new MBRegistrationRecord
             {
@@ -188,7 +188,7 @@ namespace Jellyfin.Api.Controllers
         [Obsolete("Paid plugins are not supported")]
         [HttpGet("/Registrations/{name}")]
         [ProducesResponseType(StatusCodes.Status501NotImplemented)]
-        public ActionResult GetRegistration([FromRoute] string name)
+        public ActionResult GetRegistration([FromRoute] string? name)
         {
             // TODO Once we have proper apps and plugins and decide to break compatibility with paid plugins,
             // delete all these registration endpoints. They are only kept for compatibility.
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index a0d14be7a..6fff30129 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -208,7 +208,7 @@ namespace Jellyfin.Api.Controllers
         public async Task<ActionResult> DownloadRemoteImage(
             [FromRoute] Guid itemId,
             [FromQuery, BindRequired] ImageType type,
-            [FromQuery] string imageUrl)
+            [FromQuery] string? imageUrl)
         {
             var item = _libraryManager.GetItemById(itemId);
             if (item == null)
diff --git a/Jellyfin.Api/Controllers/ScheduledTasksController.cs b/Jellyfin.Api/Controllers/ScheduledTasksController.cs
index bf5c3076e..3df325e3b 100644
--- a/Jellyfin.Api/Controllers/ScheduledTasksController.cs
+++ b/Jellyfin.Api/Controllers/ScheduledTasksController.cs
@@ -71,7 +71,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("{taskId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<TaskInfo> GetTask([FromRoute] string taskId)
+        public ActionResult<TaskInfo> GetTask([FromRoute] string? taskId)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(i =>
                 string.Equals(i.Id, taskId, StringComparison.OrdinalIgnoreCase));
@@ -94,7 +94,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Running/{taskId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult StartTask([FromRoute] string taskId)
+        public ActionResult StartTask([FromRoute] string? taskId)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(o =>
                 o.Id.Equals(taskId, StringComparison.OrdinalIgnoreCase));
@@ -118,7 +118,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("Running/{taskId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult StopTask([FromRoute] string taskId)
+        public ActionResult StopTask([FromRoute] string? taskId)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(o =>
                 o.Id.Equals(taskId, StringComparison.OrdinalIgnoreCase));
@@ -144,7 +144,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateTask(
-            [FromRoute] string taskId,
+            [FromRoute] string? taskId,
             [FromBody, BindRequired] TaskTriggerInfo[] triggerInfos)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(o =>
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index d971889db..14dc0815c 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -81,11 +81,11 @@ namespace Jellyfin.Api.Controllers
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] Guid userId,
-            [FromQuery, Required] string searchTerm,
-            [FromQuery] string includeItemTypes,
-            [FromQuery] string excludeItemTypes,
-            [FromQuery] string mediaTypes,
-            [FromQuery] string parentId,
+            [FromQuery, Required] string? searchTerm,
+            [FromQuery] string? includeItemTypes,
+            [FromQuery] string? excludeItemTypes,
+            [FromQuery] string? mediaTypes,
+            [FromQuery] string? parentId,
             [FromQuery] bool? isMovie,
             [FromQuery] bool? isSeries,
             [FromQuery] bool? isNews,
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 39da4178d..bd738aa38 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -62,7 +62,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<SessionInfo>> GetSessions(
             [FromQuery] Guid controllableByUserId,
-            [FromQuery] string deviceId,
+            [FromQuery] string? deviceId,
             [FromQuery] int? activeWithinSeconds)
         {
             var result = _sessionManager.Sessions;
@@ -123,10 +123,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Viewing")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult DisplayContent(
-            [FromRoute] string sessionId,
-            [FromQuery] string itemType,
-            [FromQuery] string itemId,
-            [FromQuery] string itemName)
+            [FromRoute] string? sessionId,
+            [FromQuery] string? itemType,
+            [FromQuery] string? itemId,
+            [FromQuery] string? itemName)
         {
             var command = new BrowseRequest
             {
@@ -157,7 +157,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Playing")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult Play(
-            [FromRoute] string sessionId,
+            [FromRoute] string? sessionId,
             [FromQuery] Guid[] itemIds,
             [FromQuery] long? startPositionTicks,
             [FromQuery] PlayCommand playCommand,
@@ -191,7 +191,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Playing/{command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendPlaystateCommand(
-            [FromRoute] string sessionId,
+            [FromRoute] string? sessionId,
             [FromBody] PlaystateRequest playstateRequest)
         {
             _sessionManager.SendPlaystateCommand(
@@ -213,8 +213,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/System/{command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendSystemCommand(
-            [FromRoute] string sessionId,
-            [FromRoute] string command)
+            [FromRoute] string? sessionId,
+            [FromRoute] string? command)
         {
             var name = command;
             if (Enum.TryParse(name, true, out GeneralCommandType commandType))
@@ -244,8 +244,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Command/{Command}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendGeneralCommand(
-            [FromRoute] string sessionId,
-            [FromRoute] string command)
+            [FromRoute] string? sessionId,
+            [FromRoute] string? command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
 
@@ -270,7 +270,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Command")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendFullGeneralCommand(
-            [FromRoute] string sessionId,
+            [FromRoute] string? sessionId,
             [FromBody, Required] GeneralCommand command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
@@ -303,9 +303,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/Message")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendMessageCommand(
-            [FromRoute] string sessionId,
-            [FromQuery] string text,
-            [FromQuery] string header,
+            [FromRoute] string? sessionId,
+            [FromQuery] string? text,
+            [FromQuery] string? header,
             [FromQuery] long? timeoutMs)
         {
             var command = new MessageCommand
@@ -330,7 +330,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/{sessionId}/User/{userId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddUserToSession(
-            [FromRoute] string sessionId,
+            [FromRoute] string? sessionId,
             [FromRoute] Guid userId)
         {
             _sessionManager.AddAdditionalUser(sessionId, userId);
@@ -347,7 +347,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("/Sessions/{sessionId}/User/{userId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult RemoveUserFromSession(
-            [FromRoute] string sessionId,
+            [FromRoute] string? sessionId,
             [FromRoute] Guid userId)
         {
             _sessionManager.RemoveAdditionalUser(sessionId, userId);
@@ -368,9 +368,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/Capabilities")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult PostCapabilities(
-            [FromQuery] string id,
-            [FromQuery] string playableMediaTypes,
-            [FromQuery] string supportedCommands,
+            [FromQuery] string? id,
+            [FromQuery] string? playableMediaTypes,
+            [FromQuery] string? supportedCommands,
             [FromQuery] bool supportsMediaControl,
             [FromQuery] bool supportsSync,
             [FromQuery] bool supportsPersistentIdentifier = true)
@@ -401,7 +401,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/Capabilities/Full")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult PostFullCapabilities(
-            [FromQuery] string id,
+            [FromQuery] string? id,
             [FromBody, Required] ClientCapabilities capabilities)
         {
             if (string.IsNullOrWhiteSpace(id))
@@ -424,8 +424,8 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("/Sessions/Viewing")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult ReportViewing(
-            [FromQuery] string sessionId,
-            [FromQuery] string itemId)
+            [FromQuery] string? sessionId,
+            [FromQuery] string? itemId)
         {
             string session = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
 
diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs
index d96b0f993..cc1f797b1 100644
--- a/Jellyfin.Api/Controllers/StartupController.cs
+++ b/Jellyfin.Api/Controllers/StartupController.cs
@@ -75,9 +75,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Configuration")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult UpdateInitialConfiguration(
-            [FromForm] string uiCulture,
-            [FromForm] string metadataCountryCode,
-            [FromForm] string preferredMetadataLanguage)
+            [FromForm] string? uiCulture,
+            [FromForm] string? metadataCountryCode,
+            [FromForm] string? preferredMetadataLanguage)
         {
             _config.Configuration.UICulture = uiCulture;
             _config.Configuration.MetadataCountryCode = metadataCountryCode;
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 95cc39524..baedafaa6 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -112,7 +112,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
             [FromRoute] Guid itemId,
-            [FromRoute] string language,
+            [FromRoute] string? language,
             [FromQuery] bool? isPerfectMatch)
         {
             var video = (Video)_libraryManager.GetItemById(itemId);
@@ -132,7 +132,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> DownloadRemoteSubtitles(
             [FromRoute] Guid itemId,
-            [FromRoute] string subtitleId)
+            [FromRoute] string? subtitleId)
         {
             var video = (Video)_libraryManager.GetItemById(itemId);
 
@@ -161,7 +161,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [Produces(MediaTypeNames.Application.Octet)]
-        public async Task<ActionResult> GetRemoteSubtitles([FromRoute] string id)
+        public async Task<ActionResult> GetRemoteSubtitles([FromRoute] string? id)
         {
             var result = await _subtitleManager.GetRemoteSubtitles(id, CancellationToken.None).ConfigureAwait(false);
 
@@ -186,9 +186,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult> GetSubtitle(
             [FromRoute, Required] Guid itemId,
-            [FromRoute, Required] string mediaSourceId,
+            [FromRoute, Required] string? mediaSourceId,
             [FromRoute, Required] int index,
-            [FromRoute, Required] string format,
+            [FromRoute, Required] string? format,
             [FromQuery] long? endPositionTicks,
             [FromQuery] bool copyTimestamps,
             [FromQuery] bool addVttTimeMap,
@@ -254,7 +254,7 @@ namespace Jellyfin.Api.Controllers
         public async Task<ActionResult> GetSubtitlePlaylist(
             [FromRoute] Guid itemId,
             [FromRoute] int index,
-            [FromRoute] string mediaSourceId,
+            [FromRoute] string? mediaSourceId,
             [FromQuery, Required] int segmentLength)
         {
             var item = (Video)_libraryManager.GetItemById(itemId);
@@ -324,7 +324,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task{Stream}"/> with the new subtitle file.</returns>
         private Task<Stream> EncodeSubtitles(
             Guid id,
-            string mediaSourceId,
+            string? mediaSourceId,
             int index,
             string format,
             long startPositionTicks,
diff --git a/Jellyfin.Api/Controllers/SystemController.cs b/Jellyfin.Api/Controllers/SystemController.cs
index e33821b24..bc606f7aa 100644
--- a/Jellyfin.Api/Controllers/SystemController.cs
+++ b/Jellyfin.Api/Controllers/SystemController.cs
@@ -193,7 +193,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Logs/Log")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult GetLogFile([FromQuery, Required] string name)
+        public ActionResult GetLogFile([FromQuery, Required] string? name)
         {
             var file = _fileSystem.GetFiles(_appPaths.LogDirectoryPath)
                 .First(i => string.Equals(i.Name, name, StringComparison.OrdinalIgnoreCase));
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index 6738dd8c8..80b6a2488 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -190,7 +190,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<QueryResult<BaseItemDto>> GetEpisodes(
-            [FromRoute] string seriesId,
+            [FromRoute] string? seriesId,
             [FromQuery] Guid userId,
             [FromQuery] string? fields,
             [FromQuery] int? season,
@@ -311,12 +311,12 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<QueryResult<BaseItemDto>> GetSeasons(
-            [FromRoute] string seriesId,
+            [FromRoute] string? seriesId,
             [FromQuery] Guid userId,
-            [FromQuery] string fields,
+            [FromQuery] string? fields,
             [FromQuery] bool? isSpecialSeason,
             [FromQuery] bool? isMissing,
-            [FromQuery] string adjacentTo,
+            [FromQuery] string? adjacentTo,
             [FromQuery] bool? enableImages,
             [FromQuery] int? imageTypeLimit,
             [FromQuery] string? enableImageTypes,
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 9f8d564a7..24194dcc2 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -164,8 +164,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateUser(
             [FromRoute, Required] Guid userId,
-            [FromQuery, BindRequired] string pw,
-            [FromQuery, BindRequired] string password)
+            [FromQuery, BindRequired] string? pw,
+            [FromQuery, BindRequired] string? password)
         {
             var user = _userManager.GetUserById(userId);
 
@@ -483,7 +483,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task"/> containing a <see cref="ForgotPasswordResult"/>.</returns>
         [HttpPost("ForgotPassword")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<ForgotPasswordResult>> ForgotPassword([FromBody] string enteredUsername)
+        public async Task<ActionResult<ForgotPasswordResult>> ForgotPassword([FromBody] string? enteredUsername)
         {
             var isLocal = HttpContext.Connection.RemoteIpAddress.Equals(HttpContext.Connection.LocalIpAddress)
                           || _networkManager.IsInLocalNetwork(HttpContext.Connection.RemoteIpAddress.ToString());
@@ -501,7 +501,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task"/> containing a <see cref="PinRedeemResult"/>.</returns>
         [HttpPost("ForgotPassword/Pin")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<PinRedeemResult>> ForgotPasswordPin([FromBody] string pin)
+        public async Task<ActionResult<PinRedeemResult>> ForgotPasswordPin([FromBody] string? pin)
         {
             var result = await _userManager.RedeemPasswordResetPin(pin).ConfigureAwait(false);
             return result;
diff --git a/Jellyfin.Api/Controllers/UserLibraryController.cs b/Jellyfin.Api/Controllers/UserLibraryController.cs
index 597e70469..ca804ebc9 100644
--- a/Jellyfin.Api/Controllers/UserLibraryController.cs
+++ b/Jellyfin.Api/Controllers/UserLibraryController.cs
@@ -265,12 +265,12 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<IEnumerable<BaseItemDto>> GetLatestMedia(
             [FromRoute] Guid userId,
             [FromQuery] Guid parentId,
-            [FromQuery] string fields,
-            [FromQuery] string includeItemTypes,
+            [FromQuery] string? fields,
+            [FromQuery] string? includeItemTypes,
             [FromQuery] bool? isPlayed,
             [FromQuery] bool? enableImages,
             [FromQuery] int? imageTypeLimit,
-            [FromQuery] string enableImageTypes,
+            [FromQuery] string? enableImageTypes,
             [FromQuery] bool? enableUserData,
             [FromQuery] int limit = 20,
             [FromQuery] bool groupItems = true)
diff --git a/Jellyfin.Api/Controllers/UserViewsController.cs b/Jellyfin.Api/Controllers/UserViewsController.cs
index 38bf94087..ad8927262 100644
--- a/Jellyfin.Api/Controllers/UserViewsController.cs
+++ b/Jellyfin.Api/Controllers/UserViewsController.cs
@@ -66,7 +66,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute] Guid userId,
             [FromQuery] bool? includeExternalContent,
             [FromQuery] bool includeHidden,
-            [FromQuery] string presetViews)
+            [FromQuery] string? presetViews)
         {
             var query = new UserViewQuery
             {
diff --git a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
index 943ba8af3..eef0a93cd 100644
--- a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
+++ b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
@@ -50,7 +50,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<FileStreamResult>> GetAttachment(
             [FromRoute] Guid videoId,
-            [FromRoute] string mediaSourceId,
+            [FromRoute] string? mediaSourceId,
             [FromRoute] int index)
         {
             try
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index effe630a9..fb1141984 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -133,7 +133,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public ActionResult MergeVersions([FromQuery] string itemIds)
+        public ActionResult MergeVersions([FromQuery] string? itemIds)
         {
             var items = RequestHelpers.Split(itemIds, ',', true)
                 .Select(i => _libraryManager.GetItemById(i))
diff --git a/Jellyfin.Api/Controllers/YearsController.cs b/Jellyfin.Api/Controllers/YearsController.cs
index a036c818c..a66a3951e 100644
--- a/Jellyfin.Api/Controllers/YearsController.cs
+++ b/Jellyfin.Api/Controllers/YearsController.cs
@@ -64,16 +64,16 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<QueryResult<BaseItemDto>> GetYears(
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
-            [FromQuery] string sortOrder,
-            [FromQuery] string parentId,
-            [FromQuery] string fields,
-            [FromQuery] string excludeItemTypes,
-            [FromQuery] string includeItemTypes,
-            [FromQuery] string mediaTypes,
-            [FromQuery] string sortBy,
+            [FromQuery] string? sortOrder,
+            [FromQuery] string? parentId,
+            [FromQuery] string? fields,
+            [FromQuery] string? excludeItemTypes,
+            [FromQuery] string? includeItemTypes,
+            [FromQuery] string? mediaTypes,
+            [FromQuery] string? sortBy,
             [FromQuery] bool? enableUserData,
             [FromQuery] int? imageTypeLimit,
-            [FromQuery] string enableImageTypes,
+            [FromQuery] string? enableImageTypes,
             [FromQuery] Guid userId,
             [FromQuery] bool recursive = true,
             [FromQuery] bool? enableImages = true)
diff --git a/Jellyfin.Api/Extensions/DtoExtensions.cs b/Jellyfin.Api/Extensions/DtoExtensions.cs
index ac248109d..e61e9c29d 100644
--- a/Jellyfin.Api/Extensions/DtoExtensions.cs
+++ b/Jellyfin.Api/Extensions/DtoExtensions.cs
@@ -23,7 +23,7 @@ namespace Jellyfin.Api.Extensions
         /// <param name="dtoOptions">DtoOptions object.</param>
         /// <param name="fields">Comma delimited string of fields.</param>
         /// <returns>Modified DtoOptions object.</returns>
-        internal static DtoOptions AddItemFields(this DtoOptions dtoOptions, string fields)
+        internal static DtoOptions AddItemFields(this DtoOptions dtoOptions, string? fields)
         {
             if (string.IsNullOrEmpty(fields))
             {
@@ -126,7 +126,7 @@ namespace Jellyfin.Api.Extensions
             bool? enableImages,
             bool? enableUserData,
             int? imageTypeLimit,
-            string enableImageTypes)
+            string? enableImageTypes)
         {
             dtoOptions.EnableImages = enableImages ?? true;
 
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index a8ba98f1f..fd86feb8b 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Helpers
         /// <param name="separator">The char that separates the substrings.</param>
         /// <param name="removeEmpty">Option to remove empty substrings from the array.</param>
         /// <returns>An array of the substrings.</returns>
-        internal static string[] Split(string value, char separator, bool removeEmpty)
+        internal static string[] Split(string? value, char separator, bool removeEmpty)
         {
             if (string.IsNullOrWhiteSpace(value))
             {
@@ -99,16 +99,14 @@ namespace Jellyfin.Api.Helpers
         /// <param name="sortBy">Sort by.</param>
         /// <param name="requestedSortOrder">Sort order.</param>
         /// <returns>Resulting order by.</returns>
-        internal static ValueTuple<string, SortOrder>[] GetOrderBy(string sortBy, string requestedSortOrder)
+        internal static ValueTuple<string, SortOrder>[] GetOrderBy(string? sortBy, string? requestedSortOrder)
         {
-            var val = sortBy;
-
-            if (string.IsNullOrEmpty(val))
+            if (string.IsNullOrEmpty(sortBy))
             {
                 return Array.Empty<ValueTuple<string, SortOrder>>();
             }
 
-            var vals = val.Split(',');
+            var vals = sortBy.Split(',');
             if (string.IsNullOrWhiteSpace(requestedSortOrder))
             {
                 requestedSortOrder = "Ascending";
diff --git a/Jellyfin.Api/Helpers/SimilarItemsHelper.cs b/Jellyfin.Api/Helpers/SimilarItemsHelper.cs
index 751e3c481..fd0c31504 100644
--- a/Jellyfin.Api/Helpers/SimilarItemsHelper.cs
+++ b/Jellyfin.Api/Helpers/SimilarItemsHelper.cs
@@ -23,7 +23,7 @@ namespace Jellyfin.Api.Helpers
             IDtoService dtoService,
             Guid userId,
             string id,
-            string excludeArtistIds,
+            string? excludeArtistIds,
             int? limit,
             Type[] includeTypes,
             Func<BaseItem, List<PersonInfo>, List<PersonInfo>, BaseItem, int> getSimilarityScore)
-- 
cgit v1.2.3


From fffa94fc33b923863e7cfe0d57d85ae86206975e Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Thu, 6 Aug 2020 08:17:45 -0600
Subject: Apply fixes from review

---
 .../FirstTimeSetupOrDefaultHandler.cs              | 56 ++++++++++++++++++++++
 .../FirstTimeSetupOrDefaultRequirement.cs          | 11 +++++
 ...IgnoreParentalControlOrFirstTimeSetupHandler.cs | 51 ++++++++++++++++++++
 ...reParentalControlOrFirstTimeSetupRequirement.cs | 11 +++++
 .../IgnoreParentalControlHandler.cs                | 42 ++++++++++++++++
 .../IgnoreParentalControlRequirement.cs            | 11 +++++
 .../IgnoreSchedulePolicy/IgnoreScheduleHandler.cs  | 42 ----------------
 .../IgnoreScheduleRequirement.cs                   | 11 -----
 .../LocalAccessOrRequiresElevationHandler.cs       | 46 ++++++++++++++++++
 .../LocalAccessOrRequiresElevationRequirement.cs   | 11 +++++
 Jellyfin.Api/Constants/Policies.cs                 | 19 +++++++-
 Jellyfin.Api/Controllers/ApiKeyController.cs       |  2 +-
 Jellyfin.Api/Controllers/CollectionController.cs   |  5 +-
 .../Controllers/ConfigurationController.cs         |  6 +--
 Jellyfin.Api/Controllers/DevicesController.cs      | 14 +++---
 .../Controllers/DisplayPreferencesController.cs    |  7 ++-
 Jellyfin.Api/Controllers/EnvironmentController.cs  |  8 ++--
 Jellyfin.Api/Controllers/ImageByNameController.cs  | 11 +++--
 Jellyfin.Api/Controllers/ImageController.cs        |  2 +
 Jellyfin.Api/Controllers/InstantMixController.cs   |  3 +-
 Jellyfin.Api/Controllers/ItemLookupController.cs   | 21 ++++----
 Jellyfin.Api/Controllers/ItemUpdateController.cs   |  6 +--
 Jellyfin.Api/Controllers/LibraryController.cs      |  9 ++--
 .../Controllers/LibraryStructureController.cs      |  4 +-
 Jellyfin.Api/Controllers/LocalizationController.cs |  2 +-
 Jellyfin.Api/Controllers/MediaInfoController.cs    |  5 +-
 .../Controllers/NotificationsController.cs         | 14 ++++--
 Jellyfin.Api/Controllers/PackageController.cs      |  1 -
 Jellyfin.Api/Controllers/PersonsController.cs      |  3 ++
 Jellyfin.Api/Controllers/PlaylistsController.cs    |  4 +-
 Jellyfin.Api/Controllers/PluginsController.cs      |  4 +-
 Jellyfin.Api/Controllers/RemoteImageController.cs  |  6 +--
 .../Controllers/ScheduledTasksController.cs        | 10 ++--
 Jellyfin.Api/Controllers/SessionController.cs      | 49 ++++++++++++-------
 Jellyfin.Api/Controllers/SubtitleController.cs     |  6 +--
 Jellyfin.Api/Controllers/SyncPlayController.cs     |  2 +-
 Jellyfin.Api/Controllers/SystemController.cs       |  7 +--
 Jellyfin.Api/Controllers/TimeSyncController.cs     |  4 +-
 Jellyfin.Api/Controllers/TvShowsController.cs      | 13 ++---
 Jellyfin.Api/Controllers/UserController.cs         | 11 ++---
 .../Controllers/VideoAttachmentsController.cs      | 10 ++--
 Jellyfin.Api/Controllers/VideosController.cs       |  4 +-
 Jellyfin.Api/Controllers/YearsController.cs        |  3 ++
 .../Models/StartupDtos/StartupConfigurationDto.cs  |  2 +-
 .../Extensions/ApiServiceCollectionExtensions.cs   | 35 ++++++++++++--
 .../IgnoreScheduleHandlerTests.cs                  |  8 ++--
 46 files changed, 432 insertions(+), 180 deletions(-)
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
 create mode 100644 Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupHandler.cs
 create mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
 create mode 100644 Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs
 delete mode 100644 Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs
 create mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
 create mode 100644 Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
new file mode 100644
index 000000000..67fb2b79a
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultHandler.cs
@@ -0,0 +1,56 @@
+using System.Threading.Tasks;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
+{
+    /// <summary>
+    /// Authorization handler for requiring first time setup or elevated privileges.
+    /// </summary>
+    public class FirstTimeSetupOrDefaultHandler : BaseAuthorizationHandler<FirstTimeSetupOrDefaultRequirement>
+    {
+        private readonly IConfigurationManager _configurationManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="FirstTimeSetupOrDefaultHandler" /> class.
+        /// </summary>
+        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        public FirstTimeSetupOrDefaultHandler(
+            IConfigurationManager configurationManager,
+            IUserManager userManager,
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor)
+            : base(userManager, networkManager, httpContextAccessor)
+        {
+            _configurationManager = configurationManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrDefaultRequirement firstTimeSetupOrElevatedRequirement)
+        {
+            if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
+            {
+                context.Succeed(firstTimeSetupOrElevatedRequirement);
+                return Task.CompletedTask;
+            }
+
+            var validated = ValidateClaims(context.User);
+            if (validated)
+            {
+                context.Succeed(firstTimeSetupOrElevatedRequirement);
+            }
+            else
+            {
+                context.Fail();
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
new file mode 100644
index 000000000..23d7ee01f
--- /dev/null
+++ b/Jellyfin.Api/Auth/FirstTimeSetupOrDefaultPolicy/FirstTimeSetupOrDefaultRequirement.cs
@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy
+{
+    /// <summary>
+    /// The authorization requirement, requiring incomplete first time setup or elevated privileges, for the authorization handler.
+    /// </summary>
+    public class FirstTimeSetupOrDefaultRequirement : IAuthorizationRequirement
+    {
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupHandler.cs
new file mode 100644
index 000000000..6c9258b3d
--- /dev/null
+++ b/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupHandler.cs
@@ -0,0 +1,51 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
+using MediaBrowser.Common.Configuration;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy
+{
+    /// <summary>
+    /// Escape schedule controls handler.
+    /// </summary>
+    public class IgnoreParentalControlOrFirstTimeSetupHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
+    {
+        private readonly IConfigurationManager _configurationManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="IgnoreParentalControlOrFirstTimeSetupHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        /// <param name="configurationManager">Instance of the <see cref="IConfigurationManager"/> interface.</param>
+        public IgnoreParentalControlOrFirstTimeSetupHandler(
+            IUserManager userManager,
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor,
+            IConfigurationManager configurationManager)
+            : base(userManager, networkManager, httpContextAccessor)
+        {
+            _configurationManager = configurationManager;
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
+        {
+            var validated = ValidateClaims(context.User, ignoreSchedule: true);
+            if (validated || !_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
+            {
+                context.Succeed(requirement);
+            }
+            else
+            {
+                context.Fail();
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupRequirement.cs b/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupRequirement.cs
new file mode 100644
index 000000000..36ded0625
--- /dev/null
+++ b/Jellyfin.Api/Auth/IgnoreParentalControlOrFirstTimeSetupPolicy/IgnoreParentalControlOrFirstTimeSetupRequirement.cs
@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy
+{
+    /// <summary>
+    /// Escape schedule controls requirement.
+    /// </summary>
+    public class IgnoreParentalControlOrFirstTimeSetupRequirement : IAuthorizationRequirement
+    {
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
new file mode 100644
index 000000000..5213bc4cb
--- /dev/null
+++ b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlHandler.cs
@@ -0,0 +1,42 @@
+using System.Threading.Tasks;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
+{
+    /// <summary>
+    /// Escape schedule controls handler.
+    /// </summary>
+    public class IgnoreParentalControlHandler : BaseAuthorizationHandler<IgnoreParentalControlRequirement>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="IgnoreParentalControlHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        public IgnoreParentalControlHandler(
+            IUserManager userManager,
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor)
+            : base(userManager, networkManager, httpContextAccessor)
+        {
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreParentalControlRequirement requirement)
+        {
+            var validated = ValidateClaims(context.User, ignoreSchedule: true);
+            if (!validated)
+            {
+                context.Fail();
+                return Task.CompletedTask;
+            }
+
+            context.Succeed(requirement);
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
new file mode 100644
index 000000000..cdad74270
--- /dev/null
+++ b/Jellyfin.Api/Auth/IgnoreParentalControlPolicy/IgnoreParentalControlRequirement.cs
@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.IgnoreParentalControlPolicy
+{
+    /// <summary>
+    /// Escape schedule controls requirement.
+    /// </summary>
+    public class IgnoreParentalControlRequirement : IAuthorizationRequirement
+    {
+    }
+}
diff --git a/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs b/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs
deleted file mode 100644
index 9afa0b28f..000000000
--- a/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs
+++ /dev/null
@@ -1,42 +0,0 @@
-using System.Threading.Tasks;
-using MediaBrowser.Common.Net;
-using MediaBrowser.Controller.Library;
-using Microsoft.AspNetCore.Authorization;
-using Microsoft.AspNetCore.Http;
-
-namespace Jellyfin.Api.Auth.IgnoreSchedulePolicy
-{
-    /// <summary>
-    /// Escape schedule controls handler.
-    /// </summary>
-    public class IgnoreScheduleHandler : BaseAuthorizationHandler<IgnoreScheduleRequirement>
-    {
-        /// <summary>
-        /// Initializes a new instance of the <see cref="IgnoreScheduleHandler"/> class.
-        /// </summary>
-        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
-        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
-        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
-        public IgnoreScheduleHandler(
-            IUserManager userManager,
-            INetworkManager networkManager,
-            IHttpContextAccessor httpContextAccessor)
-            : base(userManager, networkManager, httpContextAccessor)
-        {
-        }
-
-        /// <inheritdoc />
-        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IgnoreScheduleRequirement requirement)
-        {
-            var validated = ValidateClaims(context.User, ignoreSchedule: true);
-            if (!validated)
-            {
-                context.Fail();
-                return Task.CompletedTask;
-            }
-
-            context.Succeed(requirement);
-            return Task.CompletedTask;
-        }
-    }
-}
diff --git a/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs b/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs
deleted file mode 100644
index d5bb61ce6..000000000
--- a/Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs
+++ /dev/null
@@ -1,11 +0,0 @@
-using Microsoft.AspNetCore.Authorization;
-
-namespace Jellyfin.Api.Auth.IgnoreSchedulePolicy
-{
-    /// <summary>
-    /// Escape schedule controls requirement.
-    /// </summary>
-    public class IgnoreScheduleRequirement : IAuthorizationRequirement
-    {
-    }
-}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
new file mode 100644
index 000000000..d9ab8aa68
--- /dev/null
+++ b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationHandler.cs
@@ -0,0 +1,46 @@
+using System.Threading.Tasks;
+using Jellyfin.Api.Constants;
+using MediaBrowser.Common.Net;
+using MediaBrowser.Controller.Library;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
+{
+    /// <summary>
+    /// Local access handler.
+    /// </summary>
+    public class LocalAccessOrRequiresElevationHandler : BaseAuthorizationHandler<LocalAccessOrRequiresElevationRequirement>
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="LocalAccessOrRequiresElevationHandler"/> class.
+        /// </summary>
+        /// <param name="userManager">Instance of the <see cref="IUserManager"/> interface.</param>
+        /// <param name="networkManager">Instance of the <see cref="INetworkManager"/> interface.</param>
+        /// <param name="httpContextAccessor">Instance of the <see cref="IHttpContextAccessor"/> interface.</param>
+        public LocalAccessOrRequiresElevationHandler(
+            IUserManager userManager,
+            INetworkManager networkManager,
+            IHttpContextAccessor httpContextAccessor)
+            : base(userManager, networkManager, httpContextAccessor)
+        {
+        }
+
+        /// <inheritdoc />
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, LocalAccessOrRequiresElevationRequirement requirement)
+        {
+            var validated = ValidateClaims(context.User, localAccessOnly: true);
+
+            if (validated || context.User.IsInRole(UserRoles.Administrator))
+            {
+                context.Succeed(requirement);
+            }
+            else
+            {
+                context.Fail();
+            }
+
+            return Task.CompletedTask;
+        }
+    }
+}
diff --git a/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
new file mode 100644
index 000000000..ad96caa81
--- /dev/null
+++ b/Jellyfin.Api/Auth/LocalAccessOrRequiresElevationPolicy/LocalAccessOrRequiresElevationRequirement.cs
@@ -0,0 +1,11 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy
+{
+    /// <summary>
+    /// The local access authorization requirement.
+    /// </summary>
+    public class LocalAccessOrRequiresElevationRequirement : IAuthorizationRequirement
+    {
+    }
+}
diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs
index 851b56d73..8de637c4e 100644
--- a/Jellyfin.Api/Constants/Policies.cs
+++ b/Jellyfin.Api/Constants/Policies.cs
@@ -13,7 +13,7 @@ namespace Jellyfin.Api.Constants
         /// <summary>
         /// Policy name for requiring first time setup or elevated privileges.
         /// </summary>
-        public const string FirstTimeSetupOrElevated = "FirstTimeOrElevated";
+        public const string FirstTimeSetupOrElevated = "FirstTimeSetupOrElevated";
 
         /// <summary>
         /// Policy name for requiring elevated privileges.
@@ -28,11 +28,26 @@ namespace Jellyfin.Api.Constants
         /// <summary>
         /// Policy name for escaping schedule controls.
         /// </summary>
-        public const string IgnoreSchedule = "IgnoreSchedule";
+        public const string IgnoreParentalControl = "IgnoreParentalControl";
 
         /// <summary>
         /// Policy name for requiring download permission.
         /// </summary>
         public const string Download = "Download";
+
+        /// <summary>
+        /// Policy name for requiring first time setup or default permissions.
+        /// </summary>
+        public const string FirstTimeSetupOrDefault = "FirstTimeSetupOrDefault";
+
+        /// <summary>
+        /// Policy name for requiring local access or elevated privileges.
+        /// </summary>
+        public const string LocalAccessOrRequiresElevation = "LocalAccessOrRequiresElevation";
+
+        /// <summary>
+        /// Policy name for escaping schedule controls or requiring first time setup.
+        /// </summary>
+        public const string IgnoreParentalControlOrFirstTimeSetup = "IgnoreParentalControlOrFirstTimeSetup";
     }
 }
diff --git a/Jellyfin.Api/Controllers/ApiKeyController.cs b/Jellyfin.Api/Controllers/ApiKeyController.cs
index ccb7f47f0..0e28d4c47 100644
--- a/Jellyfin.Api/Controllers/ApiKeyController.cs
+++ b/Jellyfin.Api/Controllers/ApiKeyController.cs
@@ -88,7 +88,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("Keys/{key}")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult RevokeKey([FromRoute] string? key)
+        public ActionResult RevokeKey([FromRoute, Required] string? key)
         {
             _sessionManager.RevokeToken(key);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index b63fc5ab1..53821a188 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -1,4 +1,5 @@
 using System;
+using System.ComponentModel.DataAnnotations;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
@@ -86,7 +87,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult AddToCollection([FromRoute] Guid collectionId, [FromQuery] string? itemIds)
+        public ActionResult AddToCollection([FromRoute] Guid collectionId, [FromQuery, Required] string? itemIds)
         {
             _collectionManager.AddToCollection(collectionId, RequestHelpers.Split(itemIds, ',', true));
             return NoContent();
@@ -101,7 +102,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpDelete("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult RemoveFromCollection([FromRoute] Guid collectionId, [FromQuery] string? itemIds)
+        public ActionResult RemoveFromCollection([FromRoute] Guid collectionId, [FromQuery, Required] string? itemIds)
         {
             _collectionManager.RemoveFromCollection(collectionId, RequestHelpers.Split(itemIds, ',', true));
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/ConfigurationController.cs b/Jellyfin.Api/Controllers/ConfigurationController.cs
index 7d262ed59..019703dae 100644
--- a/Jellyfin.Api/Controllers/ConfigurationController.cs
+++ b/Jellyfin.Api/Controllers/ConfigurationController.cs
@@ -1,3 +1,4 @@
+using System.ComponentModel.DataAnnotations;
 using System.Text.Json;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
@@ -9,7 +10,6 @@ using MediaBrowser.Model.Configuration;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -59,7 +59,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Configuration")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult UpdateConfiguration([FromBody, BindRequired] ServerConfiguration configuration)
+        public ActionResult UpdateConfiguration([FromBody, Required] ServerConfiguration configuration)
         {
             _configurationManager.ReplaceConfiguration(configuration);
             return NoContent();
@@ -117,7 +117,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("MediaEncoder/Path")]
         [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult UpdateMediaEncoderPath([FromForm, BindRequired] MediaEncoderPathDto mediaEncoderPath)
+        public ActionResult UpdateMediaEncoderPath([FromForm, Required] MediaEncoderPathDto mediaEncoderPath)
         {
             _mediaEncoder.UpdateEncoderPath(mediaEncoderPath.Path, mediaEncoderPath.PathType);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 3cf7b3378..23d10e215 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -1,4 +1,5 @@
 using System;
+using System.ComponentModel.DataAnnotations;
 using Jellyfin.Api.Constants;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Security;
@@ -8,7 +9,6 @@ using MediaBrowser.Model.Querying;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -48,7 +48,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery, Required] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
             return _deviceManager.GetDevices(deviceQuery);
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, BindRequired] string? id)
+        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, Required] string? id)
         {
             var deviceInfo = _deviceManager.GetDevice(id);
             if (deviceInfo == null)
@@ -87,7 +87,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, BindRequired] string? id)
+        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, Required] string? id)
         {
             var deviceInfo = _deviceManager.GetDeviceOptions(id);
             if (deviceInfo == null)
@@ -111,8 +111,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
-            [FromQuery, BindRequired] string? id,
-            [FromBody, BindRequired] DeviceOptions deviceOptions)
+            [FromQuery, Required] string? id,
+            [FromBody, Required] DeviceOptions deviceOptions)
         {
             var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
             if (existingDeviceOptions == null)
@@ -134,7 +134,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteDevice([FromQuery, BindRequired] string? id)
+        public ActionResult DeleteDevice([FromQuery, Required] string? id)
         {
             var existingDevice = _deviceManager.GetDevice(id);
             if (existingDevice == null)
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 62f6097f3..c547d0cde 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -11,7 +11,6 @@ using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -99,9 +98,9 @@ namespace Jellyfin.Api.Controllers
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "displayPreferencesId", Justification = "Imported from ServiceStack")]
         public ActionResult UpdateDisplayPreferences(
             [FromRoute] string? displayPreferencesId,
-            [FromQuery, BindRequired] Guid userId,
-            [FromQuery, BindRequired] string? client,
-            [FromBody, BindRequired] DisplayPreferencesDto displayPreferences)
+            [FromQuery, Required] Guid userId,
+            [FromQuery, Required] string? client,
+            [FromBody, Required] DisplayPreferencesDto displayPreferences)
         {
             HomeSectionType[] defaults =
             {
diff --git a/Jellyfin.Api/Controllers/EnvironmentController.cs b/Jellyfin.Api/Controllers/EnvironmentController.cs
index 719bb7d86..64670f7d8 100644
--- a/Jellyfin.Api/Controllers/EnvironmentController.cs
+++ b/Jellyfin.Api/Controllers/EnvironmentController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.IO;
 using System.Linq;
 using Jellyfin.Api.Constants;
@@ -8,7 +9,6 @@ using MediaBrowser.Model.IO;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Microsoft.Extensions.Logging;
 
 namespace Jellyfin.Api.Controllers
@@ -47,7 +47,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("DirectoryContents")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public IEnumerable<FileSystemEntryInfo> GetDirectoryContents(
-            [FromQuery, BindRequired] string path,
+            [FromQuery, Required] string path,
             [FromQuery] bool includeFiles = false,
             [FromQuery] bool includeDirectories = false)
         {
@@ -75,7 +75,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("ValidatePath")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult ValidatePath([FromBody, BindRequired] ValidatePathDto validatePathDto)
+        public ActionResult ValidatePath([FromBody, Required] ValidatePathDto validatePathDto)
         {
             if (validatePathDto.IsFile.HasValue)
             {
@@ -154,7 +154,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>Parent path.</returns>
         [HttpGet("ParentPath")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<string?> GetParentPath([FromQuery, BindRequired] string path)
+        public ActionResult<string?> GetParentPath([FromQuery, Required] string path)
         {
             string? parent = Path.GetDirectoryName(path);
             if (string.IsNullOrEmpty(parent))
diff --git a/Jellyfin.Api/Controllers/ImageByNameController.cs b/Jellyfin.Api/Controllers/ImageByNameController.cs
index 5244c35b8..528590536 100644
--- a/Jellyfin.Api/Controllers/ImageByNameController.cs
+++ b/Jellyfin.Api/Controllers/ImageByNameController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.IO;
 using System.Linq;
 using System.Net.Mime;
@@ -64,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<FileStreamResult> GetGeneralImage([FromRoute] string? name, [FromRoute] string? type)
+        public ActionResult<FileStreamResult> GetGeneralImage([FromRoute, Required] string? name, [FromRoute, Required] string? type)
         {
             var filename = string.Equals(type, "primary", StringComparison.OrdinalIgnoreCase)
                 ? "folder"
@@ -110,8 +111,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<FileStreamResult> GetRatingImage(
-            [FromRoute] string? theme,
-            [FromRoute] string? name)
+            [FromRoute, Required] string? theme,
+            [FromRoute, Required] string? name)
         {
             return GetImageFile(_applicationPaths.RatingsPath, theme, name);
         }
@@ -143,8 +144,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<FileStreamResult> GetMediaInfoImage(
-            [FromRoute] string? theme,
-            [FromRoute] string? name)
+            [FromRoute, Required] string? theme,
+            [FromRoute, Required] string? name)
         {
             return GetImageFile(_applicationPaths.MediaInfoImagesPath, theme, name);
         }
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index 360164ad4..410456a25 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -84,6 +84,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Users/{userId}/Images/{imageType}")]
         [HttpPost("Users/{userId}/Images/{imageType}/{index?}", Name = "PostUserImage_2")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "imageType", Justification = "Imported from ServiceStack")]
@@ -259,6 +260,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Item not found.</response>
         /// <returns>The list of image infos on success, or <see cref="NotFoundResult"/> if item not found.</returns>
         [HttpGet("Items/{itemId}/Images")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<IEnumerable<ImageInfo>> GetItemImageInfos([FromRoute] Guid itemId)
diff --git a/Jellyfin.Api/Controllers/InstantMixController.cs b/Jellyfin.Api/Controllers/InstantMixController.cs
index 8ca232cef..73bd30c4d 100644
--- a/Jellyfin.Api/Controllers/InstantMixController.cs
+++ b/Jellyfin.Api/Controllers/InstantMixController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
@@ -174,7 +175,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("MusicGenres/{name}/InstantMix")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetInstantMixFromMusicGenre(
-            [FromRoute] string? name,
+            [FromRoute, Required] string? name,
             [FromQuery] Guid? userId,
             [FromQuery] int? limit,
             [FromQuery] string? fields,
diff --git a/Jellyfin.Api/Controllers/ItemLookupController.cs b/Jellyfin.Api/Controllers/ItemLookupController.cs
index 0d9dffbfe..c9ad15bab 100644
--- a/Jellyfin.Api/Controllers/ItemLookupController.cs
+++ b/Jellyfin.Api/Controllers/ItemLookupController.cs
@@ -22,7 +22,6 @@ using MediaBrowser.Model.Providers;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Microsoft.Extensions.Logging;
 
 namespace Jellyfin.Api.Controllers
@@ -94,7 +93,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/Movie")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMovieRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<MovieInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMovieRemoteSearchResults([FromBody, Required] RemoteSearchQuery<MovieInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<Movie, MovieInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -111,7 +110,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/Trailer")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetTrailerRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<TrailerInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetTrailerRemoteSearchResults([FromBody, Required] RemoteSearchQuery<TrailerInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<Trailer, TrailerInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -128,7 +127,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/MusicVideo")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicVideoRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<MusicVideoInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicVideoRemoteSearchResults([FromBody, Required] RemoteSearchQuery<MusicVideoInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<MusicVideo, MusicVideoInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -145,7 +144,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/Series")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetSeriesRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<SeriesInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetSeriesRemoteSearchResults([FromBody, Required] RemoteSearchQuery<SeriesInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<Series, SeriesInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -162,7 +161,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/BoxSet")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetBoxSetRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<BoxSetInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetBoxSetRemoteSearchResults([FromBody, Required] RemoteSearchQuery<BoxSetInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<BoxSet, BoxSetInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -179,7 +178,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/MusicArtist")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicArtistRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<ArtistInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicArtistRemoteSearchResults([FromBody, Required] RemoteSearchQuery<ArtistInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<MusicArtist, ArtistInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -196,7 +195,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/MusicAlbum")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicAlbumRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<AlbumInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetMusicAlbumRemoteSearchResults([FromBody, Required] RemoteSearchQuery<AlbumInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<MusicAlbum, AlbumInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -214,7 +213,7 @@ namespace Jellyfin.Api.Controllers
         /// </returns>
         [HttpPost("Items/RemoteSearch/Person")]
         [Authorize(Policy = Policies.RequiresElevation)]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetPersonRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<PersonLookupInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetPersonRemoteSearchResults([FromBody, Required] RemoteSearchQuery<PersonLookupInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<Person, PersonLookupInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -231,7 +230,7 @@ namespace Jellyfin.Api.Controllers
         /// The task result contains an <see cref="OkResult"/> containing the list of remote search results.
         /// </returns>
         [HttpPost("Items/RemoteSearch/Book")]
-        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetBookRemoteSearchResults([FromBody, BindRequired] RemoteSearchQuery<BookInfo> query)
+        public async Task<ActionResult<IEnumerable<RemoteSearchResult>>> GetBookRemoteSearchResults([FromBody, Required] RemoteSearchQuery<BookInfo> query)
         {
             var results = await _providerManager.GetRemoteSearchResults<Book, BookInfo>(query, CancellationToken.None)
                 .ConfigureAwait(false);
@@ -296,7 +295,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         public async Task<ActionResult> ApplySearchCriteria(
             [FromRoute] Guid itemId,
-            [FromBody, BindRequired] RemoteSearchResult searchResult,
+            [FromBody, Required] RemoteSearchResult searchResult,
             [FromQuery] bool replaceAllImages = true)
         {
             var item = _libraryManager.GetItemById(itemId);
diff --git a/Jellyfin.Api/Controllers/ItemUpdateController.cs b/Jellyfin.Api/Controllers/ItemUpdateController.cs
index a5d9d36a3..4b40c6ada 100644
--- a/Jellyfin.Api/Controllers/ItemUpdateController.cs
+++ b/Jellyfin.Api/Controllers/ItemUpdateController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
 using Jellyfin.Api.Constants;
@@ -17,7 +18,6 @@ using MediaBrowser.Model.IO;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -67,7 +67,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Items/{itemId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateItem([FromRoute] Guid itemId, [FromBody, BindRequired] BaseItemDto request)
+        public ActionResult UpdateItem([FromRoute] Guid itemId, [FromBody, Required] BaseItemDto request)
         {
             var item = _libraryManager.GetItemById(itemId);
             if (item == null)
@@ -194,7 +194,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Items/{itemId}/ContentType")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateItemContentType([FromRoute] Guid itemId, [FromQuery, BindRequired] string? contentType)
+        public ActionResult UpdateItemContentType([FromRoute] Guid itemId, [FromQuery, Required] string? contentType)
         {
             var item = _libraryManager.GetItemById(itemId);
             if (item == null)
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 4731a5c8b..4548e202a 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.IO;
 using System.Linq;
@@ -32,7 +33,6 @@ using MediaBrowser.Model.Querying;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Microsoft.Extensions.Logging;
 using Book = MediaBrowser.Controller.Entities.Book;
 using Movie = Jellyfin.Data.Entities.Movie;
@@ -597,7 +597,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Library/Media/Updated")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostUpdatedMedia([FromBody, BindRequired] MediaUpdateInfoDto[] updates)
+        public ActionResult PostUpdatedMedia([FromBody, Required] MediaUpdateInfoDto[] updates)
         {
             foreach (var item in updates)
             {
@@ -685,6 +685,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Shows/{itemId}/Similar", Name = "GetSimilarShows2")]
         [HttpGet("Movies/{itemId}/Similar", Name = "GetSimilarMovies2")]
         [HttpGet("Trailers/{itemId}/Similar", Name = "GetSimilarTrailers2")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetSimilarItems(
             [FromRoute] Guid itemId,
@@ -736,11 +737,11 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Library options info returned.</response>
         /// <returns>Library options info.</returns>
         [HttpGet("Libraries/AvailableOptions")]
-        [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
+        [Authorize(Policy = Policies.FirstTimeSetupOrDefault)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<LibraryOptionsResultDto> GetLibraryOptionsInfo(
             [FromQuery] string? libraryContentType,
-            [FromQuery] bool isNewLibrary = false)
+            [FromQuery] bool isNewLibrary)
         {
             var result = new LibraryOptionsResultDto();
 
diff --git a/Jellyfin.Api/Controllers/LibraryStructureController.cs b/Jellyfin.Api/Controllers/LibraryStructureController.cs
index ca150f3f2..cdab4f356 100644
--- a/Jellyfin.Api/Controllers/LibraryStructureController.cs
+++ b/Jellyfin.Api/Controllers/LibraryStructureController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.IO;
 using System.Linq;
@@ -17,7 +18,6 @@ using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -204,7 +204,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Paths")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddMediaPath(
-            [FromBody, BindRequired] MediaPathDto mediaPathDto,
+            [FromBody, Required] MediaPathDto mediaPathDto,
             [FromQuery] bool refreshLibrary = false)
         {
             _libraryMonitor.Stop();
diff --git a/Jellyfin.Api/Controllers/LocalizationController.cs b/Jellyfin.Api/Controllers/LocalizationController.cs
index 1466dd3ec..ef2e7e8b1 100644
--- a/Jellyfin.Api/Controllers/LocalizationController.cs
+++ b/Jellyfin.Api/Controllers/LocalizationController.cs
@@ -11,7 +11,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Localization controller.
     /// </summary>
-    [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
+    [Authorize(Policy = Policies.FirstTimeSetupOrDefault)]
     public class LocalizationController : BaseJellyfinApiController
     {
         private readonly ILocalizationManager _localization;
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index 242cbf191..517113074 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Buffers;
+using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
 using System.Net.Mime;
@@ -91,7 +92,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task"/> containing a <see cref="PlaybackInfoResponse"/> with the playback information.</returns>
         [HttpGet("Items/{itemId}/PlaybackInfo")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<PlaybackInfoResponse>> GetPlaybackInfo([FromRoute] Guid itemId, [FromQuery] Guid? userId)
+        public async Task<ActionResult<PlaybackInfoResponse>> GetPlaybackInfo([FromRoute] Guid itemId, [FromQuery, Required] Guid? userId)
         {
             return await GetPlaybackInfoInternal(itemId, userId).ConfigureAwait(false);
         }
@@ -281,7 +282,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("LiveStreams/Close")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult CloseLiveStream([FromQuery] string? liveStreamId)
+        public ActionResult CloseLiveStream([FromQuery, Required] string? liveStreamId)
         {
             _mediaSourceManager.CloseLiveStream(liveStreamId).GetAwaiter().GetResult();
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/NotificationsController.cs b/Jellyfin.Api/Controllers/NotificationsController.cs
index 1bb39b5f7..47ce48b2d 100644
--- a/Jellyfin.Api/Controllers/NotificationsController.cs
+++ b/Jellyfin.Api/Controllers/NotificationsController.cs
@@ -1,13 +1,16 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Models.NotificationDtos;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Notifications;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Notifications;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -16,6 +19,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// The notification controller.
     /// </summary>
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class NotificationsController : BaseJellyfinApiController
     {
         private readonly INotificationManager _notificationManager;
@@ -83,19 +87,19 @@ namespace Jellyfin.Api.Controllers
         /// <summary>
         /// Sends a notification to all admins.
         /// </summary>
-        /// <param name="name">The name of the notification.</param>
-        /// <param name="description">The description of the notification.</param>
         /// <param name="url">The URL of the notification.</param>
         /// <param name="level">The level of the notification.</param>
+        /// <param name="name">The name of the notification.</param>
+        /// <param name="description">The description of the notification.</param>
         /// <response code="204">Notification sent.</response>
         /// <returns>A <cref see="NoContentResult"/>.</returns>
         [HttpPost("Admin")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult CreateAdminNotification(
-            [FromQuery] string? name,
-            [FromQuery] string? description,
             [FromQuery] string? url,
-            [FromQuery] NotificationLevel? level)
+            [FromQuery] NotificationLevel? level,
+            [FromQuery, Required] string name = "",
+            [FromQuery, Required] string description = "")
         {
             var notification = new NotificationRequest
             {
diff --git a/Jellyfin.Api/Controllers/PackageController.cs b/Jellyfin.Api/Controllers/PackageController.cs
index 06c4213fb..3d6a87909 100644
--- a/Jellyfin.Api/Controllers/PackageController.cs
+++ b/Jellyfin.Api/Controllers/PackageController.cs
@@ -127,7 +127,6 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Package repositories returned.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of package repositories.</returns>
         [HttpGet("Repositories")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<RepositoryInfo>> GetRepositories()
         {
diff --git a/Jellyfin.Api/Controllers/PersonsController.cs b/Jellyfin.Api/Controllers/PersonsController.cs
index 23cc23ce7..b6ccec666 100644
--- a/Jellyfin.Api/Controllers/PersonsController.cs
+++ b/Jellyfin.Api/Controllers/PersonsController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Globalization;
 using System.Linq;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Entities;
@@ -9,6 +10,7 @@ using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Querying;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -17,6 +19,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Persons controller.
     /// </summary>
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class PersonsController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Controllers/PlaylistsController.cs b/Jellyfin.Api/Controllers/PlaylistsController.cs
index cf4660494..12c87d7c3 100644
--- a/Jellyfin.Api/Controllers/PlaylistsController.cs
+++ b/Jellyfin.Api/Controllers/PlaylistsController.cs
@@ -1,4 +1,5 @@
 using System;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
@@ -14,7 +15,6 @@ using MediaBrowser.Model.Querying;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -59,7 +59,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<PlaylistCreationResult>> CreatePlaylist(
-            [FromBody, BindRequired] CreatePlaylistDto createPlaylistRequest)
+            [FromBody, Required] CreatePlaylistDto createPlaylistRequest)
         {
             Guid[] idGuidArray = RequestHelpers.GetGuids(createPlaylistRequest.Ids);
             var result = await _playlistManager.CreatePlaylist(new PlaylistCreationRequest
diff --git a/Jellyfin.Api/Controllers/PluginsController.cs b/Jellyfin.Api/Controllers/PluginsController.cs
index fe10f0f1b..b2f34680b 100644
--- a/Jellyfin.Api/Controllers/PluginsController.cs
+++ b/Jellyfin.Api/Controllers/PluginsController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Text.Json;
 using System.Threading.Tasks;
@@ -13,7 +14,6 @@ using MediaBrowser.Model.Plugins;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -154,7 +154,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SecurityInfo")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult UpdatePluginSecurityInfo([FromBody, BindRequired] PluginSecurityInfo pluginSecurityInfo)
+        public ActionResult UpdatePluginSecurityInfo([FromBody, Required] PluginSecurityInfo pluginSecurityInfo)
         {
             return NoContent();
         }
diff --git a/Jellyfin.Api/Controllers/RemoteImageController.cs b/Jellyfin.Api/Controllers/RemoteImageController.cs
index 50a161ef6..baa3d80ac 100644
--- a/Jellyfin.Api/Controllers/RemoteImageController.cs
+++ b/Jellyfin.Api/Controllers/RemoteImageController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.IO;
 using System.Linq;
 using System.Net.Mime;
@@ -18,7 +19,6 @@ using MediaBrowser.Model.Providers;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -154,7 +154,7 @@ namespace Jellyfin.Api.Controllers
         [Produces(MediaTypeNames.Application.Octet)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public async Task<ActionResult> GetRemoteImage([FromQuery, BindRequired] string imageUrl)
+        public async Task<ActionResult> GetRemoteImage([FromQuery, Required] string imageUrl)
         {
             var urlHash = imageUrl.GetMD5();
             var pointerCachePath = GetFullCachePath(urlHash.ToString());
@@ -209,7 +209,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> DownloadRemoteImage(
             [FromRoute] Guid itemId,
-            [FromQuery, BindRequired] ImageType type,
+            [FromQuery, Required] ImageType type,
             [FromQuery] string? imageUrl)
         {
             var item = _libraryManager.GetItemById(itemId);
diff --git a/Jellyfin.Api/Controllers/ScheduledTasksController.cs b/Jellyfin.Api/Controllers/ScheduledTasksController.cs
index 3df325e3b..e672070c0 100644
--- a/Jellyfin.Api/Controllers/ScheduledTasksController.cs
+++ b/Jellyfin.Api/Controllers/ScheduledTasksController.cs
@@ -1,12 +1,12 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using Jellyfin.Api.Constants;
 using MediaBrowser.Model.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -71,7 +71,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("{taskId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<TaskInfo> GetTask([FromRoute] string? taskId)
+        public ActionResult<TaskInfo> GetTask([FromRoute, Required] string? taskId)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(i =>
                 string.Equals(i.Id, taskId, StringComparison.OrdinalIgnoreCase));
@@ -118,7 +118,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete("Running/{taskId}")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult StopTask([FromRoute] string? taskId)
+        public ActionResult StopTask([FromRoute, Required] string? taskId)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(o =>
                 o.Id.Equals(taskId, StringComparison.OrdinalIgnoreCase));
@@ -144,8 +144,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateTask(
-            [FromRoute] string? taskId,
-            [FromBody, BindRequired] TaskTriggerInfo[] triggerInfos)
+            [FromRoute, Required] string? taskId,
+            [FromBody, Required] TaskTriggerInfo[] triggerInfos)
         {
             var task = _taskManager.ScheduledTasks.FirstOrDefault(o =>
                 o.Id.Equals(taskId, StringComparison.OrdinalIgnoreCase));
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 3e6f577f1..48b57bdb7 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -122,12 +122,13 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Instruction sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Viewing")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult DisplayContent(
-            [FromRoute] string? sessionId,
-            [FromQuery] string? itemType,
-            [FromQuery] string? itemId,
-            [FromQuery] string? itemName)
+            [FromRoute, Required] string? sessionId,
+            [FromQuery, Required] string? itemType,
+            [FromQuery, Required] string? itemId,
+            [FromQuery, Required] string? itemName)
         {
             var command = new BrowseRequest
             {
@@ -156,9 +157,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Instruction sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Playing")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult Play(
-            [FromRoute] string? sessionId,
+            [FromRoute, Required] string? sessionId,
             [FromQuery] Guid[] itemIds,
             [FromQuery] long? startPositionTicks,
             [FromQuery] PlayCommand playCommand,
@@ -190,9 +192,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Playstate command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Playing/{command}")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendPlaystateCommand(
-            [FromRoute] string? sessionId,
+            [FromRoute, Required] string? sessionId,
             [FromBody] PlaystateRequest playstateRequest)
         {
             _sessionManager.SendPlaystateCommand(
@@ -212,10 +215,11 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">System command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/System/{command}")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendSystemCommand(
-            [FromRoute] string? sessionId,
-            [FromRoute] string? command)
+            [FromRoute, Required] string? sessionId,
+            [FromRoute, Required] string? command)
         {
             var name = command;
             if (Enum.TryParse(name, true, out GeneralCommandType commandType))
@@ -243,10 +247,11 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">General command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Command/{command}")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendGeneralCommand(
-            [FromRoute] string? sessionId,
-            [FromRoute] string? command)
+            [FromRoute, Required] string? sessionId,
+            [FromRoute, Required] string? command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
 
@@ -269,9 +274,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Full general command sent to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Command")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendFullGeneralCommand(
-            [FromRoute] string? sessionId,
+            [FromRoute, Required] string? sessionId,
             [FromBody, Required] GeneralCommand command)
         {
             var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
@@ -302,11 +308,12 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Message sent.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/Message")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult SendMessageCommand(
-            [FromRoute] string? sessionId,
-            [FromQuery] string? text,
-            [FromQuery] string? header,
+            [FromRoute, Required] string? sessionId,
+            [FromQuery, Required] string? text,
+            [FromQuery, Required] string? header,
             [FromQuery] long? timeoutMs)
         {
             var command = new MessageCommand
@@ -329,9 +336,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">User added to session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/{sessionId}/User/{userId}")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult AddUserToSession(
-            [FromRoute] string? sessionId,
+            [FromRoute, Required] string? sessionId,
             [FromRoute] Guid userId)
         {
             _sessionManager.AddAdditionalUser(sessionId, userId);
@@ -346,6 +354,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">User removed from session.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpDelete("Sessions/{sessionId}/User/{userId}")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult RemoveUserFromSession(
             [FromRoute] string? sessionId,
@@ -367,9 +376,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Capabilities posted.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/Capabilities")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult PostCapabilities(
-            [FromQuery] string? id,
+            [FromQuery, Required] string? id,
             [FromQuery] string? playableMediaTypes,
             [FromQuery] string? supportedCommands,
             [FromQuery] bool supportsMediaControl = false,
@@ -400,9 +410,10 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Capabilities updated.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/Capabilities/Full")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult PostFullCapabilities(
-            [FromQuery] string? id,
+            [FromQuery, Required] string? id,
             [FromBody, Required] ClientCapabilities capabilities)
         {
             if (string.IsNullOrWhiteSpace(id))
@@ -423,6 +434,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Session reported to server.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/Viewing")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult ReportViewing(
             [FromQuery] string? sessionId,
@@ -440,6 +452,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Session end reported to server.</response>
         /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Sessions/Logout")]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult ReportSessionEnded()
         {
@@ -455,6 +468,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Auth providers retrieved.</response>
         /// <returns>An <see cref="IEnumerable{NameIdPair}"/> with the auth providers.</returns>
         [HttpGet("Auth/Providers")]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<NameIdPair>> GetAuthProviders()
         {
@@ -468,6 +482,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="IEnumerable{NameIdPair}"/> with the password reset providers.</returns>
         [HttpGet("Auto/PasswordResetProviders")]
         [ProducesResponseType(StatusCodes.Status200OK)]
+        [Authorize(Policy = Policies.RequiresElevation)]
         public ActionResult<IEnumerable<NameIdPair>> GetPasswordResetProviders()
         {
             return _userManager.GetPasswordResetProviders();
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index d5633fba5..988acccc3 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -113,7 +113,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<IEnumerable<RemoteSubtitleInfo>>> SearchRemoteSubtitles(
             [FromRoute] Guid itemId,
-            [FromRoute] string? language,
+            [FromRoute, Required] string? language,
             [FromQuery] bool? isPerfectMatch)
         {
             var video = (Video)_libraryManager.GetItemById(itemId);
@@ -133,7 +133,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> DownloadRemoteSubtitles(
             [FromRoute] Guid itemId,
-            [FromRoute] string? subtitleId)
+            [FromRoute, Required] string? subtitleId)
         {
             var video = (Video)_libraryManager.GetItemById(itemId);
 
@@ -162,7 +162,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [Produces(MediaTypeNames.Application.Octet)]
-        public async Task<ActionResult> GetRemoteSubtitles([FromRoute] string? id)
+        public async Task<ActionResult> GetRemoteSubtitles([FromRoute, Required] string? id)
         {
             var result = await _subtitleManager.GetRemoteSubtitles(id, CancellationToken.None).ConfigureAwait(false);
 
diff --git a/Jellyfin.Api/Controllers/SyncPlayController.cs b/Jellyfin.Api/Controllers/SyncPlayController.cs
index 2b1b95b1b..e16a10ba4 100644
--- a/Jellyfin.Api/Controllers/SyncPlayController.cs
+++ b/Jellyfin.Api/Controllers/SyncPlayController.cs
@@ -94,7 +94,7 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <param name="filterItemId">Optional. Filter by item id.</param>
         /// <response code="200">Groups returned.</response>
-        /// <returns>An <see cref="IEnumerable{GrouüInfoView}"/> containing the available SyncPlay groups.</returns>
+        /// <returns>An <see cref="IEnumerable{GroupInfoView}"/> containing the available SyncPlay groups.</returns>
         [HttpGet("List")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<IEnumerable<GroupInfoView>> SyncPlayGetGroups([FromQuery] Guid? filterItemId)
diff --git a/Jellyfin.Api/Controllers/SystemController.cs b/Jellyfin.Api/Controllers/SystemController.cs
index 6f9a75e2f..08f1b421d 100644
--- a/Jellyfin.Api/Controllers/SystemController.cs
+++ b/Jellyfin.Api/Controllers/SystemController.cs
@@ -23,7 +23,6 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// The system controller.
     /// </summary>
-    [Route("System")]
     public class SystemController : BaseJellyfinApiController
     {
         private readonly IServerApplicationHost _appHost;
@@ -60,8 +59,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Information retrieved.</response>
         /// <returns>A <see cref="SystemInfo"/> with info about the system.</returns>
         [HttpGet("Info")]
-        [Authorize(Policy = Policies.IgnoreSchedule)]
-        [Authorize(Policy = Policies.FirstTimeSetupOrElevated)]
+        [Authorize(Policy = Policies.IgnoreParentalControlOrFirstTimeSetup)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<SystemInfo>> GetSystemInfo()
         {
@@ -99,8 +97,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="204">Server restarted.</response>
         /// <returns>No content. Server restarted.</returns>
         [HttpPost("Restart")]
-        [Authorize(Policy = Policies.LocalAccessOnly)]
-        [Authorize(Policy = Policies.RequiresElevation)]
+        [Authorize(Policy = Policies.LocalAccessOrRequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult RestartApplication()
         {
diff --git a/Jellyfin.Api/Controllers/TimeSyncController.cs b/Jellyfin.Api/Controllers/TimeSyncController.cs
index bbabcd6e6..2dc744e7c 100644
--- a/Jellyfin.Api/Controllers/TimeSyncController.cs
+++ b/Jellyfin.Api/Controllers/TimeSyncController.cs
@@ -9,7 +9,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// The time sync controller.
     /// </summary>
-    [Route("GetUtcTime")]
+    [Route("")]
     public class TimeSyncController : BaseJellyfinApiController
     {
         /// <summary>
@@ -17,7 +17,7 @@ namespace Jellyfin.Api.Controllers
         /// </summary>
         /// <response code="200">Time returned.</response>
         /// <returns>An <see cref="UtcTimeResponse"/> to sync the client and server time.</returns>
-        [HttpGet]
+        [HttpGet("GetUtcTime")]
         [ProducesResponseType(statusCode: StatusCodes.Status200OK)]
         public ActionResult<UtcTimeResponse> GetUtcTime()
         {
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index d4560dfa2..f463ab889 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
 using Jellyfin.Api.Constants;
@@ -68,7 +69,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("NextUp")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetNextUp(
-            [FromQuery] Guid? userId,
+            [FromQuery, Required] Guid? userId,
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] string? fields,
@@ -126,7 +127,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Upcoming")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetUpcomingEpisodes(
-            [FromQuery] Guid? userId,
+            [FromQuery, Required] Guid? userId,
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] string? fields,
@@ -193,8 +194,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<QueryResult<BaseItemDto>> GetEpisodes(
-            [FromRoute] string? seriesId,
-            [FromQuery] Guid? userId,
+            [FromRoute, Required] string? seriesId,
+            [FromQuery, Required] Guid? userId,
             [FromQuery] string? fields,
             [FromQuery] int? season,
             [FromQuery] string? seasonId,
@@ -316,8 +317,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<QueryResult<BaseItemDto>> GetSeasons(
-            [FromRoute] string? seriesId,
-            [FromQuery] Guid? userId,
+            [FromRoute, Required] string? seriesId,
+            [FromQuery, Required] Guid? userId,
             [FromQuery] string? fields,
             [FromQuery] bool? isSpecialSeason,
             [FromQuery] bool? isMissing,
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 2ce5c7e56..d897f07b7 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -20,7 +20,6 @@ using MediaBrowser.Model.Users;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ModelBinding;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -106,7 +105,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">User not found.</response>
         /// <returns>An <see cref="UserDto"/> with information about the user or a <see cref="NotFoundResult"/> if the user was not found.</returns>
         [HttpGet("{userId}")]
-        [Authorize(Policy = Policies.IgnoreSchedule)]
+        [Authorize(Policy = Policies.IgnoreParentalControl)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<UserDto> GetUserById([FromRoute] Guid userId)
@@ -157,8 +156,8 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateUser(
             [FromRoute, Required] Guid userId,
-            [FromQuery, BindRequired] string? pw,
-            [FromQuery, BindRequired] string? password)
+            [FromQuery, Required] string? pw,
+            [FromQuery] string? password)
         {
             var user = _userManager.GetUserById(userId);
 
@@ -190,7 +189,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task"/> containing an <see cref="AuthenticationRequest"/> with information about the new session.</returns>
         [HttpPost("AuthenticateByName")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, BindRequired] AuthenticateUserByName request)
+        public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, Required] AuthenticateUserByName request)
         {
             var auth = _authContext.GetAuthorizationInfo(Request);
 
@@ -371,7 +370,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="403">User policy update forbidden.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="BadRequestResult"/> or a <see cref="ForbidResult"/> on failure..</returns>
         [HttpPost("{userId}/Policy")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
+        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
diff --git a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
index eef0a93cd..09a1c93e6 100644
--- a/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
+++ b/Jellyfin.Api/Controllers/VideoAttachmentsController.cs
@@ -1,12 +1,11 @@
 using System;
+using System.ComponentModel.DataAnnotations;
 using System.Net.Mime;
 using System.Threading;
 using System.Threading.Tasks;
-using Jellyfin.Api.Constants;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.MediaEncoding;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -16,7 +15,6 @@ namespace Jellyfin.Api.Controllers
     /// Attachments controller.
     /// </summary>
     [Route("Videos")]
-    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class VideoAttachmentsController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;
@@ -49,9 +47,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<FileStreamResult>> GetAttachment(
-            [FromRoute] Guid videoId,
-            [FromRoute] string? mediaSourceId,
-            [FromRoute] int index)
+            [FromRoute, Required] Guid videoId,
+            [FromRoute, Required] string mediaSourceId,
+            [FromRoute, Required] int index)
         {
             try
             {
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index ebe88a9c0..fe065c76f 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
 using System.Net.Http;
@@ -35,7 +36,6 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// The videos controller.
     /// </summary>
-    [Route("Videos")]
     public class VideosController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;
@@ -196,7 +196,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public ActionResult MergeVersions([FromQuery] string? itemIds)
+        public ActionResult MergeVersions([FromQuery, Required] string? itemIds)
         {
             var items = RequestHelpers.Split(itemIds, ',', true)
                 .Select(i => _libraryManager.GetItemById(i))
diff --git a/Jellyfin.Api/Controllers/YearsController.cs b/Jellyfin.Api/Controllers/YearsController.cs
index d09b016a9..eb91ac23e 100644
--- a/Jellyfin.Api/Controllers/YearsController.cs
+++ b/Jellyfin.Api/Controllers/YearsController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Entities;
@@ -9,6 +10,7 @@ using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Querying;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -17,6 +19,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Years controller.
     /// </summary>
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class YearsController : BaseJellyfinApiController
     {
         private readonly ILibraryManager _libraryManager;
diff --git a/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs b/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
index a5f012245..66e797699 100644
--- a/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
+++ b/Jellyfin.Api/Models/StartupDtos/StartupConfigurationDto.cs
@@ -8,7 +8,7 @@ namespace Jellyfin.Api.Models.StartupDtos
         /// <summary>
         /// Gets or sets UI language culture.
         /// </summary>
-        public string? UICulture { get; set; }
+        public string UICulture { get; set; } = null!;
 
         /// <summary>
         /// Gets or sets the metadata country code.
diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 6e91042df..586746430 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -7,8 +7,11 @@ using Jellyfin.Api;
 using Jellyfin.Api.Auth;
 using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 using Jellyfin.Api.Auth.DownloadPolicy;
+using Jellyfin.Api.Auth.FirstTimeSetupOrDefaultPolicy;
 using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy;
-using Jellyfin.Api.Auth.IgnoreSchedulePolicy;
+using Jellyfin.Api.Auth.IgnoreParentalControlOrFirstTimeSetupPolicy;
+using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
+using Jellyfin.Api.Auth.LocalAccessOrRequiresElevationPolicy;
 using Jellyfin.Api.Auth.LocalAccessPolicy;
 using Jellyfin.Api.Auth.RequiresElevationPolicy;
 using Jellyfin.Api.Constants;
@@ -41,9 +44,12 @@ namespace Jellyfin.Server.Extensions
         {
             serviceCollection.AddSingleton<IAuthorizationHandler, DefaultAuthorizationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, DownloadHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrDefaultHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, FirstTimeSetupOrElevatedHandler>();
-            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreScheduleHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, IgnoreParentalControlOrFirstTimeSetupHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessHandler>();
+            serviceCollection.AddSingleton<IAuthorizationHandler, LocalAccessOrRequiresElevationHandler>();
             serviceCollection.AddSingleton<IAuthorizationHandler, RequiresElevationHandler>();
             return serviceCollection.AddAuthorizationCore(options =>
             {
@@ -61,6 +67,13 @@ namespace Jellyfin.Server.Extensions
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
                         policy.AddRequirements(new DownloadRequirement());
                     });
+                options.AddPolicy(
+                    Policies.FirstTimeSetupOrDefault,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new FirstTimeSetupOrDefaultRequirement());
+                    });
                 options.AddPolicy(
                     Policies.FirstTimeSetupOrElevated,
                     policy =>
@@ -69,11 +82,18 @@ namespace Jellyfin.Server.Extensions
                         policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement());
                     });
                 options.AddPolicy(
-                    Policies.IgnoreSchedule,
+                    Policies.IgnoreParentalControl,
                     policy =>
                     {
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
-                        policy.AddRequirements(new IgnoreScheduleRequirement());
+                        policy.AddRequirements(new IgnoreParentalControlRequirement());
+                    });
+                options.AddPolicy(
+                    Policies.IgnoreParentalControlOrFirstTimeSetup,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new IgnoreParentalControlOrFirstTimeSetupRequirement());
                     });
                 options.AddPolicy(
                     Policies.LocalAccessOnly,
@@ -82,6 +102,13 @@ namespace Jellyfin.Server.Extensions
                         policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
                         policy.AddRequirements(new LocalAccessRequirement());
                     });
+                options.AddPolicy(
+                    Policies.LocalAccessOrRequiresElevation,
+                    policy =>
+                    {
+                        policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication);
+                        policy.AddRequirements(new LocalAccessOrRequiresElevationRequirement());
+                    });
                 options.AddPolicy(
                     Policies.RequiresElevation,
                     policy =>
diff --git a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
index b65d45aa0..7150c90bb 100644
--- a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs
@@ -3,7 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using AutoFixture;
 using AutoFixture.AutoMoq;
-using Jellyfin.Api.Auth.IgnoreSchedulePolicy;
+using Jellyfin.Api.Auth.IgnoreParentalControlPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
@@ -20,7 +20,7 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
     {
         private readonly Mock<IConfigurationManager> _configurationManagerMock;
         private readonly List<IAuthorizationRequirement> _requirements;
-        private readonly IgnoreScheduleHandler _sut;
+        private readonly IgnoreParentalControlHandler _sut;
         private readonly Mock<IUserManager> _userManagerMock;
         private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
 
@@ -33,11 +33,11 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy
         {
             var fixture = new Fixture().Customize(new AutoMoqCustomization());
             _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>();
-            _requirements = new List<IAuthorizationRequirement> { new IgnoreScheduleRequirement() };
+            _requirements = new List<IAuthorizationRequirement> { new IgnoreParentalControlRequirement() };
             _userManagerMock = fixture.Freeze<Mock<IUserManager>>();
             _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
 
-            _sut = fixture.Create<IgnoreScheduleHandler>();
+            _sut = fixture.Create<IgnoreParentalControlHandler>();
         }
 
         [Theory]
-- 
cgit v1.2.3


From bb08e25f86c4542fac49e7b6184edd5065fb970b Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Wed, 12 Aug 2020 12:43:43 -0600
Subject: userid isn't actually required

---
 Jellyfin.Api/Controllers/DevicesController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 23d10e215..1aed20ade 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -48,7 +48,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery, Required] Guid? userId)
+        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
             return _deviceManager.GetDevices(deviceQuery);
-- 
cgit v1.2.3


From 63ebae2f9eb015b1b7a834417c2958c81e82bbf8 Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Wed, 9 Sep 2020 14:28:30 -0600
Subject: Remove nullable from required

---
 Jellyfin.Api/Controllers/ApiKeyController.cs             | 2 +-
 Jellyfin.Api/Controllers/CollectionController.cs         | 4 ++--
 Jellyfin.Api/Controllers/DevicesController.cs            | 8 ++++----
 Jellyfin.Api/Controllers/DisplayPreferencesController.cs | 4 ++--
 Jellyfin.Api/Controllers/DynamicHlsController.cs         | 2 +-
 Jellyfin.Api/Controllers/ImageController.cs              | 8 ++++----
 Jellyfin.Api/Controllers/ItemUpdateController.cs         | 2 +-
 Jellyfin.Api/Controllers/MediaInfoController.cs          | 4 ++--
 Jellyfin.Api/Controllers/SearchController.cs             | 2 +-
 Jellyfin.Api/Controllers/SessionController.cs            | 4 ++--
 Jellyfin.Api/Controllers/SystemController.cs             | 2 +-
 Jellyfin.Api/Controllers/TvShowsController.cs            | 4 ++--
 Jellyfin.Api/Controllers/UserController.cs               | 2 +-
 Jellyfin.Api/Controllers/VideosController.cs             | 2 +-
 14 files changed, 25 insertions(+), 25 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/ApiKeyController.cs b/Jellyfin.Api/Controllers/ApiKeyController.cs
index bf973b8dd..e8d6ccdf2 100644
--- a/Jellyfin.Api/Controllers/ApiKeyController.cs
+++ b/Jellyfin.Api/Controllers/ApiKeyController.cs
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Keys")]
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult CreateKey([FromQuery, Required] string? app)
+        public ActionResult CreateKey([FromQuery, Required] string app)
         {
             _authRepo.Create(new AuthenticationInfo
             {
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index f78690b06..2fc697a6a 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -88,7 +88,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> AddToCollection([FromRoute, Required] Guid collectionId, [FromQuery, Required] string? itemIds)
+        public async Task<ActionResult> AddToCollection([FromRoute, Required] Guid collectionId, [FromQuery, Required] string itemIds)
         {
             await _collectionManager.AddToCollectionAsync(collectionId, RequestHelpers.GetGuids(itemIds)).ConfigureAwait(true);
             return NoContent();
@@ -103,7 +103,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpDelete("{collectionId}/Items")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> RemoveFromCollection([FromRoute, Required] Guid collectionId, [FromQuery, Required] string? itemIds)
+        public async Task<ActionResult> RemoveFromCollection([FromRoute, Required] Guid collectionId, [FromQuery, Required] string itemIds)
         {
             await _collectionManager.RemoveFromCollectionAsync(collectionId, RequestHelpers.GetGuids(itemIds)).ConfigureAwait(false);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 1aed20ade..74380c2ef 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -65,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, Required] string? id)
+        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, Required] string id)
         {
             var deviceInfo = _deviceManager.GetDevice(id);
             if (deviceInfo == null)
@@ -87,7 +87,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, Required] string? id)
+        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, Required] string id)
         {
             var deviceInfo = _deviceManager.GetDeviceOptions(id);
             if (deviceInfo == null)
@@ -111,7 +111,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
-            [FromQuery, Required] string? id,
+            [FromQuery, Required] string id,
             [FromBody, Required] DeviceOptions deviceOptions)
         {
             var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
@@ -134,7 +134,7 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteDevice([FromQuery, Required] string? id)
+        public ActionResult DeleteDevice([FromQuery, Required] string id)
         {
             var existingDevice = _deviceManager.GetDevice(id);
             if (existingDevice == null)
diff --git a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
index 86aa52d05..874467c75 100644
--- a/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
+++ b/Jellyfin.Api/Controllers/DisplayPreferencesController.cs
@@ -45,7 +45,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult<DisplayPreferencesDto> GetDisplayPreferences(
             [FromRoute, Required] string displayPreferencesId,
             [FromQuery, Required] Guid userId,
-            [FromQuery, Required] string? client)
+            [FromQuery, Required] string client)
         {
             var displayPreferences = _displayPreferencesManager.GetDisplayPreferences(userId, client);
             var itemPreferences = _displayPreferencesManager.GetItemDisplayPreferences(displayPreferences.UserId, Guid.Empty, displayPreferences.Client);
@@ -99,7 +99,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult UpdateDisplayPreferences(
             [FromRoute, Required] string displayPreferencesId,
             [FromQuery, Required] Guid userId,
-            [FromQuery, Required] string? client,
+            [FromQuery, Required] string client,
             [FromBody, Required] DisplayPreferencesDto displayPreferences)
         {
             HomeSectionType[] defaults =
diff --git a/Jellyfin.Api/Controllers/DynamicHlsController.cs b/Jellyfin.Api/Controllers/DynamicHlsController.cs
index 778c18560..670b41611 100644
--- a/Jellyfin.Api/Controllers/DynamicHlsController.cs
+++ b/Jellyfin.Api/Controllers/DynamicHlsController.cs
@@ -179,7 +179,7 @@ namespace Jellyfin.Api.Controllers
             [FromQuery] string? segmentContainer,
             [FromQuery] int? segmentLength,
             [FromQuery] int? minSegments,
-            [FromQuery, Required] string? mediaSourceId,
+            [FromQuery, Required] string mediaSourceId,
             [FromQuery] string? deviceId,
             [FromQuery] string? audioCodec,
             [FromQuery] bool? enableAutoStreamCopy,
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index ab4bf3d88..7afec1219 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -833,10 +833,10 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] ImageType imageType,
             [FromRoute, Required] string tag,
             [FromRoute, Required] string format,
-            [FromRoute, Required] int? maxWidth,
-            [FromRoute, Required] int? maxHeight,
-            [FromRoute, Required] double? percentPlayed,
-            [FromRoute, Required] int? unplayedCount,
+            [FromQuery] int? maxWidth,
+            [FromQuery] int? maxHeight,
+            [FromQuery] double? percentPlayed,
+            [FromQuery] int? unplayedCount,
             [FromQuery] int? width,
             [FromQuery] int? height,
             [FromQuery] int? quality,
diff --git a/Jellyfin.Api/Controllers/ItemUpdateController.cs b/Jellyfin.Api/Controllers/ItemUpdateController.cs
index 4308a434d..0a6ed31ae 100644
--- a/Jellyfin.Api/Controllers/ItemUpdateController.cs
+++ b/Jellyfin.Api/Controllers/ItemUpdateController.cs
@@ -195,7 +195,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Items/{itemId}/ContentType")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateItemContentType([FromRoute, Required] Guid itemId, [FromQuery, Required] string? contentType)
+        public ActionResult UpdateItemContentType([FromRoute, Required] Guid itemId, [FromQuery] string contentType)
         {
             var item = _libraryManager.GetItemById(itemId);
             if (item == null)
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index ee171e856..a984afc96 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -69,7 +69,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="Task"/> containing a <see cref="PlaybackInfoResponse"/> with the playback information.</returns>
         [HttpGet("Items/{itemId}/PlaybackInfo")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public async Task<ActionResult<PlaybackInfoResponse>> GetPlaybackInfo([FromRoute, Required] Guid itemId, [FromQuery, Required] Guid? userId)
+        public async Task<ActionResult<PlaybackInfoResponse>> GetPlaybackInfo([FromRoute, Required] Guid itemId, [FromQuery, Required] Guid userId)
         {
             return await _mediaInfoHelper.GetPlaybackInfo(
                     itemId,
@@ -270,7 +270,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("LiveStreams/Close")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public async Task<ActionResult> CloseLiveStream([FromQuery, Required] string? liveStreamId)
+        public async Task<ActionResult> CloseLiveStream([FromQuery, Required] string liveStreamId)
         {
             await _mediaSourceManager.CloseLiveStream(liveStreamId).ConfigureAwait(false);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/SearchController.cs b/Jellyfin.Api/Controllers/SearchController.cs
index e159a9666..62c870cb1 100644
--- a/Jellyfin.Api/Controllers/SearchController.cs
+++ b/Jellyfin.Api/Controllers/SearchController.cs
@@ -81,7 +81,7 @@ namespace Jellyfin.Api.Controllers
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] Guid? userId,
-            [FromQuery, Required] string? searchTerm,
+            [FromQuery, Required] string searchTerm,
             [FromQuery] string? includeItemTypes,
             [FromQuery] string? excludeItemTypes,
             [FromQuery] string? mediaTypes,
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 9da8b3ed4..b00675d67 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -309,7 +309,7 @@ namespace Jellyfin.Api.Controllers
         public ActionResult SendMessageCommand(
             [FromRoute, Required] string sessionId,
             [FromQuery, Required] string text,
-            [FromQuery, Required] string? header,
+            [FromQuery] string? header,
             [FromQuery] long? timeoutMs)
         {
             var command = new MessageCommand
@@ -375,7 +375,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public ActionResult PostCapabilities(
-            [FromQuery, Required] string? id,
+            [FromQuery] string? id,
             [FromQuery] string? playableMediaTypes,
             [FromQuery] string? supportedCommands,
             [FromQuery] bool supportsMediaControl = false,
diff --git a/Jellyfin.Api/Controllers/SystemController.cs b/Jellyfin.Api/Controllers/SystemController.cs
index e878e8f36..a5dc123dd 100644
--- a/Jellyfin.Api/Controllers/SystemController.cs
+++ b/Jellyfin.Api/Controllers/SystemController.cs
@@ -193,7 +193,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesFile(MediaTypeNames.Text.Plain)]
-        public ActionResult GetLogFile([FromQuery, Required] string? name)
+        public ActionResult GetLogFile([FromQuery, Required] string name)
         {
             var file = _fileSystem.GetFiles(_appPaths.LogDirectoryPath)
                 .First(i => string.Equals(i.Name, name, StringComparison.OrdinalIgnoreCase));
diff --git a/Jellyfin.Api/Controllers/TvShowsController.cs b/Jellyfin.Api/Controllers/TvShowsController.cs
index b9c3bd1e7..d158f6c34 100644
--- a/Jellyfin.Api/Controllers/TvShowsController.cs
+++ b/Jellyfin.Api/Controllers/TvShowsController.cs
@@ -69,7 +69,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("NextUp")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetNextUp(
-            [FromQuery, Required] Guid? userId,
+            [FromQuery] Guid? userId,
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] string? fields,
@@ -127,7 +127,7 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Upcoming")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<BaseItemDto>> GetUpcomingEpisodes(
-            [FromQuery, Required] Guid? userId,
+            [FromQuery] Guid? userId,
             [FromQuery] int? startIndex,
             [FromQuery] int? limit,
             [FromQuery] string? fields,
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 435588146..f3e4b1bea 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -156,7 +156,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateUser(
             [FromRoute, Required] Guid userId,
-            [FromQuery, Required] string? pw,
+            [FromQuery, Required] string pw,
             [FromQuery] string? password)
         {
             var user = _userManager.GetUserById(userId);
diff --git a/Jellyfin.Api/Controllers/VideosController.cs b/Jellyfin.Api/Controllers/VideosController.cs
index 2608ba916..cce4cfbe3 100644
--- a/Jellyfin.Api/Controllers/VideosController.cs
+++ b/Jellyfin.Api/Controllers/VideosController.cs
@@ -203,7 +203,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status400BadRequest)]
-        public async Task<ActionResult> MergeVersions([FromQuery, Required] string? itemIds)
+        public async Task<ActionResult> MergeVersions([FromQuery, Required] string itemIds)
         {
             var items = RequestHelpers.Split(itemIds, ',', true)
                 .Select(i => _libraryManager.GetItemById(i))
-- 
cgit v1.2.3


From 6a07e93ddd934420620297d510d4c4b9122463cb Mon Sep 17 00:00:00 2001
From: crobibero <cody@robibe.ro>
Date: Sun, 1 Nov 2020 20:37:03 -0700
Subject: Fix endpoint auth

---
 Jellyfin.Api/Controllers/DevicesController.cs     | 6 +-----
 Jellyfin.Api/Controllers/SuggestionsController.cs | 3 +++
 2 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 74380c2ef..b3e3490c2 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -15,7 +15,7 @@ namespace Jellyfin.Api.Controllers
     /// <summary>
     /// Devices Controller.
     /// </summary>
-    [Authorize(Policy = Policies.DefaultAuthorization)]
+    [Authorize(Policy = Policies.RequiresElevation)]
     public class DevicesController : BaseJellyfinApiController
     {
         private readonly IDeviceManager _deviceManager;
@@ -46,7 +46,6 @@ namespace Jellyfin.Api.Controllers
         /// <response code="200">Devices retrieved.</response>
         /// <returns>An <see cref="OkResult"/> containing the list of devices.</returns>
         [HttpGet]
-        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
@@ -62,7 +61,6 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Info")]
-        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, Required] string id)
@@ -84,7 +82,6 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>An <see cref="OkResult"/> containing the device info on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpGet("Options")]
-        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, Required] string id)
@@ -107,7 +104,6 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">Device not found.</response>
         /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
         [HttpPost("Options")]
-        [Authorize(Policy = Policies.RequiresElevation)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public ActionResult UpdateDeviceOptions(
diff --git a/Jellyfin.Api/Controllers/SuggestionsController.cs b/Jellyfin.Api/Controllers/SuggestionsController.cs
index d7c81a3ab..ad64adfba 100644
--- a/Jellyfin.Api/Controllers/SuggestionsController.cs
+++ b/Jellyfin.Api/Controllers/SuggestionsController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
+using Jellyfin.Api.Constants;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Data.Enums;
@@ -9,6 +10,7 @@ using MediaBrowser.Controller.Entities;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Querying;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,6 +20,7 @@ namespace Jellyfin.Api.Controllers
     /// The suggestions controller.
     /// </summary>
     [Route("")]
+    [Authorize(Policy = Policies.DefaultAuthorization)]
     public class SuggestionsController : BaseJellyfinApiController
     {
         private readonly IDtoService _dtoService;
-- 
cgit v1.2.3


From 44e71774b17942034691d6a2c630cd687b23bceb Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Sat, 10 Apr 2021 16:17:36 -0400
Subject: Rewrite device manager using EF Core

---
 Emby.Server.Implementations/ApplicationHost.cs     |   2 -
 .../Devices/DeviceManager.cs                       | 144 -------------------
 .../Security/AuthenticationRepository.cs           |   4 +-
 .../Session/SessionManager.cs                      |   2 +-
 Jellyfin.Api/Controllers/DevicesController.cs      |  14 +-
 .../Devices/DeviceManager.cs                       | 158 +++++++++++++++++++++
 Jellyfin.Server/CoreAppHost.cs                     |   3 +
 MediaBrowser.Controller/Devices/IDeviceManager.cs  |   9 +-
 .../Security/IAuthenticationRepository.cs          |   2 +-
 MediaBrowser.Model/Devices/DeviceOptions.cs        |   9 --
 10 files changed, 178 insertions(+), 169 deletions(-)
 delete mode 100644 Emby.Server.Implementations/Devices/DeviceManager.cs
 create mode 100644 Jellyfin.Server.Implementations/Devices/DeviceManager.cs
 delete mode 100644 MediaBrowser.Model/Devices/DeviceOptions.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 3846de5fd..f2ed20fbc 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -644,8 +644,6 @@ namespace Emby.Server.Implementations
 
             ServiceCollection.AddSingleton<ITVSeriesManager, TVSeriesManager>();
 
-            ServiceCollection.AddSingleton<IDeviceManager, DeviceManager>();
-
             ServiceCollection.AddSingleton<IMediaSourceManager, MediaSourceManager>();
 
             ServiceCollection.AddSingleton<ISubtitleManager, SubtitleManager>();
diff --git a/Emby.Server.Implementations/Devices/DeviceManager.cs b/Emby.Server.Implementations/Devices/DeviceManager.cs
deleted file mode 100644
index da5047d24..000000000
--- a/Emby.Server.Implementations/Devices/DeviceManager.cs
+++ /dev/null
@@ -1,144 +0,0 @@
-#pragma warning disable CS1591
-
-using System;
-using System.Collections.Concurrent;
-using System.Collections.Generic;
-using System.Linq;
-using Jellyfin.Data.Entities;
-using Jellyfin.Data.Enums;
-using Jellyfin.Data.Events;
-using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Security;
-using MediaBrowser.Model.Devices;
-using MediaBrowser.Model.Querying;
-using MediaBrowser.Model.Session;
-
-namespace Emby.Server.Implementations.Devices
-{
-    public class DeviceManager : IDeviceManager
-    {
-        private readonly IUserManager _userManager;
-        private readonly IAuthenticationRepository _authRepo;
-        private readonly ConcurrentDictionary<string, ClientCapabilities> _capabilitiesMap = new ();
-
-        public DeviceManager(IAuthenticationRepository authRepo, IUserManager userManager)
-        {
-            _userManager = userManager;
-            _authRepo = authRepo;
-        }
-
-        public event EventHandler<GenericEventArgs<Tuple<string, DeviceOptions>>> DeviceOptionsUpdated;
-
-        public void SaveCapabilities(string deviceId, ClientCapabilities capabilities)
-        {
-            _capabilitiesMap[deviceId] = capabilities;
-        }
-
-        public void UpdateDeviceOptions(string deviceId, DeviceOptions options)
-        {
-            _authRepo.UpdateDeviceOptions(deviceId, options);
-
-            DeviceOptionsUpdated?.Invoke(this, new GenericEventArgs<Tuple<string, DeviceOptions>>(new Tuple<string, DeviceOptions>(deviceId, options)));
-        }
-
-        public DeviceOptions GetDeviceOptions(string deviceId)
-        {
-            return _authRepo.GetDeviceOptions(deviceId);
-        }
-
-        public ClientCapabilities GetCapabilities(string id)
-        {
-            return _capabilitiesMap.TryGetValue(id, out ClientCapabilities result)
-                ? result
-                : new ClientCapabilities();
-        }
-
-        public DeviceInfo GetDevice(string id)
-        {
-            var session = _authRepo.Get(new AuthenticationInfoQuery
-            {
-                DeviceId = id
-            }).Items.FirstOrDefault();
-
-            var device = session == null ? null : ToDeviceInfo(session);
-
-            return device;
-        }
-
-        public QueryResult<DeviceInfo> GetDevices(DeviceQuery query)
-        {
-            IEnumerable<AuthenticationInfo> sessions = _authRepo.Get(new AuthenticationInfoQuery
-            {
-                // UserId = query.UserId
-                HasUser = true
-            }).Items;
-
-            // TODO: DeviceQuery doesn't seem to be used from client. Not even Swagger.
-            if (query.SupportsSync.HasValue)
-            {
-                var val = query.SupportsSync.Value;
-
-                sessions = sessions.Where(i => GetCapabilities(i.DeviceId).SupportsSync == val);
-            }
-
-            if (!query.UserId.Equals(Guid.Empty))
-            {
-                var user = _userManager.GetUserById(query.UserId);
-
-                sessions = sessions.Where(i => CanAccessDevice(user, i.DeviceId));
-            }
-
-            var array = sessions.Select(ToDeviceInfo).ToArray();
-
-            return new QueryResult<DeviceInfo>(array);
-        }
-
-        private DeviceInfo ToDeviceInfo(AuthenticationInfo authInfo)
-        {
-            var caps = GetCapabilities(authInfo.DeviceId);
-
-            return new DeviceInfo
-            {
-                AppName = authInfo.AppName,
-                AppVersion = authInfo.AppVersion,
-                Id = authInfo.DeviceId,
-                LastUserId = authInfo.UserId,
-                LastUserName = authInfo.UserName,
-                Name = authInfo.DeviceName,
-                DateLastActivity = authInfo.DateLastActivity,
-                IconUrl = caps?.IconUrl
-            };
-        }
-
-        public bool CanAccessDevice(User user, string deviceId)
-        {
-            if (user == null)
-            {
-                throw new ArgumentException("user not found");
-            }
-
-            if (string.IsNullOrEmpty(deviceId))
-            {
-                throw new ArgumentNullException(nameof(deviceId));
-            }
-
-            if (user.HasPermission(PermissionKind.EnableAllDevices) || user.HasPermission(PermissionKind.IsAdministrator))
-            {
-                return true;
-            }
-
-            if (!user.GetPreference(PreferenceKind.EnabledDevices).Contains(deviceId, StringComparer.OrdinalIgnoreCase))
-            {
-                var capabilities = GetCapabilities(deviceId);
-
-                if (capabilities != null && capabilities.SupportsPersistentIdentifier)
-                {
-                    return false;
-                }
-            }
-
-            return true;
-        }
-    }
-}
diff --git a/Emby.Server.Implementations/Security/AuthenticationRepository.cs b/Emby.Server.Implementations/Security/AuthenticationRepository.cs
index 4bc12f44a..0d0a2b1df 100644
--- a/Emby.Server.Implementations/Security/AuthenticationRepository.cs
+++ b/Emby.Server.Implementations/Security/AuthenticationRepository.cs
@@ -6,9 +6,9 @@ using System.Globalization;
 using System.IO;
 using System.Linq;
 using Emby.Server.Implementations.Data;
+using Jellyfin.Data.Entities.Security;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Security;
-using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Querying;
 using Microsoft.Extensions.Logging;
 using SQLitePCL.pretty;
@@ -357,7 +357,7 @@ namespace Emby.Server.Implementations.Security
                     {
                         statement.TryBind("@DeviceId", deviceId);
 
-                        var result = new DeviceOptions();
+                        var result = new DeviceOptions(deviceId);
 
                         foreach (var row in statement.ExecuteQuery())
                         {
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index e06e48ca6..a47a1f56f 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -8,6 +8,7 @@ using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
+using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
 using MediaBrowser.Common.Events;
@@ -24,7 +25,6 @@ using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
-using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
 using MediaBrowser.Model.Library;
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index b3e3490c2..3ca6488d9 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -1,6 +1,8 @@
 using System;
 using System.ComponentModel.DataAnnotations;
+using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
+using Jellyfin.Data.Entities.Security;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
@@ -47,10 +49,10 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="OkResult"/> containing the list of devices.</returns>
         [HttpGet]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<DeviceInfo>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
+        public async Task<ActionResult<QueryResult<DeviceInfo>>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
             var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
-            return _deviceManager.GetDevices(deviceQuery);
+            return await _deviceManager.GetDevices(deviceQuery);
         }
 
         /// <summary>
@@ -63,9 +65,9 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Info")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceInfo> GetDeviceInfo([FromQuery, Required] string id)
+        public async Task<ActionResult<DeviceInfo>> GetDeviceInfo([FromQuery, Required] string id)
         {
-            var deviceInfo = _deviceManager.GetDevice(id);
+            var deviceInfo = await _deviceManager.GetDevice(id).ConfigureAwait(false);
             if (deviceInfo == null)
             {
                 return NotFound();
@@ -106,7 +108,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Options")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateDeviceOptions(
+        public async Task<ActionResult> UpdateDeviceOptions(
             [FromQuery, Required] string id,
             [FromBody, Required] DeviceOptions deviceOptions)
         {
@@ -116,7 +118,7 @@ namespace Jellyfin.Api.Controllers
                 return NotFound();
             }
 
-            _deviceManager.UpdateDeviceOptions(id, deviceOptions);
+            await _deviceManager.UpdateDeviceOptions(id, deviceOptions).ConfigureAwait(false);
             return NoContent();
         }
 
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
new file mode 100644
index 000000000..c942678d9
--- /dev/null
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -0,0 +1,158 @@
+using System;
+using System.Collections.Concurrent;
+using System.Linq;
+using System.Threading.Tasks;
+using Jellyfin.Data.Entities;
+using Jellyfin.Data.Entities.Security;
+using Jellyfin.Data.Enums;
+using Jellyfin.Data.Events;
+using MediaBrowser.Controller.Devices;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Model.Devices;
+using MediaBrowser.Model.Querying;
+using MediaBrowser.Model.Session;
+using Microsoft.EntityFrameworkCore;
+
+namespace Jellyfin.Server.Implementations.Devices
+{
+    public class DeviceManager : IDeviceManager
+    {
+        private readonly JellyfinDbProvider _dbProvider;
+        private readonly IUserManager _userManager;
+        private readonly ConcurrentDictionary<string, ClientCapabilities> _capabilitiesMap = new ();
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DeviceManager"/> class.
+        /// </summary>
+        /// <param name="dbProvider">The database provider.</param>
+        /// <param name="userManager">The user manager.</param>
+        public DeviceManager(JellyfinDbProvider dbProvider, IUserManager userManager)
+        {
+            _dbProvider = dbProvider;
+            _userManager = userManager;
+        }
+
+        /// <inheritdoc />
+        public event EventHandler<GenericEventArgs<Tuple<string, DeviceOptions>>>? DeviceOptionsUpdated;
+
+        /// <inheritdoc />
+        public void SaveCapabilities(string deviceId, ClientCapabilities capabilities)
+        {
+            _capabilitiesMap[deviceId] = capabilities;
+        }
+
+        /// <inheritdoc />
+        public async Task UpdateDeviceOptions(string deviceId, DeviceOptions options)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+            await dbContext.Database
+                .ExecuteSqlRawAsync($"UPDATE [DeviceOptions] SET [CustomName] = ${options.CustomName}")
+                .ConfigureAwait(false);
+
+            DeviceOptionsUpdated?.Invoke(this, new GenericEventArgs<Tuple<string, DeviceOptions>>(new Tuple<string, DeviceOptions>(deviceId, options)));
+        }
+
+        /// <inheritdoc />
+        public DeviceOptions? GetDeviceOptions(string deviceId)
+        {
+            using var dbContext = _dbProvider.CreateContext();
+            return dbContext.DeviceOptions
+                .AsQueryable()
+                .FirstOrDefault(d => d.DeviceId == deviceId);
+        }
+
+        /// <inheritdoc />
+        public ClientCapabilities GetCapabilities(string id)
+        {
+            return _capabilitiesMap.TryGetValue(id, out ClientCapabilities? result)
+                ? result
+                : new ClientCapabilities();
+        }
+
+        /// <inheritdoc />
+        public async Task<DeviceInfo?> GetDevice(string id)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+            var device = await dbContext.Devices
+                .AsQueryable()
+                .Where(d => d.DeviceId == id)
+                .OrderByDescending(d => d.DateLastActivity)
+                .Include(d => d.User)
+                .FirstOrDefaultAsync()
+                .ConfigureAwait(false);
+
+            var deviceInfo = device == null ? null : ToDeviceInfo(device);
+
+            return deviceInfo;
+        }
+
+        /// <inheritdoc />
+        public async Task<QueryResult<DeviceInfo>> GetDevices(DeviceQuery query)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+            var sessions = dbContext.Devices
+                .AsQueryable()
+                .OrderBy(d => d.DeviceId)
+                .ThenByDescending(d => d.DateLastActivity)
+                .AsAsyncEnumerable();
+
+            // TODO: DeviceQuery doesn't seem to be used from client. Not even Swagger.
+            if (query.SupportsSync.HasValue)
+            {
+                var val = query.SupportsSync.Value;
+
+                sessions = sessions.Where(i => GetCapabilities(i.DeviceId).SupportsSync == val);
+            }
+
+            if (!query.UserId.Equals(Guid.Empty))
+            {
+                var user = _userManager.GetUserById(query.UserId);
+
+                sessions = sessions.Where(i => CanAccessDevice(user, i.DeviceId));
+            }
+
+            var array = await sessions.Select(ToDeviceInfo).ToArrayAsync();
+
+            return new QueryResult<DeviceInfo>(array);
+        }
+
+        /// <inheritdoc />
+        public bool CanAccessDevice(User user, string deviceId)
+        {
+            if (user == null)
+            {
+                throw new ArgumentException("user not found");
+            }
+
+            if (string.IsNullOrEmpty(deviceId))
+            {
+                throw new ArgumentNullException(nameof(deviceId));
+            }
+
+            if (user.HasPermission(PermissionKind.EnableAllDevices) || user.HasPermission(PermissionKind.IsAdministrator))
+            {
+                return true;
+            }
+
+            return user.GetPreference(PreferenceKind.EnabledDevices).Contains(deviceId, StringComparer.OrdinalIgnoreCase)
+                   || !GetCapabilities(deviceId).SupportsPersistentIdentifier;
+        }
+
+        private DeviceInfo ToDeviceInfo(Device authInfo)
+        {
+            var caps = GetCapabilities(authInfo.DeviceId);
+
+            return new DeviceInfo
+            {
+                AppName = authInfo.AppName,
+                AppVersion = authInfo.AppVersion,
+                Id = authInfo.DeviceId,
+                LastUserId = authInfo.UserId,
+                LastUserName = authInfo.User.Username,
+                Name = authInfo.DeviceName,
+                DateLastActivity = authInfo.DateLastActivity,
+                IconUrl = caps.IconUrl
+            };
+        }
+    }
+}
diff --git a/Jellyfin.Server/CoreAppHost.cs b/Jellyfin.Server/CoreAppHost.cs
index 94c3ca4a9..b20acae32 100644
--- a/Jellyfin.Server/CoreAppHost.cs
+++ b/Jellyfin.Server/CoreAppHost.cs
@@ -9,10 +9,12 @@ using Jellyfin.Api.WebSocketListeners;
 using Jellyfin.Drawing.Skia;
 using Jellyfin.Server.Implementations;
 using Jellyfin.Server.Implementations.Activity;
+using Jellyfin.Server.Implementations.Devices;
 using Jellyfin.Server.Implementations.Events;
 using Jellyfin.Server.Implementations.Users;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.BaseItemManager;
+using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Drawing;
 using MediaBrowser.Controller.Events;
 using MediaBrowser.Controller.Library;
@@ -84,6 +86,7 @@ namespace Jellyfin.Server
             ServiceCollection.AddSingleton<IActivityManager, ActivityManager>();
             ServiceCollection.AddSingleton<IUserManager, UserManager>();
             ServiceCollection.AddSingleton<IDisplayPreferencesManager, DisplayPreferencesManager>();
+            ServiceCollection.AddSingleton<IDeviceManager, DeviceManager>();
 
             // TODO search the assemblies instead of adding them manually?
             ServiceCollection.AddSingleton<IWebSocketListener, SessionWebSocketListener>();
diff --git a/MediaBrowser.Controller/Devices/IDeviceManager.cs b/MediaBrowser.Controller/Devices/IDeviceManager.cs
index 8f0872dba..aa05ead8f 100644
--- a/MediaBrowser.Controller/Devices/IDeviceManager.cs
+++ b/MediaBrowser.Controller/Devices/IDeviceManager.cs
@@ -1,7 +1,9 @@
 #pragma warning disable CS1591
 
 using System;
+using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
+using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Events;
 using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Querying;
@@ -18,7 +20,6 @@ namespace MediaBrowser.Controller.Devices
         /// </summary>
         /// <param name="reportedId">The reported identifier.</param>
         /// <param name="capabilities">The capabilities.</param>
-        /// <returns>Task.</returns>
         void SaveCapabilities(string reportedId, ClientCapabilities capabilities);
 
         /// <summary>
@@ -33,21 +34,21 @@ namespace MediaBrowser.Controller.Devices
         /// </summary>
         /// <param name="id">The identifier.</param>
         /// <returns>DeviceInfo.</returns>
-        DeviceInfo GetDevice(string id);
+        Task<DeviceInfo> GetDevice(string id);
 
         /// <summary>
         /// Gets the devices.
         /// </summary>
         /// <param name="query">The query.</param>
         /// <returns>IEnumerable&lt;DeviceInfo&gt;.</returns>
-        QueryResult<DeviceInfo> GetDevices(DeviceQuery query);
+        Task<QueryResult<DeviceInfo>> GetDevices(DeviceQuery query);
 
         /// <summary>
         /// Determines whether this instance [can access device] the specified user identifier.
         /// </summary>
         bool CanAccessDevice(User user, string deviceId);
 
-        void UpdateDeviceOptions(string deviceId, DeviceOptions options);
+        Task UpdateDeviceOptions(string deviceId, DeviceOptions options);
 
         DeviceOptions GetDeviceOptions(string deviceId);
     }
diff --git a/MediaBrowser.Controller/Security/IAuthenticationRepository.cs b/MediaBrowser.Controller/Security/IAuthenticationRepository.cs
index 883b74165..27f281b71 100644
--- a/MediaBrowser.Controller/Security/IAuthenticationRepository.cs
+++ b/MediaBrowser.Controller/Security/IAuthenticationRepository.cs
@@ -1,6 +1,6 @@
 #pragma warning disable CS1591
 
-using MediaBrowser.Model.Devices;
+using Jellyfin.Data.Entities.Security;
 using MediaBrowser.Model.Querying;
 
 namespace MediaBrowser.Controller.Security
diff --git a/MediaBrowser.Model/Devices/DeviceOptions.cs b/MediaBrowser.Model/Devices/DeviceOptions.cs
deleted file mode 100644
index 037ffeb5e..000000000
--- a/MediaBrowser.Model/Devices/DeviceOptions.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-#pragma warning disable CS1591
-
-namespace MediaBrowser.Model.Devices
-{
-    public class DeviceOptions
-    {
-        public string? CustomName { get; set; }
-    }
-}
-- 
cgit v1.2.3


From 8607b5254142662e79dbf826d43375ce60727cfe Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Sat, 10 Apr 2021 16:57:25 -0400
Subject: Make device/session code async

---
 Emby.Dlna/PlayTo/PlayToManager.cs                  |  4 +-
 .../HttpServer/Security/SessionContext.cs          | 11 +--
 .../Session/SessionManager.cs                      | 26 ++++---
 .../Session/SessionWebSocketListener.cs            |  4 +-
 Jellyfin.Api/Controllers/DevicesController.cs      |  4 +-
 Jellyfin.Api/Controllers/LiveTvController.cs       | 26 +++----
 Jellyfin.Api/Controllers/PlaystateController.cs    | 20 ++---
 Jellyfin.Api/Controllers/SessionController.cs      | 72 ++++++++++--------
 Jellyfin.Api/Controllers/SyncPlayController.cs     | 85 +++++++++++-----------
 Jellyfin.Api/Helpers/RequestHelpers.cs             | 14 +++-
 .../Devices/DeviceManager.cs                       |  9 ++-
 MediaBrowser.Controller/Devices/IDeviceManager.cs  |  2 +-
 MediaBrowser.Controller/Net/ISessionContext.cs     |  9 ++-
 MediaBrowser.Controller/Session/ISessionManager.cs |  6 +-
 14 files changed, 160 insertions(+), 132 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Emby.Dlna/PlayTo/PlayToManager.cs b/Emby.Dlna/PlayTo/PlayToManager.cs
index 8272e505a..236ea4d57 100644
--- a/Emby.Dlna/PlayTo/PlayToManager.cs
+++ b/Emby.Dlna/PlayTo/PlayToManager.cs
@@ -171,7 +171,9 @@ namespace Emby.Dlna.PlayTo
                 uuid = uri.ToString().GetMD5().ToString("N", CultureInfo.InvariantCulture);
             }
 
-            var sessionInfo = _sessionManager.LogSessionActivity("DLNA", _appHost.ApplicationVersionString, uuid, null, uri.OriginalString, null);
+            var sessionInfo = await _sessionManager
+                .LogSessionActivity("DLNA", _appHost.ApplicationVersionString, uuid, null, uri.OriginalString, null)
+                .ConfigureAwait(false);
 
             var controller = sessionInfo.SessionControllers.OfType<PlayToController>().FirstOrDefault();
 
diff --git a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
index 040b6b9e4..1b295a92d 100644
--- a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
@@ -1,6 +1,7 @@
 #pragma warning disable CS1591
 
 using System;
+using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Library;
@@ -23,7 +24,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
             _sessionManager = sessionManager;
         }
 
-        public SessionInfo GetSession(HttpContext requestContext)
+        public Task<SessionInfo> GetSession(HttpContext requestContext)
         {
             var authorization = _authContext.GetAuthorizationInfo(requestContext);
 
@@ -31,19 +32,19 @@ namespace Emby.Server.Implementations.HttpServer.Security
             return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.GetNormalizedRemoteIp(), user);
         }
 
-        public SessionInfo GetSession(object requestContext)
+        public Task<SessionInfo> GetSession(object requestContext)
         {
             return GetSession((HttpContext)requestContext);
         }
 
-        public User GetUser(HttpContext requestContext)
+        public async Task<User> GetUser(HttpContext requestContext)
         {
-            var session = GetSession(requestContext);
+            var session = await GetSession(requestContext).ConfigureAwait(false);
 
             return session == null || session.UserId.Equals(Guid.Empty) ? null : _userManager.GetUserById(session.UserId);
         }
 
-        public User GetUser(object requestContext)
+        public Task<User> GetUser(object requestContext)
         {
             return GetUser(((HttpRequest)requestContext).HttpContext);
         }
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index a47a1f56f..678a27665 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -254,7 +254,7 @@ namespace Emby.Server.Implementations.Session
         /// <param name="remoteEndPoint">The remote end point.</param>
         /// <param name="user">The user.</param>
         /// <returns>SessionInfo.</returns>
-        public SessionInfo LogSessionActivity(
+        public async Task<SessionInfo> LogSessionActivity(
             string appName,
             string appVersion,
             string deviceId,
@@ -280,7 +280,7 @@ namespace Emby.Server.Implementations.Session
             }
 
             var activityDate = DateTime.UtcNow;
-            var session = GetSessionInfo(appName, appVersion, deviceId, deviceName, remoteEndPoint, user);
+            var session = await GetSessionInfo(appName, appVersion, deviceId, deviceName, remoteEndPoint, user).ConfigureAwait(false);
             var lastActivityDate = session.LastActivityDate;
             session.LastActivityDate = activityDate;
 
@@ -458,7 +458,7 @@ namespace Emby.Server.Implementations.Session
         /// <param name="remoteEndPoint">The remote end point.</param>
         /// <param name="user">The user.</param>
         /// <returns>SessionInfo.</returns>
-        private SessionInfo GetSessionInfo(
+        private async Task<SessionInfo> GetSessionInfo(
             string appName,
             string appVersion,
             string deviceId,
@@ -477,9 +477,11 @@ namespace Emby.Server.Implementations.Session
 
             CheckDisposed();
 
-            var sessionInfo = _activeConnections.GetOrAdd(
-                key,
-                k => CreateSession(k, appName, appVersion, deviceId, deviceName, remoteEndPoint, user));
+            if (!_activeConnections.TryGetValue(key, out var sessionInfo))
+            {
+                _activeConnections[key] = await CreateSession(key, appName, appVersion, deviceId, deviceName, remoteEndPoint, user).ConfigureAwait(false);
+                sessionInfo = _activeConnections[key];
+            }
 
             sessionInfo.UserId = user?.Id ?? Guid.Empty;
             sessionInfo.UserName = user?.Username;
@@ -502,7 +504,7 @@ namespace Emby.Server.Implementations.Session
             return sessionInfo;
         }
 
-        private SessionInfo CreateSession(
+        private async Task<SessionInfo> CreateSession(
             string key,
             string appName,
             string appVersion,
@@ -532,7 +534,7 @@ namespace Emby.Server.Implementations.Session
                 deviceName = "Network Device";
             }
 
-            var deviceOptions = _deviceManager.GetDeviceOptions(deviceId);
+            var deviceOptions = await _deviceManager.GetDeviceOptions(deviceId).ConfigureAwait(false);
             if (string.IsNullOrEmpty(deviceOptions.CustomName))
             {
                 sessionInfo.DeviceName = deviceName;
@@ -1507,13 +1509,13 @@ namespace Emby.Server.Implementations.Session
 
             var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
 
-            var session = LogSessionActivity(
+            var session = await LogSessionActivity(
                 request.App,
                 request.AppVersion,
                 request.DeviceId,
                 request.DeviceName,
                 request.RemoteEndPoint,
-                user);
+                user).ConfigureAwait(false);
 
             var returnResult = new AuthenticationResult
             {
@@ -1811,7 +1813,7 @@ namespace Emby.Server.Implementations.Session
         }
 
         /// <inheritdoc />
-        public SessionInfo GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion)
+        public Task<SessionInfo> GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion)
         {
             if (info == null)
             {
@@ -1844,7 +1846,7 @@ namespace Emby.Server.Implementations.Session
         }
 
         /// <inheritdoc />
-        public SessionInfo GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint)
+        public Task<SessionInfo> GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint)
         {
             var items = _authRepo.Get(new AuthenticationInfoQuery
             {
diff --git a/Emby.Server.Implementations/Session/SessionWebSocketListener.cs b/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
index 39c369a01..54e64cfeb 100644
--- a/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
+++ b/Emby.Server.Implementations/Session/SessionWebSocketListener.cs
@@ -97,7 +97,7 @@ namespace Emby.Server.Implementations.Session
         /// <inheritdoc />
         public async Task ProcessWebSocketConnectedAsync(IWebSocketConnection connection)
         {
-            var session = GetSession(connection.QueryString, connection.RemoteEndPoint.ToString());
+            var session = await GetSession(connection.QueryString, connection.RemoteEndPoint.ToString()).ConfigureAwait(false);
             if (session != null)
             {
                 EnsureController(session, connection);
@@ -109,7 +109,7 @@ namespace Emby.Server.Implementations.Session
             }
         }
 
-        private SessionInfo GetSession(IQueryCollection queryString, string remoteEndpoint)
+        private Task<SessionInfo> GetSession(IQueryCollection queryString, string remoteEndpoint)
         {
             if (queryString == null)
             {
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 3ca6488d9..99f8ede3a 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -86,9 +86,9 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("Options")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult<DeviceOptions> GetDeviceOptions([FromQuery, Required] string id)
+        public async Task<ActionResult<DeviceOptions>> GetDeviceOptions([FromQuery, Required] string id)
         {
-            var deviceInfo = _deviceManager.GetDeviceOptions(id);
+            var deviceInfo = await _deviceManager.GetDeviceOptions(id).ConfigureAwait(false);
             if (deviceInfo == null)
             {
                 return NotFound();
diff --git a/Jellyfin.Api/Controllers/LiveTvController.cs b/Jellyfin.Api/Controllers/LiveTvController.cs
index 24ee833ef..3e9b8bfa4 100644
--- a/Jellyfin.Api/Controllers/LiveTvController.cs
+++ b/Jellyfin.Api/Controllers/LiveTvController.cs
@@ -429,10 +429,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Tuners/{tunerId}/Reset")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.DefaultAuthorization)]
-        public ActionResult ResetTuner([FromRoute, Required] string tunerId)
+        public async Task<ActionResult> ResetTuner([FromRoute, Required] string tunerId)
         {
-            AssertUserCanManageLiveTv();
-            _liveTvManager.ResetTuner(tunerId, CancellationToken.None);
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
+            await _liveTvManager.ResetTuner(tunerId, CancellationToken.None).ConfigureAwait(false);
             return NoContent();
         }
 
@@ -761,9 +761,9 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteRecording([FromRoute, Required] Guid recordingId)
+        public async Task<ActionResult> DeleteRecording([FromRoute, Required] Guid recordingId)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
 
             var item = _libraryManager.GetItemById(recordingId);
             if (item == null)
@@ -790,7 +790,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> CancelTimer([FromRoute, Required] string timerId)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.CancelTimer(timerId).ConfigureAwait(false);
             return NoContent();
         }
@@ -808,7 +808,7 @@ namespace Jellyfin.Api.Controllers
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
         public async Task<ActionResult> UpdateTimer([FromRoute, Required] string timerId, [FromBody] TimerInfoDto timerInfo)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.UpdateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
             return NoContent();
         }
@@ -824,7 +824,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> CreateTimer([FromBody] TimerInfoDto timerInfo)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.CreateTimer(timerInfo, CancellationToken.None).ConfigureAwait(false);
             return NoContent();
         }
@@ -882,7 +882,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> CancelSeriesTimer([FromRoute, Required] string timerId)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.CancelSeriesTimer(timerId).ConfigureAwait(false);
             return NoContent();
         }
@@ -900,7 +900,7 @@ namespace Jellyfin.Api.Controllers
         [SuppressMessage("Microsoft.Performance", "CA1801:ReviewUnusedParameters", MessageId = "timerId", Justification = "Imported from ServiceStack")]
         public async Task<ActionResult> UpdateSeriesTimer([FromRoute, Required] string timerId, [FromBody] SeriesTimerInfoDto seriesTimerInfo)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.UpdateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
             return NoContent();
         }
@@ -916,7 +916,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         public async Task<ActionResult> CreateSeriesTimer([FromBody] SeriesTimerInfoDto seriesTimerInfo)
         {
-            AssertUserCanManageLiveTv();
+            await AssertUserCanManageLiveTv().ConfigureAwait(false);
             await _liveTvManager.CreateSeriesTimer(seriesTimerInfo, CancellationToken.None).ConfigureAwait(false);
             return NoContent();
         }
@@ -1215,9 +1215,9 @@ namespace Jellyfin.Api.Controllers
             return new FileStreamResult(liveStream, MimeTypes.GetMimeType("file." + container));
         }
 
-        private void AssertUserCanManageLiveTv()
+        private async Task AssertUserCanManageLiveTv()
         {
-            var user = _sessionContext.GetUser(Request);
+            var user = await _sessionContext.GetUser(Request).ConfigureAwait(false);
 
             if (user == null)
             {
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index f256c8c25..cc8c630b3 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -72,13 +72,13 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="OkResult"/> containing the <see cref="UserItemDataDto"/>.</returns>
         [HttpPost("Users/{userId}/PlayedItems/{itemId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<UserItemDataDto> MarkPlayedItem(
+        public async Task<ActionResult<UserItemDataDto>> MarkPlayedItem(
             [FromRoute, Required] Guid userId,
             [FromRoute, Required] Guid itemId,
             [FromQuery, ModelBinder(typeof(LegacyDateTimeModelBinder))] DateTime? datePlayed)
         {
             var user = _userManager.GetUserById(userId);
-            var session = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+            var session = await RequestHelpers.GetSession(_sessionManager, _authContext, Request).ConfigureAwait(false);
             var dto = UpdatePlayedStatus(user, itemId, true, datePlayed);
             foreach (var additionalUserInfo in session.AdditionalUsers)
             {
@@ -98,10 +98,10 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="OkResult"/> containing the <see cref="UserItemDataDto"/>.</returns>
         [HttpDelete("Users/{userId}/PlayedItems/{itemId}")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<UserItemDataDto> MarkUnplayedItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
+        public async Task<ActionResult<UserItemDataDto>> MarkUnplayedItem([FromRoute, Required] Guid userId, [FromRoute, Required] Guid itemId)
         {
             var user = _userManager.GetUserById(userId);
-            var session = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+            var session = await RequestHelpers.GetSession(_sessionManager, _authContext, Request).ConfigureAwait(false);
             var dto = UpdatePlayedStatus(user, itemId, false, null);
             foreach (var additionalUserInfo in session.AdditionalUsers)
             {
@@ -123,7 +123,7 @@ namespace Jellyfin.Api.Controllers
         public async Task<ActionResult> ReportPlaybackStart([FromBody] PlaybackStartInfo playbackStartInfo)
         {
             playbackStartInfo.PlayMethod = ValidatePlayMethod(playbackStartInfo.PlayMethod, playbackStartInfo.PlaySessionId);
-            playbackStartInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackStartInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackStart(playbackStartInfo).ConfigureAwait(false);
             return NoContent();
         }
@@ -139,7 +139,7 @@ namespace Jellyfin.Api.Controllers
         public async Task<ActionResult> ReportPlaybackProgress([FromBody] PlaybackProgressInfo playbackProgressInfo)
         {
             playbackProgressInfo.PlayMethod = ValidatePlayMethod(playbackProgressInfo.PlayMethod, playbackProgressInfo.PlaySessionId);
-            playbackProgressInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackProgressInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackProgress(playbackProgressInfo).ConfigureAwait(false);
             return NoContent();
         }
@@ -174,7 +174,7 @@ namespace Jellyfin.Api.Controllers
                 await _transcodingJobHelper.KillTranscodingJobs(_authContext.GetAuthorizationInfo(Request).DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
             }
 
-            playbackStopInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackStopInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackStopped(playbackStopInfo).ConfigureAwait(false);
             return NoContent();
         }
@@ -220,7 +220,7 @@ namespace Jellyfin.Api.Controllers
             };
 
             playbackStartInfo.PlayMethod = ValidatePlayMethod(playbackStartInfo.PlayMethod, playbackStartInfo.PlaySessionId);
-            playbackStartInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackStartInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackStart(playbackStartInfo).ConfigureAwait(false);
             return NoContent();
         }
@@ -278,7 +278,7 @@ namespace Jellyfin.Api.Controllers
             };
 
             playbackProgressInfo.PlayMethod = ValidatePlayMethod(playbackProgressInfo.PlayMethod, playbackProgressInfo.PlaySessionId);
-            playbackProgressInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackProgressInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackProgress(playbackProgressInfo).ConfigureAwait(false);
             return NoContent();
         }
@@ -323,7 +323,7 @@ namespace Jellyfin.Api.Controllers
                 await _transcodingJobHelper.KillTranscodingJobs(_authContext.GetAuthorizationInfo(Request).DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
             }
 
-            playbackStopInfo.SessionId = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            playbackStopInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             await _sessionManager.OnPlaybackStopped(playbackStopInfo).ConfigureAwait(false);
             return NoContent();
         }
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index e2269a2ce..14ce75514 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Threading;
+using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.ModelBinders;
@@ -124,7 +125,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Viewing")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult DisplayContent(
+        public async Task<ActionResult> DisplayContent(
             [FromRoute, Required] string sessionId,
             [FromQuery, Required] string itemType,
             [FromQuery, Required] string itemId,
@@ -137,11 +138,12 @@ namespace Jellyfin.Api.Controllers
                 ItemType = itemType
             };
 
-            _sessionManager.SendBrowseCommand(
-                RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+            await _sessionManager.SendBrowseCommand(
+                await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false),
                 sessionId,
                 command,
-                CancellationToken.None);
+                CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -158,7 +160,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Playing")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult Play(
+        public async Task<ActionResult> Play(
             [FromRoute, Required] string sessionId,
             [FromQuery, Required] PlayCommand playCommand,
             [FromQuery, Required, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] itemIds,
@@ -171,11 +173,12 @@ namespace Jellyfin.Api.Controllers
                 PlayCommand = playCommand
             };
 
-            _sessionManager.SendPlayCommand(
-                RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+            await _sessionManager.SendPlayCommand(
+                await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false),
                 sessionId,
                 playRequest,
-                CancellationToken.None);
+                CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -192,14 +195,14 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Playing/{command}")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SendPlaystateCommand(
+        public async Task<ActionResult> SendPlaystateCommand(
             [FromRoute, Required] string sessionId,
             [FromRoute, Required] PlaystateCommand command,
             [FromQuery] long? seekPositionTicks,
             [FromQuery] string? controllingUserId)
         {
-            _sessionManager.SendPlaystateCommand(
-                RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id,
+            await _sessionManager.SendPlaystateCommand(
+                await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false),
                 sessionId,
                 new PlaystateRequest()
                 {
@@ -207,7 +210,8 @@ namespace Jellyfin.Api.Controllers
                     ControllingUserId = controllingUserId,
                     SeekPositionTicks = seekPositionTicks,
                 },
-                CancellationToken.None);
+                CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -222,18 +226,18 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/System/{command}")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SendSystemCommand(
+        public async Task<ActionResult> SendSystemCommand(
             [FromRoute, Required] string sessionId,
             [FromRoute, Required] GeneralCommandType command)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authContext, Request).ConfigureAwait(false);
             var generalCommand = new GeneralCommand
             {
                 Name = command,
                 ControllingUserId = currentSession.UserId
             };
 
-            _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None);
+            await _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None);
 
             return NoContent();
         }
@@ -248,11 +252,11 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Command/{command}")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SendGeneralCommand(
+        public async Task<ActionResult> SendGeneralCommand(
             [FromRoute, Required] string sessionId,
             [FromRoute, Required] GeneralCommandType command)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authContext, Request).ConfigureAwait(false);
 
             var generalCommand = new GeneralCommand
             {
@@ -260,7 +264,8 @@ namespace Jellyfin.Api.Controllers
                 ControllingUserId = currentSession.UserId
             };
 
-            _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None);
+            await _sessionManager.SendGeneralCommand(currentSession.Id, sessionId, generalCommand, CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -275,11 +280,12 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Command")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SendFullGeneralCommand(
+        public async Task<ActionResult> SendFullGeneralCommand(
             [FromRoute, Required] string sessionId,
             [FromBody, Required] GeneralCommand command)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authContext, Request)
+                .ConfigureAwait(false);
 
             if (command == null)
             {
@@ -288,11 +294,12 @@ namespace Jellyfin.Api.Controllers
 
             command.ControllingUserId = currentSession.UserId;
 
-            _sessionManager.SendGeneralCommand(
+            await _sessionManager.SendGeneralCommand(
                 currentSession.Id,
                 sessionId,
                 command,
-                CancellationToken.None);
+                CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -309,7 +316,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/{sessionId}/Message")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SendMessageCommand(
+        public async Task<ActionResult> SendMessageCommand(
             [FromRoute, Required] string sessionId,
             [FromQuery, Required] string text,
             [FromQuery] string? header,
@@ -322,7 +329,12 @@ namespace Jellyfin.Api.Controllers
                 Text = text
             };
 
-            _sessionManager.SendMessageCommand(RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id, sessionId, command, CancellationToken.None);
+            await _sessionManager.SendMessageCommand(
+                await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false),
+                sessionId,
+                command,
+                CancellationToken.None)
+                .ConfigureAwait(false);
 
             return NoContent();
         }
@@ -377,7 +389,7 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/Capabilities")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostCapabilities(
+        public async Task<ActionResult> PostCapabilities(
             [FromQuery] string? id,
             [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] playableMediaTypes,
             [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] GeneralCommandType[] supportedCommands,
@@ -387,7 +399,7 @@ namespace Jellyfin.Api.Controllers
         {
             if (string.IsNullOrWhiteSpace(id))
             {
-                id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+                id = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             }
 
             _sessionManager.ReportCapabilities(id, new ClientCapabilities
@@ -411,13 +423,13 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/Capabilities/Full")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult PostFullCapabilities(
+        public async Task<ActionResult> PostFullCapabilities(
             [FromQuery] string? id,
             [FromBody, Required] ClientCapabilitiesDto capabilities)
         {
             if (string.IsNullOrWhiteSpace(id))
             {
-                id = RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+                id = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
             }
 
             _sessionManager.ReportCapabilities(id, capabilities.ToClientCapabilities());
@@ -435,11 +447,11 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/Viewing")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult ReportViewing(
+        public async Task<ActionResult> ReportViewing(
             [FromQuery] string? sessionId,
             [FromQuery, Required] string? itemId)
         {
-            string session = sessionId ?? RequestHelpers.GetSession(_sessionManager, _authContext, Request).Id;
+            string session = sessionId ?? await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
 
             _sessionManager.ReportNowViewingItem(session, itemId);
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/SyncPlayController.cs b/Jellyfin.Api/Controllers/SyncPlayController.cs
index f878f2329..1b3248c0c 100644
--- a/Jellyfin.Api/Controllers/SyncPlayController.cs
+++ b/Jellyfin.Api/Controllers/SyncPlayController.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Threading;
+using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Helpers;
 using Jellyfin.Api.Models.SyncPlayDtos;
@@ -51,10 +52,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("New")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayCreateGroup)]
-        public ActionResult SyncPlayCreateGroup(
+        public async Task<ActionResult> SyncPlayCreateGroup(
             [FromBody, Required] NewGroupRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new NewGroupRequest(requestData.GroupName);
             _syncPlayManager.NewGroup(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -69,10 +70,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Join")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayJoinGroup)]
-        public ActionResult SyncPlayJoinGroup(
+        public async Task<ActionResult> SyncPlayJoinGroup(
             [FromBody, Required] JoinGroupRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new JoinGroupRequest(requestData.GroupId);
             _syncPlayManager.JoinGroup(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -86,9 +87,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Leave")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayLeaveGroup()
+        public async Task<ActionResult> SyncPlayLeaveGroup()
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new LeaveGroupRequest();
             _syncPlayManager.LeaveGroup(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -102,9 +103,9 @@ namespace Jellyfin.Api.Controllers
         [HttpGet("List")]
         [ProducesResponseType(StatusCodes.Status200OK)]
         [Authorize(Policy = Policies.SyncPlayJoinGroup)]
-        public ActionResult<IEnumerable<GroupInfoDto>> SyncPlayGetGroups()
+        public async Task<ActionResult<IEnumerable<GroupInfoDto>>> SyncPlayGetGroups()
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new ListGroupsRequest();
             return Ok(_syncPlayManager.ListGroups(currentSession, syncPlayRequest));
         }
@@ -118,10 +119,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SetNewQueue")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySetNewQueue(
+        public async Task<ActionResult> SyncPlaySetNewQueue(
             [FromBody, Required] PlayRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new PlayGroupRequest(
                 requestData.PlayingQueue,
                 requestData.PlayingItemPosition,
@@ -139,10 +140,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SetPlaylistItem")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySetPlaylistItem(
+        public async Task<ActionResult> SyncPlaySetPlaylistItem(
             [FromBody, Required] SetPlaylistItemRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new SetPlaylistItemGroupRequest(requestData.PlaylistItemId);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -157,10 +158,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("RemoveFromPlaylist")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayRemoveFromPlaylist(
+        public async Task<ActionResult> SyncPlayRemoveFromPlaylist(
             [FromBody, Required] RemoveFromPlaylistRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new RemoveFromPlaylistGroupRequest(requestData.PlaylistItemIds);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -175,10 +176,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("MovePlaylistItem")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayMovePlaylistItem(
+        public async Task<ActionResult> SyncPlayMovePlaylistItem(
             [FromBody, Required] MovePlaylistItemRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new MovePlaylistItemGroupRequest(requestData.PlaylistItemId, requestData.NewIndex);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -193,10 +194,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Queue")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayQueue(
+        public async Task<ActionResult> SyncPlayQueue(
             [FromBody, Required] QueueRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new QueueGroupRequest(requestData.ItemIds, requestData.Mode);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -210,9 +211,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Unpause")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayUnpause()
+        public async Task<ActionResult> SyncPlayUnpause()
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new UnpauseGroupRequest();
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -226,9 +227,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Pause")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayPause()
+        public async Task<ActionResult> SyncPlayPause()
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new PauseGroupRequest();
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -242,9 +243,9 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Stop")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayStop()
+        public async Task<ActionResult> SyncPlayStop()
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new StopGroupRequest();
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -259,10 +260,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Seek")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySeek(
+        public async Task<ActionResult> SyncPlaySeek(
             [FromBody, Required] SeekRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new SeekGroupRequest(requestData.PositionTicks);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -277,10 +278,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Buffering")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayBuffering(
+        public async Task<ActionResult> SyncPlayBuffering(
             [FromBody, Required] BufferRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new BufferGroupRequest(
                 requestData.When,
                 requestData.PositionTicks,
@@ -299,10 +300,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Ready")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayReady(
+        public async Task<ActionResult> SyncPlayReady(
             [FromBody, Required] ReadyRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new ReadyGroupRequest(
                 requestData.When,
                 requestData.PositionTicks,
@@ -321,10 +322,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SetIgnoreWait")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySetIgnoreWait(
+        public async Task<ActionResult> SyncPlaySetIgnoreWait(
             [FromBody, Required] IgnoreWaitRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new IgnoreWaitGroupRequest(requestData.IgnoreWait);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -339,10 +340,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("NextItem")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayNextItem(
+        public async Task<ActionResult> SyncPlayNextItem(
             [FromBody, Required] NextItemRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new NextItemGroupRequest(requestData.PlaylistItemId);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -357,10 +358,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("PreviousItem")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlayPreviousItem(
+        public async Task<ActionResult> SyncPlayPreviousItem(
             [FromBody, Required] PreviousItemRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new PreviousItemGroupRequest(requestData.PlaylistItemId);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -375,10 +376,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SetRepeatMode")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySetRepeatMode(
+        public async Task<ActionResult> SyncPlaySetRepeatMode(
             [FromBody, Required] SetRepeatModeRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new SetRepeatModeGroupRequest(requestData.Mode);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -393,10 +394,10 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("SetShuffleMode")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [Authorize(Policy = Policies.SyncPlayIsInGroup)]
-        public ActionResult SyncPlaySetShuffleMode(
+        public async Task<ActionResult> SyncPlaySetShuffleMode(
             [FromBody, Required] SetShuffleModeRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new SetShuffleModeGroupRequest(requestData.Mode);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
@@ -410,10 +411,10 @@ namespace Jellyfin.Api.Controllers
         /// <returns>A <see cref="NoContentResult"/> indicating success.</returns>
         [HttpPost("Ping")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult SyncPlayPing(
+        public async Task<ActionResult> SyncPlayPing(
             [FromBody, Required] PingRequestDto requestData)
         {
-            var currentSession = RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request);
+            var currentSession = await RequestHelpers.GetSession(_sessionManager, _authorizationContext, Request).ConfigureAwait(false);
             var syncPlayRequest = new PingGroupRequest(requestData.Ping);
             _syncPlayManager.HandleRequest(currentSession, syncPlayRequest, CancellationToken.None);
             return NoContent();
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 94856e03e..72b60ee57 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Common.Extensions;
@@ -75,17 +76,17 @@ namespace Jellyfin.Api.Helpers
             return true;
         }
 
-        internal static SessionInfo GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
+        internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
         {
             var authorization = authContext.GetAuthorizationInfo(request);
             var user = authorization.User;
-            var session = sessionManager.LogSessionActivity(
+            var session = await sessionManager.LogSessionActivity(
                 authorization.Client,
                 authorization.Version,
                 authorization.DeviceId,
                 authorization.Device,
                 request.HttpContext.GetNormalizedRemoteIp(),
-                user);
+                user).ConfigureAwait(false);
 
             if (session == null)
             {
@@ -95,6 +96,13 @@ namespace Jellyfin.Api.Helpers
             return session;
         }
 
+        internal static async Task<string> GetSessionId(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
+        {
+            var session = await GetSession(sessionManager, authContext, request).ConfigureAwait(false);
+
+            return session.Id;
+        }
+
         internal static QueryResult<BaseItemDto> CreateQueryResult(
             QueryResult<(BaseItem, ItemCounts)> result,
             DtoOptions dtoOptions,
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index c942678d9..0d93ee2bf 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -53,12 +53,13 @@ namespace Jellyfin.Server.Implementations.Devices
         }
 
         /// <inheritdoc />
-        public DeviceOptions? GetDeviceOptions(string deviceId)
+        public async Task<DeviceOptions?> GetDeviceOptions(string deviceId)
         {
-            using var dbContext = _dbProvider.CreateContext();
-            return dbContext.DeviceOptions
+            await using var dbContext = _dbProvider.CreateContext();
+            return await dbContext.DeviceOptions
                 .AsQueryable()
-                .FirstOrDefault(d => d.DeviceId == deviceId);
+                .FirstOrDefaultAsync(d => d.DeviceId == deviceId)
+                .ConfigureAwait(false);
         }
 
         /// <inheritdoc />
diff --git a/MediaBrowser.Controller/Devices/IDeviceManager.cs b/MediaBrowser.Controller/Devices/IDeviceManager.cs
index aa05ead8f..0df040794 100644
--- a/MediaBrowser.Controller/Devices/IDeviceManager.cs
+++ b/MediaBrowser.Controller/Devices/IDeviceManager.cs
@@ -50,6 +50,6 @@ namespace MediaBrowser.Controller.Devices
 
         Task UpdateDeviceOptions(string deviceId, DeviceOptions options);
 
-        DeviceOptions GetDeviceOptions(string deviceId);
+        Task<DeviceOptions> GetDeviceOptions(string deviceId);
     }
 }
diff --git a/MediaBrowser.Controller/Net/ISessionContext.cs b/MediaBrowser.Controller/Net/ISessionContext.cs
index a60dc2ea1..57938da1f 100644
--- a/MediaBrowser.Controller/Net/ISessionContext.cs
+++ b/MediaBrowser.Controller/Net/ISessionContext.cs
@@ -1,5 +1,6 @@
 #pragma warning disable CS1591
 
+using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
 using MediaBrowser.Controller.Session;
 using Microsoft.AspNetCore.Http;
@@ -8,12 +9,12 @@ namespace MediaBrowser.Controller.Net
 {
     public interface ISessionContext
     {
-        SessionInfo GetSession(object requestContext);
+        Task<SessionInfo> GetSession(object requestContext);
 
-        User GetUser(object requestContext);
+        Task<User> GetUser(object requestContext);
 
-        SessionInfo GetSession(HttpContext requestContext);
+        Task<SessionInfo> GetSession(HttpContext requestContext);
 
-        User GetUser(HttpContext requestContext);
+        Task<User> GetUser(HttpContext requestContext);
     }
 }
diff --git a/MediaBrowser.Controller/Session/ISessionManager.cs b/MediaBrowser.Controller/Session/ISessionManager.cs
index 9eb486534..630037570 100644
--- a/MediaBrowser.Controller/Session/ISessionManager.cs
+++ b/MediaBrowser.Controller/Session/ISessionManager.cs
@@ -80,7 +80,7 @@ namespace MediaBrowser.Controller.Session
         /// <param name="deviceName">Name of the device.</param>
         /// <param name="remoteEndPoint">The remote end point.</param>
         /// <param name="user">The user.</param>
-        SessionInfo LogSessionActivity(string appName, string appVersion, string deviceId, string deviceName, string remoteEndPoint, Jellyfin.Data.Entities.User user);
+        Task<SessionInfo> LogSessionActivity(string appName, string appVersion, string deviceId, string deviceName, string remoteEndPoint, Jellyfin.Data.Entities.User user);
 
         /// <summary>
         /// Used to report that a session controller has connected.
@@ -313,7 +313,7 @@ namespace MediaBrowser.Controller.Session
         /// <param name="deviceId">The device identifier.</param>
         /// <param name="remoteEndpoint">The remote endpoint.</param>
         /// <returns>SessionInfo.</returns>
-        SessionInfo GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint);
+        Task<SessionInfo> GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint);
 
         /// <summary>
         /// Gets the session by authentication token.
@@ -323,7 +323,7 @@ namespace MediaBrowser.Controller.Session
         /// <param name="remoteEndpoint">The remote endpoint.</param>
         /// <param name="appVersion">The application version.</param>
         /// <returns>Task&lt;SessionInfo&gt;.</returns>
-        SessionInfo GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion);
+        Task<SessionInfo> GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion);
 
         /// <summary>
         /// Logouts the specified access token.
-- 
cgit v1.2.3


From e1f70860778687703fcc0e950fb1496afa22775e Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Thu, 20 May 2021 20:39:22 -0400
Subject: Remove unnecessary query class

---
 Jellyfin.Api/Controllers/DevicesController.cs       |  3 +--
 .../Devices/DeviceManager.cs                        | 13 +++++--------
 MediaBrowser.Controller/Devices/IDeviceManager.cs   |  5 +++--
 MediaBrowser.Model/Devices/DeviceQuery.cs           | 21 ---------------------
 4 files changed, 9 insertions(+), 33 deletions(-)
 delete mode 100644 MediaBrowser.Model/Devices/DeviceQuery.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 99f8ede3a..4cfae568a 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -51,8 +51,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<QueryResult<DeviceInfo>>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
-            var deviceQuery = new DeviceQuery { SupportsSync = supportsSync, UserId = userId ?? Guid.Empty };
-            return await _deviceManager.GetDevices(deviceQuery);
+            return await _deviceManager.GetDevicesForUser(userId, supportsSync);
         }
 
         /// <summary>
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index 4758f24f3..bde8eb86e 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -91,7 +91,7 @@ namespace Jellyfin.Server.Implementations.Devices
         }
 
         /// <inheritdoc />
-        public async Task<QueryResult<DeviceInfo>> GetDevices(DeviceQuery query)
+        public async Task<QueryResult<DeviceInfo>> GetDevicesForUser(Guid? userId, bool? supportsSync)
         {
             await using var dbContext = _dbProvider.CreateContext();
             var sessions = dbContext.Devices
@@ -100,17 +100,14 @@ namespace Jellyfin.Server.Implementations.Devices
                 .ThenByDescending(d => d.DateLastActivity)
                 .AsAsyncEnumerable();
 
-            // TODO: DeviceQuery doesn't seem to be used from client. Not even Swagger.
-            if (query.SupportsSync.HasValue)
+            if (supportsSync.HasValue)
             {
-                var val = query.SupportsSync.Value;
-
-                sessions = sessions.Where(i => GetCapabilities(i.DeviceId).SupportsSync == val);
+                sessions = sessions.Where(i => GetCapabilities(i.DeviceId).SupportsSync == supportsSync.Value);
             }
 
-            if (!query.UserId.Equals(Guid.Empty))
+            if (userId.HasValue)
             {
-                var user = _userManager.GetUserById(query.UserId);
+                var user = _userManager.GetUserById(userId.Value);
 
                 sessions = sessions.Where(i => CanAccessDevice(user, i.DeviceId));
             }
diff --git a/MediaBrowser.Controller/Devices/IDeviceManager.cs b/MediaBrowser.Controller/Devices/IDeviceManager.cs
index 26afd9394..28612cea3 100644
--- a/MediaBrowser.Controller/Devices/IDeviceManager.cs
+++ b/MediaBrowser.Controller/Devices/IDeviceManager.cs
@@ -41,9 +41,10 @@ namespace MediaBrowser.Controller.Devices
         /// <summary>
         /// Gets the devices.
         /// </summary>
-        /// <param name="query">The query.</param>
+        /// <param name="userId">The user's id, or <c>null</c>.</param>
+        /// <param name="supportsSync">A value indicating whether the device supports sync, or <c>null</c>.</param>
         /// <returns>IEnumerable&lt;DeviceInfo&gt;.</returns>
-        Task<QueryResult<DeviceInfo>> GetDevices(DeviceQuery query);
+        Task<QueryResult<DeviceInfo>> GetDevicesForUser(Guid? userId, bool? supportsSync);
 
         /// <summary>
         /// Determines whether this instance [can access device] the specified user identifier.
diff --git a/MediaBrowser.Model/Devices/DeviceQuery.cs b/MediaBrowser.Model/Devices/DeviceQuery.cs
deleted file mode 100644
index 64e366a56..000000000
--- a/MediaBrowser.Model/Devices/DeviceQuery.cs
+++ /dev/null
@@ -1,21 +0,0 @@
-#pragma warning disable CS1591
-
-using System;
-
-namespace MediaBrowser.Model.Devices
-{
-    public class DeviceQuery
-    {
-        /// <summary>
-        /// Gets or sets a value indicating whether [supports synchronize].
-        /// </summary>
-        /// <value><c>null</c> if [supports synchronize] contains no value, <c>true</c> if [supports synchronize]; otherwise, <c>false</c>.</value>
-        public bool? SupportsSync { get; set; }
-
-        /// <summary>
-        /// Gets or sets the user identifier.
-        /// </summary>
-        /// <value>The user identifier.</value>
-        public Guid UserId { get; set; }
-    }
-}
-- 
cgit v1.2.3


From a0c6f7276211ac0429877fafa400368aba1430a9 Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Thu, 20 May 2021 23:56:59 -0400
Subject: Migrate authentication db to EF Core

---
 Emby.Server.Implementations/ApplicationHost.cs     |  10 +-
 .../HttpServer/Security/AuthService.cs             |   5 +-
 .../HttpServer/Security/AuthorizationContext.cs    | 291 ----------
 .../HttpServer/Security/SessionContext.cs          |  12 +-
 .../HttpServer/WebSocketManager.cs                 |   2 +-
 .../Security/AuthenticationRepository.cs           | 407 -------------
 .../Session/SessionManager.cs                      |  80 +--
 Jellyfin.Api/Auth/CustomAuthenticationHandler.cs   |  10 +-
 Jellyfin.Api/Controllers/CollectionController.cs   |   2 +-
 Jellyfin.Api/Controllers/DevicesController.cs      |  18 +-
 Jellyfin.Api/Controllers/ImageController.cs        |   8 +-
 Jellyfin.Api/Controllers/LibraryController.cs      |  10 +-
 Jellyfin.Api/Controllers/MediaInfoController.cs    |   2 +-
 Jellyfin.Api/Controllers/PlaystateController.cs    |   6 +-
 Jellyfin.Api/Controllers/SessionController.cs      |   6 +-
 Jellyfin.Api/Controllers/SubtitleController.cs     |   2 +-
 .../Controllers/UniversalAudioController.cs        |   4 +-
 Jellyfin.Api/Controllers/UserController.cs         |  42 +-
 Jellyfin.Api/Controllers/UserViewsController.cs    |   5 +-
 Jellyfin.Api/Helpers/MediaInfoHelper.cs            |   2 +-
 Jellyfin.Api/Helpers/RequestHelpers.cs             |   6 +-
 Jellyfin.Api/Helpers/StreamingHelpers.cs           |   4 +-
 Jellyfin.Api/Helpers/TranscodingJobHelper.cs       |   2 +-
 .../Devices/DeviceManager.cs                       |  73 +++
 Jellyfin.Server.Implementations/JellyfinDb.cs      |   9 +
 .../20210521032224_AddDevices.Designer.cs          | 645 +++++++++++++++++++++
 .../Migrations/20210521032224_AddDevices.cs        | 126 ++++
 .../Migrations/JellyfinDbModelSnapshot.cs          | 114 +++-
 .../Security/AuthorizationContext.cs               | 283 +++++++++
 .../Users/DeviceAccessEntryPoint.cs                |  22 +-
 Jellyfin.Server/CoreAppHost.cs                     |   3 +
 MediaBrowser.Controller/Devices/IDeviceManager.cs  |  19 +
 MediaBrowser.Controller/Net/IAuthService.cs        |   3 +-
 .../Net/IAuthorizationContext.cs                   |   9 +-
 .../Security/AuthenticationInfoQuery.cs            |  53 --
 .../Security/IAuthenticationRepository.cs          |  39 --
 MediaBrowser.Controller/Session/ISessionManager.cs |  19 +-
 MediaBrowser.Model/Devices/DeviceInfo.cs           |   5 +
 .../Auth/CustomAuthenticationHandlerTests.cs       |   2 +-
 39 files changed, 1408 insertions(+), 952 deletions(-)
 delete mode 100644 Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
 delete mode 100644 Emby.Server.Implementations/Security/AuthenticationRepository.cs
 create mode 100644 Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.Designer.cs
 create mode 100644 Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.cs
 create mode 100644 Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
 delete mode 100644 MediaBrowser.Controller/Security/AuthenticationInfoQuery.cs
 delete mode 100644 MediaBrowser.Controller/Security/IAuthenticationRepository.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs
index 213890c67..a69c4d035 100644
--- a/Emby.Server.Implementations/ApplicationHost.cs
+++ b/Emby.Server.Implementations/ApplicationHost.cs
@@ -36,7 +36,6 @@ using Emby.Server.Implementations.Playlists;
 using Emby.Server.Implementations.Plugins;
 using Emby.Server.Implementations.QuickConnect;
 using Emby.Server.Implementations.ScheduledTasks;
-using Emby.Server.Implementations.Security;
 using Emby.Server.Implementations.Serialization;
 using Emby.Server.Implementations.Session;
 using Emby.Server.Implementations.SyncPlay;
@@ -57,7 +56,6 @@ using MediaBrowser.Controller.Channels;
 using MediaBrowser.Controller.Chapters;
 using MediaBrowser.Controller.Collections;
 using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Dlna;
 using MediaBrowser.Controller.Drawing;
 using MediaBrowser.Controller.Dto;
@@ -73,7 +71,6 @@ using MediaBrowser.Controller.Plugins;
 using MediaBrowser.Controller.Providers;
 using MediaBrowser.Controller.QuickConnect;
 using MediaBrowser.Controller.Resolvers;
-using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Controller.Sorting;
 using MediaBrowser.Controller.Subtitles;
@@ -599,8 +596,6 @@ namespace Emby.Server.Implementations
 
             ServiceCollection.AddSingleton<IItemRepository, SqliteItemRepository>();
 
-            ServiceCollection.AddSingleton<IAuthenticationRepository, AuthenticationRepository>();
-
             ServiceCollection.AddSingleton<IMediaEncoder, MediaBrowser.MediaEncoding.Encoder.MediaEncoder>();
             ServiceCollection.AddSingleton<EncodingHelper>();
 
@@ -657,8 +652,7 @@ namespace Emby.Server.Implementations
 
             ServiceCollection.AddSingleton<IEncodingManager, MediaEncoder.EncodingManager>();
 
-            ServiceCollection.AddSingleton<IAuthorizationContext, AuthorizationContext>();
-            ServiceCollection.AddSingleton<ISessionContext, SessionContext>();
+            ServiceCollection.AddScoped<ISessionContext, SessionContext>();
 
             ServiceCollection.AddSingleton<IAuthService, AuthService>();
             ServiceCollection.AddSingleton<IQuickConnect, QuickConnectManager>();
@@ -687,8 +681,6 @@ namespace Emby.Server.Implementations
             _mediaEncoder = Resolve<IMediaEncoder>();
             _sessionManager = Resolve<ISessionManager>();
 
-            ((AuthenticationRepository)Resolve<IAuthenticationRepository>()).Initialize();
-
             SetStaticProperties();
 
             var userDataRepo = (SqliteUserDataRepository)Resolve<IUserDataRepository>();
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
index 9afabf527..e2ad07177 100644
--- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs
@@ -1,5 +1,6 @@
 #pragma warning disable CS1591
 
+using System.Threading.Tasks;
 using Jellyfin.Data.Enums;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
@@ -17,9 +18,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
             _authorizationContext = authorizationContext;
         }
 
-        public AuthorizationInfo Authenticate(HttpRequest request)
+        public async Task<AuthorizationInfo> Authenticate(HttpRequest request)
         {
-            var auth = _authorizationContext.GetAuthorizationInfo(request);
+            var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false);
 
             if (!auth.HasToken)
             {
diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs b/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
deleted file mode 100644
index 024404ceb..000000000
--- a/Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
+++ /dev/null
@@ -1,291 +0,0 @@
-#pragma warning disable CS1591
-
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Net;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Security;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Net.Http.Headers;
-
-namespace Emby.Server.Implementations.HttpServer.Security
-{
-    public class AuthorizationContext : IAuthorizationContext
-    {
-        private readonly IAuthenticationRepository _authRepo;
-        private readonly IUserManager _userManager;
-
-        public AuthorizationContext(IAuthenticationRepository authRepo, IUserManager userManager)
-        {
-            _authRepo = authRepo;
-            _userManager = userManager;
-        }
-
-        public AuthorizationInfo GetAuthorizationInfo(HttpContext requestContext)
-        {
-            if (requestContext.Request.HttpContext.Items.TryGetValue("AuthorizationInfo", out var cached))
-            {
-                return (AuthorizationInfo)cached;
-            }
-
-            return GetAuthorization(requestContext);
-        }
-
-        public AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext)
-        {
-            var auth = GetAuthorizationDictionary(requestContext);
-            var authInfo = GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
-            return authInfo;
-        }
-
-        /// <summary>
-        /// Gets the authorization.
-        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
-        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private AuthorizationInfo GetAuthorization(HttpContext httpReq)
-        {
-            var auth = GetAuthorizationDictionary(httpReq);
-            var authInfo = GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
-
-            httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
-            return authInfo;
-        }
-
-        private AuthorizationInfo GetAuthorizationInfoFromDictionary(
-            in Dictionary<string, string> auth,
-            in IHeaderDictionary headers,
-            in IQueryCollection queryString)
-        {
-            string deviceId = null;
-            string device = null;
-            string client = null;
-            string version = null;
-            string token = null;
-
-            if (auth != null)
-            {
-                auth.TryGetValue("DeviceId", out deviceId);
-                auth.TryGetValue("Device", out device);
-                auth.TryGetValue("Client", out client);
-                auth.TryGetValue("Version", out version);
-                auth.TryGetValue("Token", out token);
-            }
-
-            if (string.IsNullOrEmpty(token))
-            {
-                token = headers["X-Emby-Token"];
-            }
-
-            if (string.IsNullOrEmpty(token))
-            {
-                token = headers["X-MediaBrowser-Token"];
-            }
-
-            if (string.IsNullOrEmpty(token))
-            {
-                token = queryString["ApiKey"];
-            }
-
-            // TODO deprecate this query parameter.
-            if (string.IsNullOrEmpty(token))
-            {
-                token = queryString["api_key"];
-            }
-
-            var authInfo = new AuthorizationInfo
-            {
-                Client = client,
-                Device = device,
-                DeviceId = deviceId,
-                Version = version,
-                Token = token,
-                IsAuthenticated = false,
-                HasToken = false
-            };
-
-            if (string.IsNullOrWhiteSpace(token))
-            {
-                // Request doesn't contain a token.
-                return authInfo;
-            }
-
-            authInfo.HasToken = true;
-            var result = _authRepo.Get(new AuthenticationInfoQuery
-            {
-                AccessToken = token
-            });
-
-            if (result.Items.Count > 0)
-            {
-                authInfo.IsAuthenticated = true;
-            }
-
-            var originalAuthenticationInfo = result.Items.Count > 0 ? result.Items[0] : null;
-
-            if (originalAuthenticationInfo != null)
-            {
-                var updateToken = false;
-
-                // TODO: Remove these checks for IsNullOrWhiteSpace
-                if (string.IsNullOrWhiteSpace(authInfo.Client))
-                {
-                    authInfo.Client = originalAuthenticationInfo.AppName;
-                }
-
-                if (string.IsNullOrWhiteSpace(authInfo.DeviceId))
-                {
-                    authInfo.DeviceId = originalAuthenticationInfo.DeviceId;
-                }
-
-                // Temporary. TODO - allow clients to specify that the token has been shared with a casting device
-                var allowTokenInfoUpdate = authInfo.Client == null || authInfo.Client.IndexOf("chromecast", StringComparison.OrdinalIgnoreCase) == -1;
-
-                if (string.IsNullOrWhiteSpace(authInfo.Device))
-                {
-                    authInfo.Device = originalAuthenticationInfo.DeviceName;
-                }
-                else if (!string.Equals(authInfo.Device, originalAuthenticationInfo.DeviceName, StringComparison.OrdinalIgnoreCase))
-                {
-                    if (allowTokenInfoUpdate)
-                    {
-                        updateToken = true;
-                        originalAuthenticationInfo.DeviceName = authInfo.Device;
-                    }
-                }
-
-                if (string.IsNullOrWhiteSpace(authInfo.Version))
-                {
-                    authInfo.Version = originalAuthenticationInfo.AppVersion;
-                }
-                else if (!string.Equals(authInfo.Version, originalAuthenticationInfo.AppVersion, StringComparison.OrdinalIgnoreCase))
-                {
-                    if (allowTokenInfoUpdate)
-                    {
-                        updateToken = true;
-                        originalAuthenticationInfo.AppVersion = authInfo.Version;
-                    }
-                }
-
-                if ((DateTime.UtcNow - originalAuthenticationInfo.DateLastActivity).TotalMinutes > 3)
-                {
-                    originalAuthenticationInfo.DateLastActivity = DateTime.UtcNow;
-                    updateToken = true;
-                }
-
-                if (!originalAuthenticationInfo.UserId.Equals(Guid.Empty))
-                {
-                    authInfo.User = _userManager.GetUserById(originalAuthenticationInfo.UserId);
-
-                    if (authInfo.User != null && !string.Equals(authInfo.User.Username, originalAuthenticationInfo.UserName, StringComparison.OrdinalIgnoreCase))
-                    {
-                        originalAuthenticationInfo.UserName = authInfo.User.Username;
-                        updateToken = true;
-                    }
-
-                    authInfo.IsApiKey = false;
-                }
-                else
-                {
-                    authInfo.IsApiKey = true;
-                }
-
-                if (updateToken)
-                {
-                    _authRepo.Update(originalAuthenticationInfo);
-                }
-            }
-
-            return authInfo;
-        }
-
-        /// <summary>
-        /// Gets the auth.
-        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
-        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private Dictionary<string, string> GetAuthorizationDictionary(HttpContext httpReq)
-        {
-            var auth = httpReq.Request.Headers["X-Emby-Authorization"];
-
-            if (string.IsNullOrEmpty(auth))
-            {
-                auth = httpReq.Request.Headers[HeaderNames.Authorization];
-            }
-
-            return GetAuthorization(auth);
-        }
-
-        /// <summary>
-        /// Gets the auth.
-        /// </summary>
-        /// <param name="httpReq">The HTTP req.</param>
-        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private Dictionary<string, string> GetAuthorizationDictionary(HttpRequest httpReq)
-        {
-            var auth = httpReq.Headers["X-Emby-Authorization"];
-
-            if (string.IsNullOrEmpty(auth))
-            {
-                auth = httpReq.Headers[HeaderNames.Authorization];
-            }
-
-            return GetAuthorization(auth);
-        }
-
-        /// <summary>
-        /// Gets the authorization.
-        /// </summary>
-        /// <param name="authorizationHeader">The authorization header.</param>
-        /// <returns>Dictionary{System.StringSystem.String}.</returns>
-        private Dictionary<string, string> GetAuthorization(string authorizationHeader)
-        {
-            if (authorizationHeader == null)
-            {
-                return null;
-            }
-
-            var parts = authorizationHeader.Split(' ', 2);
-
-            // There should be at least to parts
-            if (parts.Length != 2)
-            {
-                return null;
-            }
-
-            var acceptedNames = new[] { "MediaBrowser", "Emby" };
-
-            // It has to be a digest request
-            if (!acceptedNames.Contains(parts[0], StringComparer.OrdinalIgnoreCase))
-            {
-                return null;
-            }
-
-            // Remove uptil the first space
-            authorizationHeader = parts[1];
-            parts = authorizationHeader.Split(',');
-
-            var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
-
-            foreach (var item in parts)
-            {
-                var param = item.Trim().Split('=', 2);
-
-                if (param.Length == 2)
-                {
-                    var value = NormalizeValue(param[1].Trim('"'));
-                    result[param[0]] = value;
-                }
-            }
-
-            return result;
-        }
-
-        private static string NormalizeValue(string value)
-        {
-            return string.IsNullOrEmpty(value) ? value : WebUtility.HtmlEncode(value);
-        }
-    }
-}
diff --git a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
index 414ba7ca0..cd1b9cba0 100644
--- a/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
+++ b/Emby.Server.Implementations/HttpServer/Security/SessionContext.cs
@@ -24,12 +24,18 @@ namespace Emby.Server.Implementations.HttpServer.Security
             _sessionManager = sessionManager;
         }
 
-        public Task<SessionInfo> GetSession(HttpContext requestContext)
+        public async Task<SessionInfo> GetSession(HttpContext requestContext)
         {
-            var authorization = _authContext.GetAuthorizationInfo(requestContext);
+            var authorization = await _authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
 
             var user = authorization.User;
-            return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.GetNormalizedRemoteIp().ToString(), user);
+            return await _sessionManager.LogSessionActivity(
+                authorization.Client,
+                authorization.Version,
+                authorization.DeviceId,
+                authorization.Device,
+                requestContext.GetNormalizedRemoteIp().ToString(),
+                user).ConfigureAwait(false);
         }
 
         public Task<SessionInfo> GetSession(object requestContext)
diff --git a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
index 1bee1ac31..b71ffdaee 100644
--- a/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
+++ b/Emby.Server.Implementations/HttpServer/WebSocketManager.cs
@@ -33,7 +33,7 @@ namespace Emby.Server.Implementations.HttpServer
         /// <inheritdoc />
         public async Task WebSocketRequestHandler(HttpContext context)
         {
-            _ = _authService.Authenticate(context.Request);
+            _ = await _authService.Authenticate(context.Request).ConfigureAwait(false);
             try
             {
                 _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);
diff --git a/Emby.Server.Implementations/Security/AuthenticationRepository.cs b/Emby.Server.Implementations/Security/AuthenticationRepository.cs
deleted file mode 100644
index 0d0a2b1df..000000000
--- a/Emby.Server.Implementations/Security/AuthenticationRepository.cs
+++ /dev/null
@@ -1,407 +0,0 @@
-#pragma warning disable CS1591
-
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.IO;
-using System.Linq;
-using Emby.Server.Implementations.Data;
-using Jellyfin.Data.Entities.Security;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Security;
-using MediaBrowser.Model.Querying;
-using Microsoft.Extensions.Logging;
-using SQLitePCL.pretty;
-
-namespace Emby.Server.Implementations.Security
-{
-    public class AuthenticationRepository : BaseSqliteRepository, IAuthenticationRepository
-    {
-        public AuthenticationRepository(ILogger<AuthenticationRepository> logger, IServerConfigurationManager config)
-            : base(logger)
-        {
-            DbFilePath = Path.Combine(config.ApplicationPaths.DataPath, "authentication.db");
-        }
-
-        public void Initialize()
-        {
-            string[] queries =
-            {
-                "create table if not exists Tokens (Id INTEGER PRIMARY KEY, AccessToken TEXT NOT NULL, DeviceId TEXT NOT NULL, AppName TEXT NOT NULL, AppVersion TEXT NOT NULL, DeviceName TEXT NOT NULL, UserId TEXT, UserName TEXT, IsActive BIT NOT NULL, DateCreated DATETIME NOT NULL, DateLastActivity DATETIME NOT NULL)",
-                "create table if not exists Devices (Id TEXT NOT NULL PRIMARY KEY, CustomName TEXT, Capabilities TEXT)",
-                "drop index if exists idx_AccessTokens",
-                "drop index if exists Tokens1",
-                "drop index if exists Tokens2",
-
-                "create index if not exists Tokens3 on Tokens (AccessToken, DateLastActivity)",
-                "create index if not exists Tokens4 on Tokens (Id, DateLastActivity)",
-                "create index if not exists Devices1 on Devices (Id)"
-            };
-
-            using (var connection = GetConnection())
-            {
-                var tableNewlyCreated = !TableExists(connection, "Tokens");
-
-                connection.RunQueries(queries);
-
-                TryMigrate(connection, tableNewlyCreated);
-            }
-        }
-
-        private void TryMigrate(ManagedConnection connection, bool tableNewlyCreated)
-        {
-            try
-            {
-                if (tableNewlyCreated && TableExists(connection, "AccessTokens"))
-                {
-                    connection.RunInTransaction(
-                    db =>
-                    {
-                        var existingColumnNames = GetColumnNames(db, "AccessTokens");
-
-                        AddColumn(db, "AccessTokens", "UserName", "TEXT", existingColumnNames);
-                        AddColumn(db, "AccessTokens", "DateLastActivity", "DATETIME", existingColumnNames);
-                        AddColumn(db, "AccessTokens", "AppVersion", "TEXT", existingColumnNames);
-                    }, TransactionMode);
-
-                    connection.RunQueries(new[]
-                    {
-                        "update accesstokens set DateLastActivity=DateCreated where DateLastActivity is null",
-                        "update accesstokens set DeviceName='Unknown' where DeviceName is null",
-                        "update accesstokens set AppName='Unknown' where AppName is null",
-                        "update accesstokens set AppVersion='1' where AppVersion is null",
-                        "INSERT INTO Tokens (AccessToken, DeviceId, AppName, AppVersion, DeviceName, UserId, UserName, IsActive, DateCreated, DateLastActivity) SELECT AccessToken, DeviceId, AppName, AppVersion, DeviceName, UserId, UserName, IsActive, DateCreated, DateLastActivity FROM AccessTokens where deviceid not null and devicename not null and appname not null and isactive=1"
-                    });
-                }
-            }
-            catch (Exception ex)
-            {
-                Logger.LogError(ex, "Error migrating authentication database");
-            }
-        }
-
-        public void Create(AuthenticationInfo info)
-        {
-            if (info == null)
-            {
-                throw new ArgumentNullException(nameof(info));
-            }
-
-            using (var connection = GetConnection())
-            {
-                connection.RunInTransaction(
-                db =>
-                {
-                    using (var statement = db.PrepareStatement("insert into Tokens (AccessToken, DeviceId, AppName, AppVersion, DeviceName, UserId, UserName, IsActive, DateCreated, DateLastActivity) values (@AccessToken, @DeviceId, @AppName, @AppVersion, @DeviceName, @UserId, @UserName, @IsActive, @DateCreated, @DateLastActivity)"))
-                    {
-                        statement.TryBind("@AccessToken", info.AccessToken);
-
-                        statement.TryBind("@DeviceId", info.DeviceId);
-                        statement.TryBind("@AppName", info.AppName);
-                        statement.TryBind("@AppVersion", info.AppVersion);
-                        statement.TryBind("@DeviceName", info.DeviceName);
-                        statement.TryBind("@UserId", info.UserId.Equals(Guid.Empty) ? null : info.UserId.ToString("N", CultureInfo.InvariantCulture));
-                        statement.TryBind("@UserName", info.UserName);
-                        statement.TryBind("@IsActive", true);
-                        statement.TryBind("@DateCreated", info.DateCreated.ToDateTimeParamValue());
-                        statement.TryBind("@DateLastActivity", info.DateLastActivity.ToDateTimeParamValue());
-
-                        statement.MoveNext();
-                    }
-                }, TransactionMode);
-            }
-        }
-
-        public void Update(AuthenticationInfo info)
-        {
-            if (info == null)
-            {
-                throw new ArgumentNullException(nameof(info));
-            }
-
-            using (var connection = GetConnection())
-            {
-                connection.RunInTransaction(
-                db =>
-                {
-                    using (var statement = db.PrepareStatement("Update Tokens set AccessToken=@AccessToken, DeviceId=@DeviceId, AppName=@AppName, AppVersion=@AppVersion, DeviceName=@DeviceName, UserId=@UserId, UserName=@UserName, DateCreated=@DateCreated, DateLastActivity=@DateLastActivity where Id=@Id"))
-                    {
-                        statement.TryBind("@Id", info.Id);
-
-                        statement.TryBind("@AccessToken", info.AccessToken);
-
-                        statement.TryBind("@DeviceId", info.DeviceId);
-                        statement.TryBind("@AppName", info.AppName);
-                        statement.TryBind("@AppVersion", info.AppVersion);
-                        statement.TryBind("@DeviceName", info.DeviceName);
-                        statement.TryBind("@UserId", info.UserId.Equals(Guid.Empty) ? null : info.UserId.ToString("N", CultureInfo.InvariantCulture));
-                        statement.TryBind("@UserName", info.UserName);
-                        statement.TryBind("@DateCreated", info.DateCreated.ToDateTimeParamValue());
-                        statement.TryBind("@DateLastActivity", info.DateLastActivity.ToDateTimeParamValue());
-
-                        statement.MoveNext();
-                    }
-                }, TransactionMode);
-            }
-        }
-
-        public void Delete(AuthenticationInfo info)
-        {
-            if (info == null)
-            {
-                throw new ArgumentNullException(nameof(info));
-            }
-
-            using (var connection = GetConnection())
-            {
-                connection.RunInTransaction(
-                db =>
-                {
-                    using (var statement = db.PrepareStatement("Delete from Tokens where Id=@Id"))
-                    {
-                        statement.TryBind("@Id", info.Id);
-
-                        statement.MoveNext();
-                    }
-                }, TransactionMode);
-            }
-        }
-
-        private const string BaseSelectText = "select Tokens.Id, AccessToken, DeviceId, AppName, AppVersion, DeviceName, UserId, UserName, DateCreated, DateLastActivity, Devices.CustomName from Tokens left join Devices on Tokens.DeviceId=Devices.Id";
-
-        private static void BindAuthenticationQueryParams(AuthenticationInfoQuery query, IStatement statement)
-        {
-            if (!string.IsNullOrEmpty(query.AccessToken))
-            {
-                statement.TryBind("@AccessToken", query.AccessToken);
-            }
-
-            if (!query.UserId.Equals(Guid.Empty))
-            {
-                statement.TryBind("@UserId", query.UserId.ToString("N", CultureInfo.InvariantCulture));
-            }
-
-            if (!string.IsNullOrEmpty(query.DeviceId))
-            {
-                statement.TryBind("@DeviceId", query.DeviceId);
-            }
-        }
-
-        public QueryResult<AuthenticationInfo> Get(AuthenticationInfoQuery query)
-        {
-            if (query == null)
-            {
-                throw new ArgumentNullException(nameof(query));
-            }
-
-            var commandText = BaseSelectText;
-
-            var whereClauses = new List<string>();
-
-            if (!string.IsNullOrEmpty(query.AccessToken))
-            {
-                whereClauses.Add("AccessToken=@AccessToken");
-            }
-
-            if (!string.IsNullOrEmpty(query.DeviceId))
-            {
-                whereClauses.Add("DeviceId=@DeviceId");
-            }
-
-            if (!query.UserId.Equals(Guid.Empty))
-            {
-                whereClauses.Add("UserId=@UserId");
-            }
-
-            if (query.HasUser.HasValue)
-            {
-                if (query.HasUser.Value)
-                {
-                    whereClauses.Add("UserId not null");
-                }
-                else
-                {
-                    whereClauses.Add("UserId is null");
-                }
-            }
-
-            var whereTextWithoutPaging = whereClauses.Count == 0 ?
-              string.Empty :
-              " where " + string.Join(" AND ", whereClauses.ToArray());
-
-            commandText += whereTextWithoutPaging;
-
-            commandText += " ORDER BY DateLastActivity desc";
-
-            if (query.Limit.HasValue || query.StartIndex.HasValue)
-            {
-                var offset = query.StartIndex ?? 0;
-
-                if (query.Limit.HasValue || offset > 0)
-                {
-                    commandText += " LIMIT " + (query.Limit ?? int.MaxValue).ToString(CultureInfo.InvariantCulture);
-                }
-
-                if (offset > 0)
-                {
-                    commandText += " OFFSET " + offset.ToString(CultureInfo.InvariantCulture);
-                }
-            }
-
-            var statementTexts = new[]
-            {
-                commandText,
-                "select count (Id) from Tokens" + whereTextWithoutPaging
-            };
-
-            var list = new List<AuthenticationInfo>();
-            var result = new QueryResult<AuthenticationInfo>();
-            using (var connection = GetConnection(true))
-            {
-                connection.RunInTransaction(
-                    db =>
-                    {
-                        var statements = PrepareAll(db, statementTexts);
-
-                        using (var statement = statements[0])
-                        {
-                            BindAuthenticationQueryParams(query, statement);
-
-                            foreach (var row in statement.ExecuteQuery())
-                            {
-                                list.Add(Get(row));
-                            }
-
-                            using (var totalCountStatement = statements[1])
-                            {
-                                BindAuthenticationQueryParams(query, totalCountStatement);
-
-                                result.TotalRecordCount = totalCountStatement.ExecuteQuery()
-                                    .SelectScalarInt()
-                                    .First();
-                            }
-                        }
-                    },
-                    ReadTransactionMode);
-            }
-
-            result.Items = list;
-            return result;
-        }
-
-        private static AuthenticationInfo Get(IReadOnlyList<IResultSetValue> reader)
-        {
-            var info = new AuthenticationInfo
-            {
-                Id = reader[0].ToInt64(),
-                AccessToken = reader[1].ToString()
-            };
-
-            if (reader[2].SQLiteType != SQLiteType.Null)
-            {
-                info.DeviceId = reader[2].ToString();
-            }
-
-            if (reader[3].SQLiteType != SQLiteType.Null)
-            {
-                info.AppName = reader[3].ToString();
-            }
-
-            if (reader[4].SQLiteType != SQLiteType.Null)
-            {
-                info.AppVersion = reader[4].ToString();
-            }
-
-            if (reader[5].SQLiteType != SQLiteType.Null)
-            {
-                info.DeviceName = reader[5].ToString();
-            }
-
-            if (reader[6].SQLiteType != SQLiteType.Null)
-            {
-                info.UserId = new Guid(reader[6].ToString());
-            }
-
-            if (reader[7].SQLiteType != SQLiteType.Null)
-            {
-                info.UserName = reader[7].ToString();
-            }
-
-            info.DateCreated = reader[8].ReadDateTime();
-
-            if (reader[9].SQLiteType != SQLiteType.Null)
-            {
-                info.DateLastActivity = reader[9].ReadDateTime();
-            }
-            else
-            {
-                info.DateLastActivity = info.DateCreated;
-            }
-
-            if (reader[10].SQLiteType != SQLiteType.Null)
-            {
-                info.DeviceName = reader[10].ToString();
-            }
-
-            return info;
-        }
-
-        public DeviceOptions GetDeviceOptions(string deviceId)
-        {
-            using (var connection = GetConnection(true))
-            {
-                return connection.RunInTransaction(
-                db =>
-                {
-                    using (var statement = base.PrepareStatement(db, "select CustomName from Devices where Id=@DeviceId"))
-                    {
-                        statement.TryBind("@DeviceId", deviceId);
-
-                        var result = new DeviceOptions(deviceId);
-
-                        foreach (var row in statement.ExecuteQuery())
-                        {
-                            if (row[0].SQLiteType != SQLiteType.Null)
-                            {
-                                result.CustomName = row[0].ToString();
-                            }
-                        }
-
-                        return result;
-                    }
-                }, ReadTransactionMode);
-            }
-        }
-
-        public void UpdateDeviceOptions(string deviceId, DeviceOptions options)
-        {
-            if (options == null)
-            {
-                throw new ArgumentNullException(nameof(options));
-            }
-
-            using (var connection = GetConnection())
-            {
-                connection.RunInTransaction(
-                db =>
-                {
-                    using (var statement = db.PrepareStatement("replace into devices (Id, CustomName, Capabilities) VALUES (@Id, @CustomName, (Select Capabilities from Devices where Id=@Id))"))
-                    {
-                        statement.TryBind("@Id", deviceId);
-
-                        if (string.IsNullOrWhiteSpace(options.CustomName))
-                        {
-                            statement.TryBindNull("@CustomName");
-                        }
-                        else
-                        {
-                            statement.TryBind("@CustomName", options.CustomName);
-                        }
-
-                        statement.MoveNext();
-                    }
-                }, TransactionMode);
-            }
-        }
-    }
-}
diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 2fb5040f9..92ef65bf1 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -11,6 +11,7 @@ using Jellyfin.Data.Entities;
 using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
+using Jellyfin.Data.Queries;
 using MediaBrowser.Common.Events;
 using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller;
@@ -23,7 +24,6 @@ using MediaBrowser.Controller.Events;
 using MediaBrowser.Controller.Events.Session;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
-using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
@@ -52,7 +52,6 @@ namespace Emby.Server.Implementations.Session
         private readonly IImageProcessor _imageProcessor;
         private readonly IMediaSourceManager _mediaSourceManager;
         private readonly IServerApplicationHost _appHost;
-        private readonly IAuthenticationRepository _authRepo;
         private readonly IDeviceManager _deviceManager;
 
         /// <summary>
@@ -75,7 +74,6 @@ namespace Emby.Server.Implementations.Session
             IDtoService dtoService,
             IImageProcessor imageProcessor,
             IServerApplicationHost appHost,
-            IAuthenticationRepository authRepo,
             IDeviceManager deviceManager,
             IMediaSourceManager mediaSourceManager)
         {
@@ -88,7 +86,6 @@ namespace Emby.Server.Implementations.Session
             _dtoService = dtoService;
             _imageProcessor = imageProcessor;
             _appHost = appHost;
-            _authRepo = authRepo;
             _deviceManager = deviceManager;
             _mediaSourceManager = mediaSourceManager;
 
@@ -1486,7 +1483,7 @@ namespace Emby.Server.Implementations.Session
                 throw new SecurityException("User is at their maximum number of sessions.");
             }
 
-            var token = GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName);
+            var token = await GetAuthorizationToken(user, request.DeviceId, request.App, request.AppVersion, request.DeviceName).ConfigureAwait(false);
 
             var session = await LogSessionActivity(
                 request.App,
@@ -1509,21 +1506,21 @@ namespace Emby.Server.Implementations.Session
             return returnResult;
         }
 
-        private string GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
+        private async Task<string> GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
         {
-            var existing = _authRepo.Get(
-                new AuthenticationInfoQuery
+            var existing = (await _deviceManager.GetDevices(
+                new DeviceQuery
                 {
                     DeviceId = deviceId,
                     UserId = user.Id,
                     Limit = 1
-                }).Items.FirstOrDefault();
+                }).ConfigureAwait(false)).Items.FirstOrDefault();
 
-            var allExistingForDevice = _authRepo.Get(
-                new AuthenticationInfoQuery
+            var allExistingForDevice = (await _deviceManager.GetDevices(
+                new DeviceQuery
                 {
                     DeviceId = deviceId
-                }).Items;
+                }).ConfigureAwait(false)).Items;
 
             foreach (var auth in allExistingForDevice)
             {
@@ -1531,7 +1528,7 @@ namespace Emby.Server.Implementations.Session
                 {
                     try
                     {
-                        Logout(auth);
+                        await Logout(auth).ConfigureAwait(false);
                     }
                     catch (Exception ex)
                     {
@@ -1546,29 +1543,14 @@ namespace Emby.Server.Implementations.Session
                 return existing.AccessToken;
             }
 
-            var now = DateTime.UtcNow;
-
-            var newToken = new AuthenticationInfo
-            {
-                AppName = app,
-                AppVersion = appVersion,
-                DateCreated = now,
-                DateLastActivity = now,
-                DeviceId = deviceId,
-                DeviceName = deviceName,
-                UserId = user.Id,
-                AccessToken = Guid.NewGuid().ToString("N", CultureInfo.InvariantCulture),
-                UserName = user.Username
-            };
-
             _logger.LogInformation("Creating new access token for user {0}", user.Id);
-            _authRepo.Create(newToken);
+            var device = await _deviceManager.CreateDevice(new Device(user.Id, app, appVersion, deviceName, deviceId)).ConfigureAwait(false);
 
-            return newToken.AccessToken;
+            return device.AccessToken;
         }
 
         /// <inheritdoc />
-        public void Logout(string accessToken)
+        public async Task Logout(string accessToken)
         {
             CheckDisposed();
 
@@ -1577,27 +1559,27 @@ namespace Emby.Server.Implementations.Session
                 throw new ArgumentNullException(nameof(accessToken));
             }
 
-            var existing = _authRepo.Get(
-                new AuthenticationInfoQuery
+            var existing = (await _deviceManager.GetDevices(
+                new DeviceQuery
                 {
                     Limit = 1,
                     AccessToken = accessToken
-                }).Items;
+                }).ConfigureAwait(false)).Items;
 
             if (existing.Count > 0)
             {
-                Logout(existing[0]);
+                await Logout(existing[0]).ConfigureAwait(false);
             }
         }
 
         /// <inheritdoc />
-        public void Logout(AuthenticationInfo existing)
+        public async Task Logout(Device existing)
         {
             CheckDisposed();
 
             _logger.LogInformation("Logging out access token {0}", existing.AccessToken);
 
-            _authRepo.Delete(existing);
+            await _deviceManager.DeleteDevice(existing).ConfigureAwait(false);
 
             var sessions = Sessions
                 .Where(i => string.Equals(i.DeviceId, existing.DeviceId, StringComparison.OrdinalIgnoreCase))
@@ -1617,30 +1599,24 @@ namespace Emby.Server.Implementations.Session
         }
 
         /// <inheritdoc />
-        public void RevokeUserTokens(Guid userId, string currentAccessToken)
+        public async Task RevokeUserTokens(Guid userId, string currentAccessToken)
         {
             CheckDisposed();
 
-            var existing = _authRepo.Get(new AuthenticationInfoQuery
+            var existing = await _deviceManager.GetDevices(new DeviceQuery
             {
                 UserId = userId
-            });
+            }).ConfigureAwait(false);
 
             foreach (var info in existing.Items)
             {
                 if (!string.Equals(currentAccessToken, info.AccessToken, StringComparison.OrdinalIgnoreCase))
                 {
-                    Logout(info);
+                    await Logout(info).ConfigureAwait(false);
                 }
             }
         }
 
-        /// <inheritdoc />
-        public void RevokeToken(string token)
-        {
-            Logout(token);
-        }
-
         /// <summary>
         /// Reports the capabilities.
         /// </summary>
@@ -1792,7 +1768,7 @@ namespace Emby.Server.Implementations.Session
         }
 
         /// <inheritdoc />
-        public Task<SessionInfo> GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion)
+        public Task<SessionInfo> GetSessionByAuthenticationToken(Device info, string deviceId, string remoteEndpoint, string appVersion)
         {
             if (info == null)
             {
@@ -1825,20 +1801,20 @@ namespace Emby.Server.Implementations.Session
         }
 
         /// <inheritdoc />
-        public Task<SessionInfo> GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint)
+        public async Task<SessionInfo> GetSessionByAuthenticationToken(string token, string deviceId, string remoteEndpoint)
         {
-            var items = _authRepo.Get(new AuthenticationInfoQuery
+            var items = (await _deviceManager.GetDevices(new DeviceQuery
             {
                 AccessToken = token,
                 Limit = 1
-            }).Items;
+            }).ConfigureAwait(false)).Items;
 
             if (items.Count == 0)
             {
                 return null;
             }
 
-            return GetSessionByAuthenticationToken(items[0], deviceId, remoteEndpoint, null);
+            return await GetSessionByAuthenticationToken(items[0], deviceId, remoteEndpoint, null).ConfigureAwait(false);
         }
 
         /// <inheritdoc />
diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
index c56233794..369e846ae 100644
--- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
+++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
@@ -40,11 +40,11 @@ namespace Jellyfin.Api.Auth
         }
 
         /// <inheritdoc />
-        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             try
             {
-                var authorizationInfo = _authService.Authenticate(Request);
+                var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
                 var role = UserRoles.User;
                 if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                 {
@@ -68,16 +68,16 @@ namespace Jellyfin.Api.Auth
                 var principal = new ClaimsPrincipal(identity);
                 var ticket = new AuthenticationTicket(principal, Scheme.Name);
 
-                return Task.FromResult(AuthenticateResult.Success(ticket));
+                return AuthenticateResult.Success(ticket);
             }
             catch (AuthenticationException ex)
             {
                 _logger.LogDebug(ex, "Error authenticating with {Handler}", nameof(CustomAuthenticationHandler));
-                return Task.FromResult(AuthenticateResult.NoResult());
+                return AuthenticateResult.NoResult();
             }
             catch (SecurityException ex)
             {
-                return Task.FromResult(AuthenticateResult.Fail(ex));
+                return AuthenticateResult.Fail(ex);
             }
         }
     }
diff --git a/Jellyfin.Api/Controllers/CollectionController.cs b/Jellyfin.Api/Controllers/CollectionController.cs
index 852d1e9cb..8a98d856c 100644
--- a/Jellyfin.Api/Controllers/CollectionController.cs
+++ b/Jellyfin.Api/Controllers/CollectionController.cs
@@ -58,7 +58,7 @@ namespace Jellyfin.Api.Controllers
             [FromQuery] Guid? parentId,
             [FromQuery] bool isLocked = false)
         {
-            var userId = _authContext.GetAuthorizationInfo(Request).UserId;
+            var userId = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).UserId;
 
             var item = await _collectionManager.CreateCollectionAsync(new CollectionCreationOptions
             {
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 4cfae568a..8af7b8f73 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -3,8 +3,8 @@ using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities.Security;
+using Jellyfin.Data.Queries;
 using MediaBrowser.Controller.Devices;
-using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Querying;
@@ -21,22 +21,18 @@ namespace Jellyfin.Api.Controllers
     public class DevicesController : BaseJellyfinApiController
     {
         private readonly IDeviceManager _deviceManager;
-        private readonly IAuthenticationRepository _authenticationRepository;
         private readonly ISessionManager _sessionManager;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="DevicesController"/> class.
         /// </summary>
         /// <param name="deviceManager">Instance of <see cref="IDeviceManager"/> interface.</param>
-        /// <param name="authenticationRepository">Instance of <see cref="IAuthenticationRepository"/> interface.</param>
         /// <param name="sessionManager">Instance of <see cref="ISessionManager"/> interface.</param>
         public DevicesController(
             IDeviceManager deviceManager,
-            IAuthenticationRepository authenticationRepository,
             ISessionManager sessionManager)
         {
             _deviceManager = deviceManager;
-            _authenticationRepository = authenticationRepository;
             _sessionManager = sessionManager;
         }
 
@@ -111,7 +107,7 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, Required] string id,
             [FromBody, Required] DeviceOptions deviceOptions)
         {
-            var existingDeviceOptions = _deviceManager.GetDeviceOptions(id);
+            var existingDeviceOptions = await _deviceManager.GetDeviceOptions(id).ConfigureAwait(false);
             if (existingDeviceOptions == null)
             {
                 return NotFound();
@@ -131,19 +127,19 @@ namespace Jellyfin.Api.Controllers
         [HttpDelete]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult DeleteDevice([FromQuery, Required] string id)
+        public async Task<ActionResult> DeleteDevice([FromQuery, Required] string id)
         {
-            var existingDevice = _deviceManager.GetDevice(id);
+            var existingDevice = await _deviceManager.GetDevice(id).ConfigureAwait(false);
             if (existingDevice == null)
             {
                 return NotFound();
             }
 
-            var sessions = _authenticationRepository.Get(new AuthenticationInfoQuery { DeviceId = id }).Items;
+            var sessions = await _deviceManager.GetDevices(new DeviceQuery { DeviceId = id }).ConfigureAwait(false);
 
-            foreach (var session in sessions)
+            foreach (var session in sessions.Items)
             {
-                _sessionManager.Logout(session);
+                await _sessionManager.Logout(session).ConfigureAwait(false);
             }
 
             return NoContent();
diff --git a/Jellyfin.Api/Controllers/ImageController.cs b/Jellyfin.Api/Controllers/ImageController.cs
index 8f7500ac6..9dc280e13 100644
--- a/Jellyfin.Api/Controllers/ImageController.cs
+++ b/Jellyfin.Api/Controllers/ImageController.cs
@@ -97,7 +97,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] ImageType imageType,
             [FromQuery] int? index = null)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
             }
@@ -144,7 +144,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] ImageType imageType,
             [FromRoute] int index)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the image.");
             }
@@ -190,7 +190,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] ImageType imageType,
             [FromQuery] int? index = null)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to delete the image.");
             }
@@ -234,7 +234,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] ImageType imageType,
             [FromRoute] int index)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to delete the image.");
             }
diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs
index 4ed15e1d5..504f58790 100644
--- a/Jellyfin.Api/Controllers/LibraryController.cs
+++ b/Jellyfin.Api/Controllers/LibraryController.cs
@@ -331,10 +331,10 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
-        public ActionResult DeleteItem(Guid itemId)
+        public async Task<ActionResult> DeleteItem(Guid itemId)
         {
             var item = _libraryManager.GetItemById(itemId);
-            var auth = _authContext.GetAuthorizationInfo(Request);
+            var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
             var user = auth.User;
 
             if (!item.CanDelete(user))
@@ -361,7 +361,7 @@ namespace Jellyfin.Api.Controllers
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
-        public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
+        public async Task<ActionResult> DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids)
         {
             if (ids.Length == 0)
             {
@@ -371,7 +371,7 @@ namespace Jellyfin.Api.Controllers
             foreach (var i in ids)
             {
                 var item = _libraryManager.GetItemById(i);
-                var auth = _authContext.GetAuthorizationInfo(Request);
+                var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
                 var user = auth.User;
 
                 if (!item.CanDelete(user))
@@ -627,7 +627,7 @@ namespace Jellyfin.Api.Controllers
                 return NotFound();
             }
 
-            var auth = _authContext.GetAuthorizationInfo(Request);
+            var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
             var user = auth.User;
 
diff --git a/Jellyfin.Api/Controllers/MediaInfoController.cs b/Jellyfin.Api/Controllers/MediaInfoController.cs
index e330f02b6..6c29e6bb8 100644
--- a/Jellyfin.Api/Controllers/MediaInfoController.cs
+++ b/Jellyfin.Api/Controllers/MediaInfoController.cs
@@ -123,7 +123,7 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, ParameterObsolete] bool? allowAudioStreamCopy,
             [FromBody(EmptyBodyBehavior = EmptyBodyBehavior.Allow)] PlaybackInfoDto? playbackInfoDto)
         {
-            var authInfo = _authContext.GetAuthorizationInfo(Request);
+            var authInfo = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
             var profile = playbackInfoDto?.DeviceProfile;
             _logger.LogInformation("GetPostedPlaybackInfo profile: {@Profile}", profile);
diff --git a/Jellyfin.Api/Controllers/PlaystateController.cs b/Jellyfin.Api/Controllers/PlaystateController.cs
index cc8c630b3..6dee1c219 100644
--- a/Jellyfin.Api/Controllers/PlaystateController.cs
+++ b/Jellyfin.Api/Controllers/PlaystateController.cs
@@ -171,7 +171,8 @@ namespace Jellyfin.Api.Controllers
             _logger.LogDebug("ReportPlaybackStopped PlaySessionId: {0}", playbackStopInfo.PlaySessionId ?? string.Empty);
             if (!string.IsNullOrWhiteSpace(playbackStopInfo.PlaySessionId))
             {
-                await _transcodingJobHelper.KillTranscodingJobs(_authContext.GetAuthorizationInfo(Request).DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
+                var authInfo = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
+                await _transcodingJobHelper.KillTranscodingJobs(authInfo.DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
             }
 
             playbackStopInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
@@ -320,7 +321,8 @@ namespace Jellyfin.Api.Controllers
             _logger.LogDebug("ReportPlaybackStopped PlaySessionId: {0}", playbackStopInfo.PlaySessionId ?? string.Empty);
             if (!string.IsNullOrWhiteSpace(playbackStopInfo.PlaySessionId))
             {
-                await _transcodingJobHelper.KillTranscodingJobs(_authContext.GetAuthorizationInfo(Request).DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
+                var authInfo = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
+                await _transcodingJobHelper.KillTranscodingJobs(authInfo.DeviceId, playbackStopInfo.PlaySessionId, s => true).ConfigureAwait(false);
             }
 
             playbackStopInfo.SessionId = await RequestHelpers.GetSessionId(_sessionManager, _authContext, Request).ConfigureAwait(false);
diff --git a/Jellyfin.Api/Controllers/SessionController.cs b/Jellyfin.Api/Controllers/SessionController.cs
index 116d669e4..3a04cb3a4 100644
--- a/Jellyfin.Api/Controllers/SessionController.cs
+++ b/Jellyfin.Api/Controllers/SessionController.cs
@@ -471,11 +471,11 @@ namespace Jellyfin.Api.Controllers
         [HttpPost("Sessions/Logout")]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        public ActionResult ReportSessionEnded()
+        public async Task<ActionResult> ReportSessionEnded()
         {
-            AuthorizationInfo auth = _authContext.GetAuthorizationInfo(Request);
+            AuthorizationInfo auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
-            _sessionManager.Logout(auth.Token);
+            await _sessionManager.Logout(auth.Token).ConfigureAwait(false);
             return NoContent();
         }
 
diff --git a/Jellyfin.Api/Controllers/SubtitleController.cs b/Jellyfin.Api/Controllers/SubtitleController.cs
index 1669a659d..2d5339b16 100644
--- a/Jellyfin.Api/Controllers/SubtitleController.cs
+++ b/Jellyfin.Api/Controllers/SubtitleController.cs
@@ -361,7 +361,7 @@ namespace Jellyfin.Api.Controllers
 
             long positionTicks = 0;
 
-            var accessToken = _authContext.GetAuthorizationInfo(Request).Token;
+            var accessToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;
 
             while (positionTicks < runtime)
             {
diff --git a/Jellyfin.Api/Controllers/UniversalAudioController.cs b/Jellyfin.Api/Controllers/UniversalAudioController.cs
index 679f055bc..20a02bf4a 100644
--- a/Jellyfin.Api/Controllers/UniversalAudioController.cs
+++ b/Jellyfin.Api/Controllers/UniversalAudioController.cs
@@ -116,9 +116,9 @@ namespace Jellyfin.Api.Controllers
             [FromQuery] bool enableRedirection = true)
         {
             var deviceProfile = GetDeviceProfile(container, transcodingContainer, audioCodec, transcodingProtocol, breakOnNonKeyFrames, transcodingAudioChannels, maxAudioSampleRate, maxAudioBitDepth, maxAudioChannels);
-            _authorizationContext.GetAuthorizationInfo(Request).DeviceId = deviceId;
+            (await _authorizationContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).DeviceId = deviceId;
 
-            var authInfo = _authorizationContext.GetAuthorizationInfo(Request);
+            var authInfo = await _authorizationContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
             _logger.LogInformation("GetPostedPlaybackInfo profile: {@Profile}", deviceProfile);
 
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index b13db4baa..8e2298bb7 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -77,11 +77,11 @@ namespace Jellyfin.Api.Controllers
         [HttpGet]
         [Authorize(Policy = Policies.DefaultAuthorization)]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<IEnumerable<UserDto>> GetUsers(
+        public async Task<ActionResult<IEnumerable<UserDto>>> GetUsers(
             [FromQuery] bool? isHidden,
             [FromQuery] bool? isDisabled)
         {
-            var users = Get(isHidden, isDisabled, false, false);
+            var users = await Get(isHidden, isDisabled, false, false).ConfigureAwait(false);
             return Ok(users);
         }
 
@@ -92,15 +92,15 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="IEnumerable{UserDto}"/> containing the public users.</returns>
         [HttpGet("Public")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<IEnumerable<UserDto>> GetPublicUsers()
+        public async Task<ActionResult<IEnumerable<UserDto>>> GetPublicUsers()
         {
             // If the startup wizard hasn't been completed then just return all users
             if (!_config.Configuration.IsStartupWizardCompleted)
             {
-                return Ok(Get(false, false, false, false));
+                return Ok(await Get(false, false, false, false).ConfigureAwait(false));
             }
 
-            return Ok(Get(false, false, true, true));
+            return Ok(await Get(false, false, true, true).ConfigureAwait(false));
         }
 
         /// <summary>
@@ -141,7 +141,7 @@ namespace Jellyfin.Api.Controllers
         public async Task<ActionResult> DeleteUser([FromRoute, Required] Guid userId)
         {
             var user = _userManager.GetUserById(userId);
-            _sessionManager.RevokeUserTokens(user.Id, null);
+            await _sessionManager.RevokeUserTokens(user.Id, null).ConfigureAwait(false);
             await _userManager.DeleteUserAsync(userId).ConfigureAwait(false);
             return NoContent();
         }
@@ -195,7 +195,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateUserByName([FromBody, Required] AuthenticateUserByName request)
         {
-            var auth = _authContext.GetAuthorizationInfo(Request);
+            var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
             try
             {
@@ -230,7 +230,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<AuthenticationResult>> AuthenticateWithQuickConnect([FromBody, Required] QuickConnectDto request)
         {
-            var auth = _authContext.GetAuthorizationInfo(Request);
+            var auth = await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false);
 
             try
             {
@@ -271,7 +271,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] Guid userId,
             [FromBody, Required] UpdateUserPassword request)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password.");
             }
@@ -303,9 +303,9 @@ namespace Jellyfin.Api.Controllers
 
                 await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
 
-                var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
+                var currentToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;
 
-                _sessionManager.RevokeUserTokens(user.Id, currentToken);
+                await _sessionManager.RevokeUserTokens(user.Id, currentToken).ConfigureAwait(false);
             }
 
             return NoContent();
@@ -325,11 +325,11 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
-        public ActionResult UpdateUserEasyPassword(
+        public async Task<ActionResult> UpdateUserEasyPassword(
             [FromRoute, Required] Guid userId,
             [FromBody, Required] UpdateUserEasyPassword request)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the easy password.");
             }
@@ -343,11 +343,11 @@ namespace Jellyfin.Api.Controllers
 
             if (request.ResetPassword)
             {
-                _userManager.ResetEasyPassword(user);
+                await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
             }
             else
             {
-                _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword);
+                await _userManager.ChangeEasyPassword(user, request.NewPw, request.NewPassword).ConfigureAwait(false);
             }
 
             return NoContent();
@@ -371,7 +371,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] Guid userId,
             [FromBody, Required] UserDto updateUser)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed.");
             }
@@ -431,8 +431,8 @@ namespace Jellyfin.Api.Controllers
                     return StatusCode(StatusCodes.Status403Forbidden, "There must be at least one enabled user in the system.");
                 }
 
-                var currentToken = _authContext.GetAuthorizationInfo(Request).Token;
-                _sessionManager.RevokeUserTokens(user.Id, currentToken);
+                var currentToken = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Token;
+                await _sessionManager.RevokeUserTokens(user.Id, currentToken).ConfigureAwait(false);
             }
 
             await _userManager.UpdatePolicyAsync(userId, newPolicy).ConfigureAwait(false);
@@ -456,7 +456,7 @@ namespace Jellyfin.Api.Controllers
             [FromRoute, Required] Guid userId,
             [FromBody, Required] UserConfiguration userConfig)
         {
-            if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false))
+            if (!await RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, false).ConfigureAwait(false))
             {
                 return StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed");
             }
@@ -555,7 +555,7 @@ namespace Jellyfin.Api.Controllers
             return _userManager.GetUserDto(user);
         }
 
-        private IEnumerable<UserDto> Get(bool? isHidden, bool? isDisabled, bool filterByDevice, bool filterByNetwork)
+        private async Task<IEnumerable<UserDto>> Get(bool? isHidden, bool? isDisabled, bool filterByDevice, bool filterByNetwork)
         {
             var users = _userManager.Users;
 
@@ -571,7 +571,7 @@ namespace Jellyfin.Api.Controllers
 
             if (filterByDevice)
             {
-                var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
+                var deviceId = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).DeviceId;
 
                 if (!string.IsNullOrWhiteSpace(deviceId))
                 {
diff --git a/Jellyfin.Api/Controllers/UserViewsController.cs b/Jellyfin.Api/Controllers/UserViewsController.cs
index 7bc5ecdf1..3d27371f6 100644
--- a/Jellyfin.Api/Controllers/UserViewsController.cs
+++ b/Jellyfin.Api/Controllers/UserViewsController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.Globalization;
 using System.Linq;
+using System.Threading.Tasks;
 using Jellyfin.Api.Extensions;
 using Jellyfin.Api.ModelBinders;
 using Jellyfin.Api.Models.UserViewDtos;
@@ -64,7 +65,7 @@ namespace Jellyfin.Api.Controllers
         /// <returns>An <see cref="OkResult"/> containing the user views.</returns>
         [HttpGet("Users/{userId}/Views")]
         [ProducesResponseType(StatusCodes.Status200OK)]
-        public ActionResult<QueryResult<BaseItemDto>> GetUserViews(
+        public async Task<ActionResult<QueryResult<BaseItemDto>>> GetUserViews(
             [FromRoute, Required] Guid userId,
             [FromQuery] bool? includeExternalContent,
             [FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] string[] presetViews,
@@ -86,7 +87,7 @@ namespace Jellyfin.Api.Controllers
                 query.PresetViews = presetViews;
             }
 
-            var app = _authContext.GetAuthorizationInfo(Request).Client ?? string.Empty;
+            var app = (await _authContext.GetAuthorizationInfo(Request).ConfigureAwait(false)).Client ?? string.Empty;
             if (app.IndexOf("emby rt", StringComparison.OrdinalIgnoreCase) != -1)
             {
                 query.PresetViews = new[] { CollectionType.Movies, CollectionType.TvShows };
diff --git a/Jellyfin.Api/Helpers/MediaInfoHelper.cs b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
index 295cfaf08..3b8dc7e31 100644
--- a/Jellyfin.Api/Helpers/MediaInfoHelper.cs
+++ b/Jellyfin.Api/Helpers/MediaInfoHelper.cs
@@ -468,7 +468,7 @@ namespace Jellyfin.Api.Helpers
         /// <returns>A <see cref="Task"/> containing the <see cref="LiveStreamResponse"/>.</returns>
         public async Task<LiveStreamResponse> OpenMediaSource(HttpRequest httpRequest, LiveStreamRequest request)
         {
-            var authInfo = _authContext.GetAuthorizationInfo(httpRequest);
+            var authInfo = await _authContext.GetAuthorizationInfo(httpRequest).ConfigureAwait(false);
 
             var result = await _mediaSourceManager.OpenLiveStream(request, CancellationToken.None).ConfigureAwait(false);
 
diff --git a/Jellyfin.Api/Helpers/RequestHelpers.cs b/Jellyfin.Api/Helpers/RequestHelpers.cs
index 3810f7477..0efd3443b 100644
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -60,9 +60,9 @@ namespace Jellyfin.Api.Helpers
         /// <param name="userId">The user id.</param>
         /// <param name="restrictUserPreferences">Whether to restrict the user preferences.</param>
         /// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
-        internal static bool AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences)
+        internal static async Task<bool> AssertCanUpdateUser(IAuthorizationContext authContext, HttpRequest requestContext, Guid userId, bool restrictUserPreferences)
         {
-            var auth = authContext.GetAuthorizationInfo(requestContext);
+            var auth = await authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
 
             var authenticatedUser = auth.User;
 
@@ -78,7 +78,7 @@ namespace Jellyfin.Api.Helpers
 
         internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
         {
-            var authorization = authContext.GetAuthorizationInfo(request);
+            var authorization = await authContext.GetAuthorizationInfo(request).ConfigureAwait(false);
             var user = authorization.User;
             var session = await sessionManager.LogSessionActivity(
                 authorization.Client,
diff --git a/Jellyfin.Api/Helpers/StreamingHelpers.cs b/Jellyfin.Api/Helpers/StreamingHelpers.cs
index 8cffe9c4c..cecbd36c1 100644
--- a/Jellyfin.Api/Helpers/StreamingHelpers.cs
+++ b/Jellyfin.Api/Helpers/StreamingHelpers.cs
@@ -17,9 +17,7 @@ using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.Dlna;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
-using MediaBrowser.Model.IO;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
@@ -101,7 +99,7 @@ namespace Jellyfin.Api.Helpers
                 EnableDlnaHeaders = enableDlnaHeaders
             };
 
-            var auth = authorizationContext.GetAuthorizationInfo(httpRequest);
+            var auth = await authorizationContext.GetAuthorizationInfo(httpRequest).ConfigureAwait(false);
             if (!auth.UserId.Equals(Guid.Empty))
             {
                 state.User = userManager.GetUserById(auth.UserId);
diff --git a/Jellyfin.Api/Helpers/TranscodingJobHelper.cs b/Jellyfin.Api/Helpers/TranscodingJobHelper.cs
index 0879cbd18..242077963 100644
--- a/Jellyfin.Api/Helpers/TranscodingJobHelper.cs
+++ b/Jellyfin.Api/Helpers/TranscodingJobHelper.cs
@@ -489,7 +489,7 @@ namespace Jellyfin.Api.Helpers
 
             if (state.VideoRequest != null && !EncodingHelper.IsCopyCodec(state.OutputVideoCodec))
             {
-                var auth = _authorizationContext.GetAuthorizationInfo(request);
+                var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false);
                 if (auth.User != null && !auth.User.HasPermission(PermissionKind.EnableVideoPlaybackTranscoding))
                 {
                     this.OnTranscodeFailedToStart(outputPath, transcodingJobType, state);
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index bde8eb86e..9fd2e5ad4 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -6,6 +6,7 @@ using Jellyfin.Data.Entities;
 using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
+using Jellyfin.Data.Queries;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Model.Devices;
@@ -55,6 +56,17 @@ namespace Jellyfin.Server.Implementations.Devices
             DeviceOptionsUpdated?.Invoke(this, new GenericEventArgs<Tuple<string, DeviceOptions>>(new Tuple<string, DeviceOptions>(deviceId, options)));
         }
 
+        /// <inheritdoc />
+        public async Task<Device> CreateDevice(Device device)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+
+            dbContext.Devices.Add(device);
+
+            await dbContext.SaveChangesAsync().ConfigureAwait(false);
+            return device;
+        }
+
         /// <inheritdoc />
         public async Task<DeviceOptions?> GetDeviceOptions(string deviceId)
         {
@@ -90,6 +102,61 @@ namespace Jellyfin.Server.Implementations.Devices
             return deviceInfo;
         }
 
+        /// <inheritdoc />
+        public async Task<QueryResult<Device>> GetDevices(DeviceQuery query)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+
+            var devices = dbContext.Devices.AsQueryable();
+
+            if (query.UserId.HasValue)
+            {
+                devices = devices.Where(device => device.UserId == query.UserId.Value);
+            }
+
+            if (query.DeviceId != null)
+            {
+                devices = devices.Where(device => device.DeviceId == query.DeviceId);
+            }
+
+            if (query.AccessToken != null)
+            {
+                devices = devices.Where(device => device.AccessToken == query.AccessToken);
+            }
+
+            if (query.Skip.HasValue)
+            {
+                devices = devices.Skip(query.Skip.Value);
+            }
+
+            var count = await devices.CountAsync().ConfigureAwait(false);
+
+            if (query.Limit.HasValue)
+            {
+                devices = devices.Take(query.Limit.Value);
+            }
+
+            return new QueryResult<Device>
+            {
+                Items = await devices.ToListAsync().ConfigureAwait(false),
+                StartIndex = query.Skip ?? 0,
+                TotalRecordCount = count
+            };
+        }
+
+        /// <inheritdoc />
+        public async Task<QueryResult<DeviceInfo>> GetDeviceInfos(DeviceQuery query)
+        {
+            var devices = await GetDevices(query).ConfigureAwait(false);
+
+            return new QueryResult<DeviceInfo>
+            {
+                Items = devices.Items.Select(ToDeviceInfo).ToList(),
+                StartIndex = devices.StartIndex,
+                TotalRecordCount = devices.TotalRecordCount
+            };
+        }
+
         /// <inheritdoc />
         public async Task<QueryResult<DeviceInfo>> GetDevicesForUser(Guid? userId, bool? supportsSync)
         {
@@ -117,6 +184,12 @@ namespace Jellyfin.Server.Implementations.Devices
             return new QueryResult<DeviceInfo>(array);
         }
 
+        /// <inheritdoc />
+        public async Task DeleteDevice(Device device)
+        {
+            await using var dbContext = _dbProvider.CreateContext();
+        }
+
         /// <inheritdoc />
         public bool CanAccessDevice(User user, string deviceId)
         {
diff --git a/Jellyfin.Server.Implementations/JellyfinDb.cs b/Jellyfin.Server.Implementations/JellyfinDb.cs
index 059e884e5..6f35a2c1c 100644
--- a/Jellyfin.Server.Implementations/JellyfinDb.cs
+++ b/Jellyfin.Server.Implementations/JellyfinDb.cs
@@ -214,6 +214,15 @@ namespace Jellyfin.Server.Implementations
             modelBuilder.Entity<Device>()
                 .HasIndex(entity => new { entity.DeviceId, entity.DateLastActivity });
 
+            modelBuilder.Entity<Device>()
+                .HasIndex(entity => new { entity.AccessToken, entity.DateLastActivity });
+
+            modelBuilder.Entity<Device>()
+                .HasIndex(entity => new { entity.UserId, entity.DeviceId });
+
+            modelBuilder.Entity<Device>()
+                .HasIndex(entity => entity.DeviceId);
+
             modelBuilder.Entity<DeviceOptions>()
                 .HasIndex(entity => entity.DeviceId)
                 .IsUnique();
diff --git a/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.Designer.cs b/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.Designer.cs
new file mode 100644
index 000000000..e1faef7a2
--- /dev/null
+++ b/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.Designer.cs
@@ -0,0 +1,645 @@
+#pragma warning disable CS1591
+// <auto-generated />
+using System;
+using Jellyfin.Server.Implementations;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+namespace Jellyfin.Server.Implementations.Migrations
+{
+    [DbContext(typeof(JellyfinDb))]
+    [Migration("20210521032224_AddDevices")]
+    partial class AddDevices
+    {
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasDefaultSchema("jellyfin")
+                .HasAnnotation("ProductVersion", "5.0.5");
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("DayOfWeek")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<double>("EndHour")
+                        .HasColumnType("REAL");
+
+                    b.Property<double>("StartHour")
+                        .HasColumnType("REAL");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AccessSchedules");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.ActivityLog", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime>("DateCreated")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ItemId")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("LogSeverity")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(512)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Overview")
+                        .HasMaxLength(512)
+                        .HasColumnType("TEXT");
+
+                    b.Property<uint>("RowVersion")
+                        .IsConcurrencyToken()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ShortOverview")
+                        .HasMaxLength(512)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("ActivityLogs");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.CustomItemDisplayPreferences", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Client")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid>("ItemId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Key")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId", "ItemId", "Client", "Key")
+                        .IsUnique();
+
+                    b.ToTable("CustomItemDisplayPreferences");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("ChromecastVersion")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Client")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DashboardTheme")
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("EnableNextVideoInfoOverlay")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int?>("IndexBy")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("ItemId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("ScrollDirection")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("ShowBackdrop")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("ShowSidebar")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("SkipBackwardLength")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("SkipForwardLength")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("TvHome")
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId", "ItemId", "Client")
+                        .IsUnique();
+
+                    b.ToTable("DisplayPreferences");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.HomeSection", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("DisplayPreferencesId")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("Order")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("Type")
+                        .HasColumnType("INTEGER");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("DisplayPreferencesId");
+
+                    b.ToTable("HomeSection");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.ImageInfo", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime>("LastModified")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Path")
+                        .IsRequired()
+                        .HasMaxLength(512)
+                        .HasColumnType("TEXT");
+
+                    b.Property<Guid?>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId")
+                        .IsUnique();
+
+                    b.ToTable("ImageInfos");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.ItemDisplayPreferences", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Client")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<int?>("IndexBy")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("ItemId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("RememberIndexing")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("RememberSorting")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SortBy")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("SortOrder")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("ViewType")
+                        .HasColumnType("INTEGER");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("ItemDisplayPreferences");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Permission", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("Kind")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid?>("Permission_Permissions_Guid")
+                        .HasColumnType("TEXT");
+
+                    b.Property<uint>("RowVersion")
+                        .IsConcurrencyToken()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid?>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("Value")
+                        .HasColumnType("INTEGER");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId", "Kind")
+                        .IsUnique()
+                        .HasFilter("[UserId] IS NOT NULL");
+
+                    b.ToTable("Permissions");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Preference", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("Kind")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid?>("Preference_Preferences_Guid")
+                        .HasColumnType("TEXT");
+
+                    b.Property<uint>("RowVersion")
+                        .IsConcurrencyToken()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid?>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .IsRequired()
+                        .HasMaxLength(65535)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId", "Kind")
+                        .IsUnique()
+                        .HasFilter("[UserId] IS NOT NULL");
+
+                    b.ToTable("Preferences");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.ApiKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("AccessToken")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateCreated")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AccessToken")
+                        .IsUnique();
+
+                    b.ToTable("ApiKeys");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("AccessToken")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AppName")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AppVersion")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateCreated")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateLastActivity")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceId")
+                        .IsRequired()
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceName")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("DeviceId");
+
+                    b.HasIndex("AccessToken", "DateLastActivity");
+
+                    b.HasIndex("DeviceId", "DateLastActivity");
+
+                    b.HasIndex("UserId", "DeviceId");
+
+                    b.ToTable("Devices");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.DeviceOptions", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("CustomName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("DeviceId")
+                        .IsUnique();
+
+                    b.ToTable("DeviceOptions");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.User", b =>
+                {
+                    b.Property<Guid>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AudioLanguagePreference")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AuthenticationProviderId")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("DisplayCollectionsView")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("DisplayMissingEpisodes")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("EasyPassword")
+                        .HasMaxLength(65535)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("EnableAutoLogin")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("EnableLocalPassword")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("EnableNextEpisodeAutoPlay")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("EnableUserPreferenceAccess")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("HidePlayedInLatest")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<long>("InternalId")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("InvalidLoginAttemptCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTime?>("LastActivityDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime?>("LastLoginDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int?>("LoginAttemptsBeforeLockout")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("MaxActiveSessions")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int?>("MaxParentalAgeRating")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("MustUpdatePassword")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Password")
+                        .HasMaxLength(65535)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PasswordResetProviderId")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PlayDefaultAudioTrack")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("RememberAudioSelections")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("RememberSubtitleSelections")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int?>("RemoteClientBitrateLimit")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<uint>("RowVersion")
+                        .IsConcurrencyToken()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SubtitleLanguagePreference")
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("SubtitleMode")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<int>("SyncPlayAccess")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("Username")
+                        .IsRequired()
+                        .HasMaxLength(255)
+                        .HasColumnType("TEXT")
+                        .UseCollation("NOCASE");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Username")
+                        .IsUnique();
+
+                    b.ToTable("Users");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithMany("AccessSchedules")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithMany("DisplayPreferences")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.HomeSection", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.DisplayPreferences", null)
+                        .WithMany("HomeSections")
+                        .HasForeignKey("DisplayPreferencesId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.ImageInfo", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithOne("ProfileImage")
+                        .HasForeignKey("Jellyfin.Data.Entities.ImageInfo", "UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.ItemDisplayPreferences", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithMany("ItemDisplayPreferences")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Permission", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithMany("Permissions")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Preference", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", null)
+                        .WithMany("Preferences")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade);
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", "User")
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
+                {
+                    b.Navigation("HomeSections");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.User", b =>
+                {
+                    b.Navigation("AccessSchedules");
+
+                    b.Navigation("DisplayPreferences");
+
+                    b.Navigation("ItemDisplayPreferences");
+
+                    b.Navigation("Permissions");
+
+                    b.Navigation("Preferences");
+
+                    b.Navigation("ProfileImage");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.cs b/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.cs
new file mode 100644
index 000000000..2da8d3788
--- /dev/null
+++ b/Jellyfin.Server.Implementations/Migrations/20210521032224_AddDevices.cs
@@ -0,0 +1,126 @@
+#pragma warning disable CS1591
+#pragma warning disable SA1601
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace Jellyfin.Server.Implementations.Migrations
+{
+    public partial class AddDevices : Migration
+    {
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.CreateTable(
+                name: "ApiKeys",
+                schema: "jellyfin",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "INTEGER", nullable: false)
+                        .Annotation("Sqlite:Autoincrement", true),
+                    DateCreated = table.Column<DateTime>(type: "TEXT", nullable: false),
+                    Name = table.Column<string>(type: "TEXT", maxLength: 64, nullable: false),
+                    AccessToken = table.Column<Guid>(type: "TEXT", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_ApiKeys", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "DeviceOptions",
+                schema: "jellyfin",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "INTEGER", nullable: false)
+                        .Annotation("Sqlite:Autoincrement", true),
+                    DeviceId = table.Column<string>(type: "TEXT", nullable: false),
+                    CustomName = table.Column<string>(type: "TEXT", nullable: true)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_DeviceOptions", x => x.Id);
+                });
+
+            migrationBuilder.CreateTable(
+                name: "Devices",
+                schema: "jellyfin",
+                columns: table => new
+                {
+                    Id = table.Column<int>(type: "INTEGER", nullable: false)
+                        .Annotation("Sqlite:Autoincrement", true),
+                    UserId = table.Column<Guid>(type: "TEXT", nullable: false),
+                    AccessToken = table.Column<string>(type: "TEXT", nullable: false),
+                    AppName = table.Column<string>(type: "TEXT", maxLength: 64, nullable: false),
+                    AppVersion = table.Column<string>(type: "TEXT", maxLength: 32, nullable: false),
+                    DeviceName = table.Column<string>(type: "TEXT", maxLength: 64, nullable: false),
+                    DeviceId = table.Column<string>(type: "TEXT", maxLength: 256, nullable: false),
+                    IsActive = table.Column<bool>(type: "INTEGER", nullable: false),
+                    DateCreated = table.Column<DateTime>(type: "TEXT", nullable: false),
+                    DateLastActivity = table.Column<DateTime>(type: "TEXT", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_Devices", x => x.Id);
+                    table.ForeignKey(
+                        name: "FK_Devices_Users_UserId",
+                        column: x => x.UserId,
+                        principalSchema: "jellyfin",
+                        principalTable: "Users",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_ApiKeys_AccessToken",
+                schema: "jellyfin",
+                table: "ApiKeys",
+                column: "AccessToken",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_DeviceOptions_DeviceId",
+                schema: "jellyfin",
+                table: "DeviceOptions",
+                column: "DeviceId",
+                unique: true);
+
+            migrationBuilder.CreateIndex(
+                name: "IX_Devices_AccessToken_DateLastActivity",
+                schema: "jellyfin",
+                table: "Devices",
+                columns: new[] { "AccessToken", "DateLastActivity" });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_Devices_DeviceId",
+                schema: "jellyfin",
+                table: "Devices",
+                column: "DeviceId");
+
+            migrationBuilder.CreateIndex(
+                name: "IX_Devices_DeviceId_DateLastActivity",
+                schema: "jellyfin",
+                table: "Devices",
+                columns: new[] { "DeviceId", "DateLastActivity" });
+
+            migrationBuilder.CreateIndex(
+                name: "IX_Devices_UserId_DeviceId",
+                schema: "jellyfin",
+                table: "Devices",
+                columns: new[] { "UserId", "DeviceId" });
+        }
+
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropTable(
+                name: "ApiKeys",
+                schema: "jellyfin");
+
+            migrationBuilder.DropTable(
+                name: "DeviceOptions",
+                schema: "jellyfin");
+
+            migrationBuilder.DropTable(
+                name: "Devices",
+                schema: "jellyfin");
+        }
+    }
+}
diff --git a/Jellyfin.Server.Implementations/Migrations/JellyfinDbModelSnapshot.cs b/Jellyfin.Server.Implementations/Migrations/JellyfinDbModelSnapshot.cs
index 286eb7468..8a1ae16f8 100644
--- a/Jellyfin.Server.Implementations/Migrations/JellyfinDbModelSnapshot.cs
+++ b/Jellyfin.Server.Implementations/Migrations/JellyfinDbModelSnapshot.cs
@@ -15,7 +15,7 @@ namespace Jellyfin.Server.Implementations.Migrations
 #pragma warning disable 612, 618
             modelBuilder
                 .HasDefaultSchema("jellyfin")
-                .HasAnnotation("ProductVersion", "5.0.3");
+                .HasAnnotation("ProductVersion", "5.0.5");
 
             modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
                 {
@@ -332,6 +332,107 @@ namespace Jellyfin.Server.Implementations.Migrations
                     b.ToTable("Preferences");
                 });
 
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.ApiKey", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("AccessToken")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateCreated")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AccessToken")
+                        .IsUnique();
+
+                    b.ToTable("ApiKeys");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("AccessToken")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AppName")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AppVersion")
+                        .IsRequired()
+                        .HasMaxLength(32)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateCreated")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime>("DateLastActivity")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceId")
+                        .IsRequired()
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceName")
+                        .IsRequired()
+                        .HasMaxLength(64)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("IsActive")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<Guid>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("DeviceId");
+
+                    b.HasIndex("AccessToken", "DateLastActivity");
+
+                    b.HasIndex("DeviceId", "DateLastActivity");
+
+                    b.HasIndex("UserId", "DeviceId");
+
+                    b.ToTable("Devices");
+                });
+
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.DeviceOptions", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("CustomName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DeviceId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("DeviceId")
+                        .IsUnique();
+
+                    b.ToTable("DeviceOptions");
+                });
+
             modelBuilder.Entity("Jellyfin.Data.Entities.User", b =>
                 {
                     b.Property<Guid>("Id")
@@ -505,6 +606,17 @@ namespace Jellyfin.Server.Implementations.Migrations
                         .OnDelete(DeleteBehavior.Cascade);
                 });
 
+            modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
+                {
+                    b.HasOne("Jellyfin.Data.Entities.User", "User")
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
             modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
                 {
                     b.Navigation("HomeSections");
diff --git a/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
new file mode 100644
index 000000000..775edafc2
--- /dev/null
+++ b/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs
@@ -0,0 +1,283 @@
+#pragma warning disable CS1591
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Controller.Net;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Net.Http.Headers;
+
+namespace Jellyfin.Server.Implementations.Security
+{
+    public class AuthorizationContext : IAuthorizationContext
+    {
+        private readonly JellyfinDb _jellyfinDb;
+        private readonly IUserManager _userManager;
+
+        public AuthorizationContext(JellyfinDb jellyfinDb, IUserManager userManager)
+        {
+            _jellyfinDb = jellyfinDb;
+            _userManager = userManager;
+        }
+
+        public Task<AuthorizationInfo> GetAuthorizationInfo(HttpContext requestContext)
+        {
+            if (requestContext.Request.HttpContext.Items.TryGetValue("AuthorizationInfo", out var cached) && cached != null)
+            {
+                return Task.FromResult((AuthorizationInfo)cached);
+            }
+
+            return GetAuthorization(requestContext);
+        }
+
+        public async Task<AuthorizationInfo> GetAuthorizationInfo(HttpRequest requestContext)
+        {
+            var auth = GetAuthorizationDictionary(requestContext);
+            var authInfo = await GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query).ConfigureAwait(false);
+            return authInfo;
+        }
+
+        /// <summary>
+        /// Gets the authorization.
+        /// </summary>
+        /// <param name="httpReq">The HTTP req.</param>
+        /// <returns>Dictionary{System.StringSystem.String}.</returns>
+        private async Task<AuthorizationInfo> GetAuthorization(HttpContext httpReq)
+        {
+            var auth = GetAuthorizationDictionary(httpReq);
+            var authInfo = await GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query).ConfigureAwait(false);
+
+            httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
+            return authInfo;
+        }
+
+        private async Task<AuthorizationInfo> GetAuthorizationInfoFromDictionary(
+            IReadOnlyDictionary<string, string>? auth,
+            IHeaderDictionary headers,
+            IQueryCollection queryString)
+        {
+            string? deviceId = null;
+            string? deviceName = null;
+            string? client = null;
+            string? version = null;
+            string? token = null;
+
+            if (auth != null)
+            {
+                auth.TryGetValue("DeviceId", out deviceId);
+                auth.TryGetValue("Device", out deviceName);
+                auth.TryGetValue("Client", out client);
+                auth.TryGetValue("Version", out version);
+                auth.TryGetValue("Token", out token);
+            }
+
+#pragma warning disable CA1508
+            // headers can return StringValues.Empty
+            if (string.IsNullOrEmpty(token))
+            {
+                token = headers["X-Emby-Token"];
+            }
+
+            if (string.IsNullOrEmpty(token))
+            {
+                token = headers["X-MediaBrowser-Token"];
+            }
+
+            if (string.IsNullOrEmpty(token))
+            {
+                token = queryString["ApiKey"];
+            }
+
+            // TODO deprecate this query parameter.
+            if (string.IsNullOrEmpty(token))
+            {
+                token = queryString["api_key"];
+            }
+
+            var authInfo = new AuthorizationInfo
+            {
+                Client = client,
+                Device = deviceName,
+                DeviceId = deviceId,
+                Version = version,
+                Token = token,
+                IsAuthenticated = false,
+                HasToken = false
+            };
+
+            if (string.IsNullOrWhiteSpace(token))
+            {
+                // Request doesn't contain a token.
+                return authInfo;
+            }
+#pragma warning restore CA1508
+
+            authInfo.HasToken = true;
+            var device = await _jellyfinDb.Devices.FirstOrDefaultAsync(d => d.AccessToken == token).ConfigureAwait(false);
+
+            if (device != null)
+            {
+                authInfo.IsAuthenticated = true;
+            }
+
+            if (device != null)
+            {
+                var updateToken = false;
+
+                // TODO: Remove these checks for IsNullOrWhiteSpace
+                if (string.IsNullOrWhiteSpace(authInfo.Client))
+                {
+                    authInfo.Client = device.AppName;
+                }
+
+                if (string.IsNullOrWhiteSpace(authInfo.DeviceId))
+                {
+                    authInfo.DeviceId = device.DeviceId;
+                }
+
+                // Temporary. TODO - allow clients to specify that the token has been shared with a casting device
+                var allowTokenInfoUpdate = !authInfo.Client.Contains("chromecast", StringComparison.OrdinalIgnoreCase);
+
+                if (string.IsNullOrWhiteSpace(authInfo.Device))
+                {
+                    authInfo.Device = device.DeviceName;
+                }
+                else if (!string.Equals(authInfo.Device, device.DeviceName, StringComparison.OrdinalIgnoreCase))
+                {
+                    if (allowTokenInfoUpdate)
+                    {
+                        updateToken = true;
+                        device.DeviceName = authInfo.Device;
+                    }
+                }
+
+                if (string.IsNullOrWhiteSpace(authInfo.Version))
+                {
+                    authInfo.Version = device.AppVersion;
+                }
+                else if (!string.Equals(authInfo.Version, device.AppVersion, StringComparison.OrdinalIgnoreCase))
+                {
+                    if (allowTokenInfoUpdate)
+                    {
+                        updateToken = true;
+                        device.AppVersion = authInfo.Version;
+                    }
+                }
+
+                if ((DateTime.UtcNow - device.DateLastActivity).TotalMinutes > 3)
+                {
+                    device.DateLastActivity = DateTime.UtcNow;
+                    updateToken = true;
+                }
+
+                if (!device.UserId.Equals(Guid.Empty))
+                {
+                    authInfo.User = _userManager.GetUserById(device.UserId);
+                    authInfo.IsApiKey = false;
+                }
+                else
+                {
+                    authInfo.IsApiKey = true;
+                }
+
+                if (updateToken)
+                {
+                    _jellyfinDb.Devices.Update(device);
+                    await _jellyfinDb.SaveChangesAsync().ConfigureAwait(false);
+                }
+            }
+
+            return authInfo;
+        }
+
+        /// <summary>
+        /// Gets the auth.
+        /// </summary>
+        /// <param name="httpReq">The HTTP req.</param>
+        /// <returns>Dictionary{System.StringSystem.String}.</returns>
+        private Dictionary<string, string>? GetAuthorizationDictionary(HttpContext httpReq)
+        {
+            var auth = httpReq.Request.Headers["X-Emby-Authorization"];
+
+            if (string.IsNullOrEmpty(auth))
+            {
+                auth = httpReq.Request.Headers[HeaderNames.Authorization];
+            }
+
+            return GetAuthorization(auth);
+        }
+
+        /// <summary>
+        /// Gets the auth.
+        /// </summary>
+        /// <param name="httpReq">The HTTP req.</param>
+        /// <returns>Dictionary{System.StringSystem.String}.</returns>
+        private Dictionary<string, string>? GetAuthorizationDictionary(HttpRequest httpReq)
+        {
+            var auth = httpReq.Headers["X-Emby-Authorization"];
+
+            if (string.IsNullOrEmpty(auth))
+            {
+                auth = httpReq.Headers[HeaderNames.Authorization];
+            }
+
+            return GetAuthorization(auth);
+        }
+
+        /// <summary>
+        /// Gets the authorization.
+        /// </summary>
+        /// <param name="authorizationHeader">The authorization header.</param>
+        /// <returns>Dictionary{System.StringSystem.String}.</returns>
+        private Dictionary<string, string>? GetAuthorization(string? authorizationHeader)
+        {
+            if (authorizationHeader == null)
+            {
+                return null;
+            }
+
+            var parts = authorizationHeader.Split(' ', 2);
+
+            // There should be at least to parts
+            if (parts.Length != 2)
+            {
+                return null;
+            }
+
+            var acceptedNames = new[] { "MediaBrowser", "Emby" };
+
+            // It has to be a digest request
+            if (!acceptedNames.Contains(parts[0], StringComparer.OrdinalIgnoreCase))
+            {
+                return null;
+            }
+
+            // Remove uptil the first space
+            authorizationHeader = parts[1];
+            parts = authorizationHeader.Split(',');
+
+            var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+
+            foreach (var item in parts)
+            {
+                var param = item.Trim().Split('=', 2);
+
+                if (param.Length == 2)
+                {
+                    var value = NormalizeValue(param[1].Trim('"'));
+                    result[param[0]] = value;
+                }
+            }
+
+            return result;
+        }
+
+        private static string NormalizeValue(string value)
+        {
+            return string.IsNullOrEmpty(value) ? value : WebUtility.HtmlEncode(value);
+        }
+    }
+}
diff --git a/Jellyfin.Server.Implementations/Users/DeviceAccessEntryPoint.cs b/Jellyfin.Server.Implementations/Users/DeviceAccessEntryPoint.cs
index dbba80c21..a471ea1d5 100644
--- a/Jellyfin.Server.Implementations/Users/DeviceAccessEntryPoint.cs
+++ b/Jellyfin.Server.Implementations/Users/DeviceAccessEntryPoint.cs
@@ -4,10 +4,10 @@ using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using Jellyfin.Data.Events;
+using Jellyfin.Data.Queries;
 using MediaBrowser.Controller.Devices;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Plugins;
-using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 
 namespace Jellyfin.Server.Implementations.Users
@@ -15,14 +15,12 @@ namespace Jellyfin.Server.Implementations.Users
     public sealed class DeviceAccessEntryPoint : IServerEntryPoint
     {
         private readonly IUserManager _userManager;
-        private readonly IAuthenticationRepository _authRepo;
         private readonly IDeviceManager _deviceManager;
         private readonly ISessionManager _sessionManager;
 
-        public DeviceAccessEntryPoint(IUserManager userManager, IAuthenticationRepository authRepo, IDeviceManager deviceManager, ISessionManager sessionManager)
+        public DeviceAccessEntryPoint(IUserManager userManager, IDeviceManager deviceManager, ISessionManager sessionManager)
         {
             _userManager = userManager;
-            _authRepo = authRepo;
             _deviceManager = deviceManager;
             _sessionManager = sessionManager;
         }
@@ -38,27 +36,27 @@ namespace Jellyfin.Server.Implementations.Users
         {
         }
 
-        private void OnUserUpdated(object? sender, GenericEventArgs<User> e)
+        private async void OnUserUpdated(object? sender, GenericEventArgs<User> e)
         {
             var user = e.Argument;
             if (!user.HasPermission(PermissionKind.EnableAllDevices))
             {
-                UpdateDeviceAccess(user);
+                await UpdateDeviceAccess(user).ConfigureAwait(false);
             }
         }
 
-        private void UpdateDeviceAccess(User user)
+        private async Task UpdateDeviceAccess(User user)
         {
-            var existing = _authRepo.Get(new AuthenticationInfoQuery
+            var existing = (await _deviceManager.GetDevices(new DeviceQuery
             {
                 UserId = user.Id
-            }).Items;
+            }).ConfigureAwait(false)).Items;
 
-            foreach (var authInfo in existing)
+            foreach (var device in existing)
             {
-                if (!string.IsNullOrEmpty(authInfo.DeviceId) && !_deviceManager.CanAccessDevice(user, authInfo.DeviceId))
+                if (!string.IsNullOrEmpty(device.DeviceId) && !_deviceManager.CanAccessDevice(user, device.DeviceId))
                 {
-                    _sessionManager.Logout(authInfo);
+                    await _sessionManager.Logout(device).ConfigureAwait(false);
                 }
             }
         }
diff --git a/Jellyfin.Server/CoreAppHost.cs b/Jellyfin.Server/CoreAppHost.cs
index b20acae32..362be8531 100644
--- a/Jellyfin.Server/CoreAppHost.cs
+++ b/Jellyfin.Server/CoreAppHost.cs
@@ -11,6 +11,7 @@ using Jellyfin.Server.Implementations;
 using Jellyfin.Server.Implementations.Activity;
 using Jellyfin.Server.Implementations.Devices;
 using Jellyfin.Server.Implementations.Events;
+using Jellyfin.Server.Implementations.Security;
 using Jellyfin.Server.Implementations.Users;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.BaseItemManager;
@@ -94,6 +95,8 @@ namespace Jellyfin.Server
             ServiceCollection.AddSingleton<IWebSocketListener, ScheduledTasksWebSocketListener>();
             ServiceCollection.AddSingleton<IWebSocketListener, SessionInfoWebSocketListener>();
 
+            ServiceCollection.AddScoped<IAuthorizationContext, AuthorizationContext>();
+
             base.RegisterServices();
         }
 
diff --git a/MediaBrowser.Controller/Devices/IDeviceManager.cs b/MediaBrowser.Controller/Devices/IDeviceManager.cs
index 28612cea3..6ff4422d2 100644
--- a/MediaBrowser.Controller/Devices/IDeviceManager.cs
+++ b/MediaBrowser.Controller/Devices/IDeviceManager.cs
@@ -7,6 +7,7 @@ using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Events;
+using Jellyfin.Data.Queries;
 using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Querying;
 using MediaBrowser.Model.Session;
@@ -17,6 +18,13 @@ namespace MediaBrowser.Controller.Devices
     {
         event EventHandler<GenericEventArgs<Tuple<string, DeviceOptions>>> DeviceOptionsUpdated;
 
+        /// <summary>
+        /// Creates a new device.
+        /// </summary>
+        /// <param name="device">The device to create.</param>
+        /// <returns>A <see cref="Task{Device}"/> representing the creation of the device.</returns>
+        Task<Device> CreateDevice(Device device);
+
         /// <summary>
         /// Saves the capabilities.
         /// </summary>
@@ -38,6 +46,15 @@ namespace MediaBrowser.Controller.Devices
         /// <returns>DeviceInfo.</returns>
         Task<DeviceInfo> GetDevice(string id);
 
+        /// <summary>
+        /// Gets devices based on the provided query.
+        /// </summary>
+        /// <param name="query">The device query.</param>
+        /// <returns>A <see cref="Task{QueryResult}"/> representing the retrieval of the devices.</returns>
+        Task<QueryResult<Device>> GetDevices(DeviceQuery query);
+
+        Task<QueryResult<DeviceInfo>> GetDeviceInfos(DeviceQuery query);
+
         /// <summary>
         /// Gets the devices.
         /// </summary>
@@ -46,6 +63,8 @@ namespace MediaBrowser.Controller.Devices
         /// <returns>IEnumerable&lt;DeviceInfo&gt;.</returns>
         Task<QueryResult<DeviceInfo>> GetDevicesForUser(Guid? userId, bool? supportsSync);
 
+        Task DeleteDevice(Device device);
+
         /// <summary>
         /// Determines whether this instance [can access device] the specified user identifier.
         /// </summary>
diff --git a/MediaBrowser.Controller/Net/IAuthService.cs b/MediaBrowser.Controller/Net/IAuthService.cs
index d15c6d318..a7da740e0 100644
--- a/MediaBrowser.Controller/Net/IAuthService.cs
+++ b/MediaBrowser.Controller/Net/IAuthService.cs
@@ -1,3 +1,4 @@
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 
 namespace MediaBrowser.Controller.Net
@@ -12,6 +13,6 @@ namespace MediaBrowser.Controller.Net
         /// </summary>
         /// <param name="request">The request.</param>
         /// <returns>Authorization information. Null if unauthenticated.</returns>
-        AuthorizationInfo Authenticate(HttpRequest request);
+        Task<AuthorizationInfo> Authenticate(HttpRequest request);
     }
 }
diff --git a/MediaBrowser.Controller/Net/IAuthorizationContext.cs b/MediaBrowser.Controller/Net/IAuthorizationContext.cs
index 0d310548d..5c6ca43d1 100644
--- a/MediaBrowser.Controller/Net/IAuthorizationContext.cs
+++ b/MediaBrowser.Controller/Net/IAuthorizationContext.cs
@@ -1,3 +1,4 @@
+using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 
 namespace MediaBrowser.Controller.Net
@@ -11,14 +12,14 @@ namespace MediaBrowser.Controller.Net
         /// Gets the authorization information.
         /// </summary>
         /// <param name="requestContext">The request context.</param>
-        /// <returns>AuthorizationInfo.</returns>
-        AuthorizationInfo GetAuthorizationInfo(HttpContext requestContext);
+        /// <returns>A task containing the authorization info.</returns>
+        Task<AuthorizationInfo> GetAuthorizationInfo(HttpContext requestContext);
 
         /// <summary>
         /// Gets the authorization information.
         /// </summary>
         /// <param name="requestContext">The request context.</param>
-        /// <returns>AuthorizationInfo.</returns>
-        AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext);
+        /// <returns>A <see cref="Task"/> containing the authorization info.</returns>
+        Task<AuthorizationInfo> GetAuthorizationInfo(HttpRequest requestContext);
     }
 }
diff --git a/MediaBrowser.Controller/Security/AuthenticationInfoQuery.cs b/MediaBrowser.Controller/Security/AuthenticationInfoQuery.cs
deleted file mode 100644
index 3af6a525c..000000000
--- a/MediaBrowser.Controller/Security/AuthenticationInfoQuery.cs
+++ /dev/null
@@ -1,53 +0,0 @@
-#nullable disable
-
-#pragma warning disable CS1591
-
-using System;
-
-namespace MediaBrowser.Controller.Security
-{
-    public class AuthenticationInfoQuery
-    {
-        /// <summary>
-        /// Gets or sets the device identifier.
-        /// </summary>
-        /// <value>The device identifier.</value>
-        public string DeviceId { get; set; }
-
-        /// <summary>
-        /// Gets or sets the user identifier.
-        /// </summary>
-        /// <value>The user identifier.</value>
-        public Guid UserId { get; set; }
-
-        /// <summary>
-        /// Gets or sets the access token.
-        /// </summary>
-        /// <value>The access token.</value>
-        public string AccessToken { get; set; }
-
-        /// <summary>
-        /// Gets or sets a value indicating whether this instance is active.
-        /// </summary>
-        /// <value><c>null</c> if [is active] contains no value, <c>true</c> if [is active]; otherwise, <c>false</c>.</value>
-        public bool? IsActive { get; set; }
-
-        /// <summary>
-        /// Gets or sets a value indicating whether this instance has user.
-        /// </summary>
-        /// <value><c>null</c> if [has user] contains no value, <c>true</c> if [has user]; otherwise, <c>false</c>.</value>
-        public bool? HasUser { get; set; }
-
-        /// <summary>
-        /// Gets or sets the start index.
-        /// </summary>
-        /// <value>The start index.</value>
-        public int? StartIndex { get; set; }
-
-        /// <summary>
-        /// Gets or sets the limit.
-        /// </summary>
-        /// <value>The limit.</value>
-        public int? Limit { get; set; }
-    }
-}
diff --git a/MediaBrowser.Controller/Security/IAuthenticationRepository.cs b/MediaBrowser.Controller/Security/IAuthenticationRepository.cs
deleted file mode 100644
index 9685005ba..000000000
--- a/MediaBrowser.Controller/Security/IAuthenticationRepository.cs
+++ /dev/null
@@ -1,39 +0,0 @@
-#nullable disable
-
-#pragma warning disable CS1591
-
-using Jellyfin.Data.Entities.Security;
-using MediaBrowser.Model.Querying;
-
-namespace MediaBrowser.Controller.Security
-{
-    public interface IAuthenticationRepository
-    {
-        /// <summary>
-        /// Creates the specified information.
-        /// </summary>
-        /// <param name="info">The information.</param>
-        /// <returns>Task.</returns>
-        void Create(AuthenticationInfo info);
-
-        /// <summary>
-        /// Updates the specified information.
-        /// </summary>
-        /// <param name="info">The information.</param>
-        /// <returns>Task.</returns>
-        void Update(AuthenticationInfo info);
-
-        /// <summary>
-        /// Gets the specified query.
-        /// </summary>
-        /// <param name="query">The query.</param>
-        /// <returns>QueryResult{AuthenticationInfo}.</returns>
-        QueryResult<AuthenticationInfo> Get(AuthenticationInfoQuery query);
-
-        void Delete(AuthenticationInfo info);
-
-        DeviceOptions GetDeviceOptions(string deviceId);
-
-        void UpdateDeviceOptions(string deviceId, DeviceOptions options);
-    }
-}
diff --git a/MediaBrowser.Controller/Session/ISessionManager.cs b/MediaBrowser.Controller/Session/ISessionManager.cs
index 30a83d6e7..1000da247 100644
--- a/MediaBrowser.Controller/Session/ISessionManager.cs
+++ b/MediaBrowser.Controller/Session/ISessionManager.cs
@@ -6,10 +6,12 @@ using System;
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
+using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Events;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Security;
+using MediaBrowser.Model.Devices;
 using MediaBrowser.Model.Session;
 using MediaBrowser.Model.SyncPlay;
 
@@ -325,26 +327,23 @@ namespace MediaBrowser.Controller.Session
         /// <param name="remoteEndpoint">The remote endpoint.</param>
         /// <param name="appVersion">The application version.</param>
         /// <returns>Task&lt;SessionInfo&gt;.</returns>
-        Task<SessionInfo> GetSessionByAuthenticationToken(AuthenticationInfo info, string deviceId, string remoteEndpoint, string appVersion);
+        Task<SessionInfo> GetSessionByAuthenticationToken(Device info, string deviceId, string remoteEndpoint, string appVersion);
 
         /// <summary>
         /// Logouts the specified access token.
         /// </summary>
         /// <param name="accessToken">The access token.</param>
-        void Logout(string accessToken);
+        /// <returns>A <see cref="Task"/> representing the log out process.</returns>
+        Task Logout(string accessToken);
 
-        void Logout(AuthenticationInfo accessToken);
+        Task Logout(Device accessToken);
 
         /// <summary>
         /// Revokes the user tokens.
         /// </summary>
-        void RevokeUserTokens(Guid userId, string currentAccessToken);
-
-        /// <summary>
-        /// Revokes the token.
-        /// </summary>
-        /// <param name="id">The identifier.</param>
-        void RevokeToken(string id);
+        /// <param name="userId">The user's id.</param>
+        /// <param name="currentAccessToken">The current access token.</param>
+        Task RevokeUserTokens(Guid userId, string currentAccessToken);
 
         void CloseIfNeeded(SessionInfo session);
     }
diff --git a/MediaBrowser.Model/Devices/DeviceInfo.cs b/MediaBrowser.Model/Devices/DeviceInfo.cs
index 0cccf931c..7a1c7a738 100644
--- a/MediaBrowser.Model/Devices/DeviceInfo.cs
+++ b/MediaBrowser.Model/Devices/DeviceInfo.cs
@@ -15,6 +15,11 @@ namespace MediaBrowser.Model.Devices
 
         public string Name { get; set; }
 
+        /// <summary>
+        /// Gets or sets the access token.
+        /// </summary>
+        public string AccessToken { get; set; }
+
         /// <summary>
         /// Gets or sets the identifier.
         /// </summary>
diff --git a/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
index de03aa5f5..cd03958b6 100644
--- a/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
+++ b/tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
@@ -136,7 +136,7 @@ namespace Jellyfin.Api.Tests.Auth
             _jellyfinAuthServiceMock.Setup(
                     a => a.Authenticate(
                         It.IsAny<HttpRequest>()))
-                .Returns(authorizationInfo);
+                .Returns(Task.FromResult(authorizationInfo));
 
             return authorizationInfo;
         }
-- 
cgit v1.2.3


From 3123ea2a9489caec908eb7932d73fa586235ab91 Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Sat, 19 Jun 2021 15:09:16 -0400
Subject: Add missing ConfigureAwait call

---
 Jellyfin.Api/Controllers/DevicesController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 8af7b8f73..d4c2dbba0 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -47,7 +47,7 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<QueryResult<DeviceInfo>>> GetDevices([FromQuery] bool? supportsSync, [FromQuery] Guid? userId)
         {
-            return await _deviceManager.GetDevicesForUser(userId, supportsSync);
+            return await _deviceManager.GetDevicesForUser(userId, supportsSync).ConfigureAwait(false);
         }
 
         /// <summary>
-- 
cgit v1.2.3


From bbac9ff67e60d243dbd05be60abfcf13c295cd84 Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Sun, 27 Jun 2021 16:42:26 -0400
Subject: GetDeviceOptions always returns an instance of DeviceOptions

---
 Emby.Server.Implementations/Session/SessionManager.cs    | 2 +-
 Jellyfin.Api/Controllers/DevicesController.cs            | 6 ------
 Jellyfin.Server.Implementations/Devices/DeviceManager.cs | 6 ++++--
 3 files changed, 5 insertions(+), 9 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Emby.Server.Implementations/Session/SessionManager.cs b/Emby.Server.Implementations/Session/SessionManager.cs
index 40a346e95..ac730fa43 100644
--- a/Emby.Server.Implementations/Session/SessionManager.cs
+++ b/Emby.Server.Implementations/Session/SessionManager.cs
@@ -535,7 +535,7 @@ namespace Emby.Server.Implementations.Session
             }
 
             var deviceOptions = await _deviceManager.GetDeviceOptions(deviceId).ConfigureAwait(false);
-            if (string.IsNullOrEmpty(deviceOptions?.CustomName))
+            if (string.IsNullOrEmpty(deviceOptions.CustomName))
             {
                 sessionInfo.DeviceName = deviceName;
             }
diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index d4c2dbba0..26b9a854d 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -107,12 +107,6 @@ namespace Jellyfin.Api.Controllers
             [FromQuery, Required] string id,
             [FromBody, Required] DeviceOptions deviceOptions)
         {
-            var existingDeviceOptions = await _deviceManager.GetDeviceOptions(id).ConfigureAwait(false);
-            if (existingDeviceOptions == null)
-            {
-                return NotFound();
-            }
-
             await _deviceManager.UpdateDeviceOptions(id, deviceOptions).ConfigureAwait(false);
             return NoContent();
         }
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index 484a53428..b02ca4ef0 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -74,13 +74,15 @@ namespace Jellyfin.Server.Implementations.Devices
         }
 
         /// <inheritdoc />
-        public async Task<DeviceOptions?> GetDeviceOptions(string deviceId)
+        public async Task<DeviceOptions> GetDeviceOptions(string deviceId)
         {
             await using var dbContext = _dbProvider.CreateContext();
-            return await dbContext.DeviceOptions
+            var deviceOptions = await dbContext.DeviceOptions
                 .AsQueryable()
                 .FirstOrDefaultAsync(d => d.DeviceId == deviceId)
                 .ConfigureAwait(false);
+
+            return deviceOptions ?? new DeviceOptions(deviceId);
         }
 
         /// <inheritdoc />
-- 
cgit v1.2.3


From 60ce0c9fa9a3df50a8a7a08629bcedbe3724aee3 Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Tue, 13 Jul 2021 19:30:11 -0400
Subject: Add dto for device options

---
 Jellyfin.Api/Controllers/DevicesController.cs      |  5 +++--
 Jellyfin.Data/Dtos/DeviceOptionsDto.cs             | 23 ++++++++++++++++++++++
 .../Devices/DeviceManager.cs                       |  6 +++---
 MediaBrowser.Controller/Devices/IDeviceManager.cs  |  2 +-
 4 files changed, 30 insertions(+), 6 deletions(-)
 create mode 100644 Jellyfin.Data/Dtos/DeviceOptionsDto.cs

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index 26b9a854d..ebe7b7584 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -2,6 +2,7 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
+using Jellyfin.Data.Dtos;
 using Jellyfin.Data.Entities.Security;
 using Jellyfin.Data.Queries;
 using MediaBrowser.Controller.Devices;
@@ -105,9 +106,9 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> UpdateDeviceOptions(
             [FromQuery, Required] string id,
-            [FromBody, Required] DeviceOptions deviceOptions)
+            [FromBody, Required] DeviceOptionsDto deviceOptions)
         {
-            await _deviceManager.UpdateDeviceOptions(id, deviceOptions).ConfigureAwait(false);
+            await _deviceManager.UpdateDeviceOptions(id, deviceOptions.CustomName).ConfigureAwait(false);
             return NoContent();
         }
 
diff --git a/Jellyfin.Data/Dtos/DeviceOptionsDto.cs b/Jellyfin.Data/Dtos/DeviceOptionsDto.cs
new file mode 100644
index 000000000..392ef5ff4
--- /dev/null
+++ b/Jellyfin.Data/Dtos/DeviceOptionsDto.cs
@@ -0,0 +1,23 @@
+namespace Jellyfin.Data.Dtos
+{
+    /// <summary>
+    /// A dto representing custom options for a device.
+    /// </summary>
+    public class DeviceOptionsDto
+    {
+        /// <summary>
+        /// Gets or sets the id.
+        /// </summary>
+        public int Id { get; set; }
+
+        /// <summary>
+        /// Gets or sets the device id.
+        /// </summary>
+        public string? DeviceId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the custom name.
+        /// </summary>
+        public string? CustomName { get; set; }
+    }
+}
diff --git a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
index ef0d5db09..3d1bc30e8 100644
--- a/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
+++ b/Jellyfin.Server.Implementations/Devices/DeviceManager.cs
@@ -46,7 +46,7 @@ namespace Jellyfin.Server.Implementations.Devices
         }
 
         /// <inheritdoc />
-        public async Task UpdateDeviceOptions(string deviceId, DeviceOptions options)
+        public async Task UpdateDeviceOptions(string deviceId, string deviceName)
         {
             await using var dbContext = _dbProvider.CreateContext();
             var deviceOptions = await dbContext.DeviceOptions.AsQueryable().FirstOrDefaultAsync(dev => dev.DeviceId == deviceId).ConfigureAwait(false);
@@ -56,10 +56,10 @@ namespace Jellyfin.Server.Implementations.Devices
                 dbContext.DeviceOptions.Add(deviceOptions);
             }
 
-            deviceOptions.CustomName = options.CustomName;
+            deviceOptions.CustomName = deviceName;
             await dbContext.SaveChangesAsync().ConfigureAwait(false);
 
-            DeviceOptionsUpdated?.Invoke(this, new GenericEventArgs<Tuple<string, DeviceOptions>>(new Tuple<string, DeviceOptions>(deviceId, options)));
+            DeviceOptionsUpdated?.Invoke(this, new GenericEventArgs<Tuple<string, DeviceOptions>>(new Tuple<string, DeviceOptions>(deviceId, deviceOptions)));
         }
 
         /// <inheritdoc />
diff --git a/MediaBrowser.Controller/Devices/IDeviceManager.cs b/MediaBrowser.Controller/Devices/IDeviceManager.cs
index 6ff4422d2..7e696c3b3 100644
--- a/MediaBrowser.Controller/Devices/IDeviceManager.cs
+++ b/MediaBrowser.Controller/Devices/IDeviceManager.cs
@@ -70,7 +70,7 @@ namespace MediaBrowser.Controller.Devices
         /// </summary>
         bool CanAccessDevice(User user, string deviceId);
 
-        Task UpdateDeviceOptions(string deviceId, DeviceOptions options);
+        Task UpdateDeviceOptions(string deviceId, string deviceName);
 
         Task<DeviceOptions> GetDeviceOptions(string deviceId);
     }
-- 
cgit v1.2.3


From 1615663bd240fadd4a2d03c44256880dd40c7cb2 Mon Sep 17 00:00:00 2001
From: Patrick Barron <barronpm@gmail.com>
Date: Fri, 13 Aug 2021 21:08:49 -0400
Subject: Remove old response code documentation

---
 Jellyfin.Api/Controllers/DevicesController.cs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'Jellyfin.Api/Controllers/DevicesController.cs')

diff --git a/Jellyfin.Api/Controllers/DevicesController.cs b/Jellyfin.Api/Controllers/DevicesController.cs
index ebe7b7584..8292cf83b 100644
--- a/Jellyfin.Api/Controllers/DevicesController.cs
+++ b/Jellyfin.Api/Controllers/DevicesController.cs
@@ -99,11 +99,9 @@ namespace Jellyfin.Api.Controllers
         /// <param name="id">Device Id.</param>
         /// <param name="deviceOptions">Device Options.</param>
         /// <response code="204">Device options updated.</response>
-        /// <response code="404">Device not found.</response>
-        /// <returns>A <see cref="NoContentResult"/> on success, or a <see cref="NotFoundResult"/> if the device could not be found.</returns>
+        /// <returns>A <see cref="NoContentResult"/>.</returns>
         [HttpPost("Options")]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
-        [ProducesResponseType(StatusCodes.Status404NotFound)]
         public async Task<ActionResult> UpdateDeviceOptions(
             [FromQuery, Required] string id,
             [FromBody, Required] DeviceOptionsDto deviceOptions)
-- 
cgit v1.2.3