From 6e5ec99ea10557c141ed8d755e672cef628d35f0 Mon Sep 17 00:00:00 2001 From: Cody Robibero Date: Sun, 3 Mar 2024 13:51:31 -0700 Subject: Move userId in API from route to optional query parameter (#11074) * Move userId in API from route to optional query parameter * Standardize UserViewsController * Move userId to query in ImageController * Move userId to query in ItemsController * Move userId to query in PlaystateController * Move userId to query in SuggestionsController * Move userId from route to query in UserLibraryController * Clean up routes * Move userId to query in UserController * fix bad merge --------- Co-authored-by: Niels van Velzen --- Jellyfin.Api/Controllers/UserController.cs | 92 +++++++++++++++++++++++++----- 1 file changed, 79 insertions(+), 13 deletions(-) (limited to 'Jellyfin.Api/Controllers/UserController.cs') diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs index ea10ee24f..c3923a2ad 100644 --- a/Jellyfin.Api/Controllers/UserController.cs +++ b/Jellyfin.Api/Controllers/UserController.cs @@ -178,6 +178,7 @@ public class UserController : BaseJellyfinApiController [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status404NotFound)] + [ApiExplorerSettings(IgnoreApi = true)] [Obsolete("Authenticate with username instead")] public async Task> AuthenticateUser( [FromRoute, Required] Guid userId, @@ -263,21 +264,22 @@ public class UserController : BaseJellyfinApiController /// User is not allowed to update the password. /// User not found. /// A indicating success or a or a on failure. - [HttpPost("{userId}/Password")] + [HttpPost("Password")] [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status404NotFound)] public async Task UpdateUserPassword( - [FromRoute, Required] Guid userId, + [FromQuery] Guid? userId, [FromBody, Required] UpdateUserPassword request) { - if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true)) + var requestUserId = userId ?? User.GetUserId(); + if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the password."); } - var user = _userManager.GetUserById(userId); + var user = _userManager.GetUserById(requestUserId); if (user is null) { @@ -290,7 +292,7 @@ public class UserController : BaseJellyfinApiController } else { - if (!User.IsInRole(UserRoles.Administrator) || User.GetUserId().Equals(userId)) + if (!User.IsInRole(UserRoles.Administrator) || (userId.HasValue && User.GetUserId().Equals(userId.Value))) { var success = await _userManager.AuthenticateUser( user.Username, @@ -315,6 +317,27 @@ public class UserController : BaseJellyfinApiController return NoContent(); } + /// + /// Updates a user's password. + /// + /// The user id. + /// The request. + /// Password successfully reset. + /// User is not allowed to update the password. + /// User not found. + /// A indicating success or a or a on failure. + [HttpPost("{userId}/Password")] + [Authorize] + [ProducesResponseType(StatusCodes.Status204NoContent)] + [ProducesResponseType(StatusCodes.Status403Forbidden)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + [Obsolete("Kept for backwards compatibility")] + [ApiExplorerSettings(IgnoreApi = true)] + public Task UpdateUserPasswordLegacy( + [FromRoute, Required] Guid userId, + [FromBody, Required] UpdateUserPassword request) + => UpdateUserPassword(userId, request); + /// /// Updates a user's easy password. /// @@ -326,6 +349,7 @@ public class UserController : BaseJellyfinApiController /// A indicating success or a or a on failure. [HttpPost("{userId}/EasyPassword")] [Obsolete("Use Quick Connect instead")] + [ApiExplorerSettings(IgnoreApi = true)] [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status403Forbidden)] @@ -346,22 +370,23 @@ public class UserController : BaseJellyfinApiController /// User information was not supplied. /// User update forbidden. /// A indicating success or a or a on failure. - [HttpPost("{userId}")] + [HttpPost] [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status403Forbidden)] public async Task UpdateUser( - [FromRoute, Required] Guid userId, + [FromQuery] Guid? userId, [FromBody, Required] UserDto updateUser) { - var user = _userManager.GetUserById(userId); + var requestUserId = userId ?? User.GetUserId(); + var user = _userManager.GetUserById(requestUserId); if (user is null) { return NotFound(); } - if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true)) + if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User update not allowed."); } @@ -376,6 +401,27 @@ public class UserController : BaseJellyfinApiController return NoContent(); } + /// + /// Updates a user. + /// + /// The user id. + /// The updated user model. + /// User updated. + /// User information was not supplied. + /// User update forbidden. + /// A indicating success or a or a on failure. + [HttpPost("{userId}")] + [Authorize] + [ProducesResponseType(StatusCodes.Status204NoContent)] + [ProducesResponseType(StatusCodes.Status400BadRequest)] + [ProducesResponseType(StatusCodes.Status403Forbidden)] + [Obsolete("Kept for backwards compatibility")] + [ApiExplorerSettings(IgnoreApi = true)] + public Task UpdateUserLegacy( + [FromRoute, Required] Guid userId, + [FromBody, Required] UserDto updateUser) + => UpdateUser(userId, updateUser); + /// /// Updates a user policy. /// @@ -440,24 +486,44 @@ public class UserController : BaseJellyfinApiController /// User configuration updated. /// User configuration update forbidden. /// A indicating success. - [HttpPost("{userId}/Configuration")] + [HttpPost("Configuration")] [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status403Forbidden)] public async Task UpdateUserConfiguration( - [FromRoute, Required] Guid userId, + [FromQuery] Guid? userId, [FromBody, Required] UserConfiguration userConfig) { - if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true)) + var requestUserId = userId ?? User.GetUserId(); + if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, requestUserId, true)) { return StatusCode(StatusCodes.Status403Forbidden, "User configuration update not allowed"); } - await _userManager.UpdateConfigurationAsync(userId, userConfig).ConfigureAwait(false); + await _userManager.UpdateConfigurationAsync(requestUserId, userConfig).ConfigureAwait(false); return NoContent(); } + /// + /// Updates a user configuration. + /// + /// The user id. + /// The new user configuration. + /// User configuration updated. + /// User configuration update forbidden. + /// A indicating success. + [HttpPost("{userId}/Configuration")] + [Authorize] + [Obsolete("Kept for backwards compatibility")] + [ApiExplorerSettings(IgnoreApi = true)] + [ProducesResponseType(StatusCodes.Status204NoContent)] + [ProducesResponseType(StatusCodes.Status403Forbidden)] + public Task UpdateUserConfigurationLegacy( + [FromRoute, Required] Guid userId, + [FromBody, Required] UserConfiguration userConfig) + => UpdateUserConfiguration(userId, userConfig); + /// /// Creates a user. /// -- cgit v1.2.3