From eb7fee95906f1c9d8d104777e0214de9115ca82f Mon Sep 17 00:00:00 2001 From: Bond_009 Date: Sat, 4 Feb 2023 21:08:21 +0100 Subject: Add more tests --- .../Controllers/LibraryControllerTests.cs | 40 ++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs (limited to 'tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs') diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs new file mode 100644 index 000000000..013d19a9f --- /dev/null +++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs @@ -0,0 +1,40 @@ +using System; +using System.Globalization; +using System.Net; +using System.Threading.Tasks; +using Xunit; + +namespace Jellyfin.Server.Integration.Tests.Controllers; + +public sealed class LibraryControllerTests : IClassFixture +{ + private readonly JellyfinApplicationFactory _factory; + private static string? _accessToken; + + public LibraryControllerTests(JellyfinApplicationFactory factory) + { + _factory = factory; + } + + [Theory] + [InlineData("Items/{0}/File")] + [InlineData("Items/{0}/ThemeSongs")] + [InlineData("Items/{0}/ThemeVideos")] + [InlineData("Items/{0}/ThemeMedia")] + [InlineData("Items/{0}/Ancestors")] + [InlineData("Items/{0}/Download")] + [InlineData("Artists/{0}/Similar")] + [InlineData("Items/{0}/Similar")] + [InlineData("Albums/{0}/Similar")] + [InlineData("Shows/{0}/Similar")] + [InlineData("Movies/{0}/Similar")] + [InlineData("Trailers/{0}/Similar")] + public async Task Get_NonExistentItemId_NotFound(string format) + { + var client = _factory.CreateClient(); + client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false)); + + var response = await client.GetAsync(string.Format(CultureInfo.InvariantCulture, format, Guid.NewGuid())).ConfigureAwait(false); + Assert.Equal(HttpStatusCode.NotFound, response.StatusCode); + } +} -- cgit v1.2.3 From 8316bd590e4553953c7ca78e6eef26672fbcb416 Mon Sep 17 00:00:00 2001 From: Bond_009 Date: Mon, 27 Mar 2023 15:22:21 +0200 Subject: Fix #7610 --- Jellyfin.Api/Controllers/LibraryController.cs | 44 ++++++++++++++++------ .../Controllers/LibraryControllerTests.cs | 23 +++++++++++ 2 files changed, 55 insertions(+), 12 deletions(-) (limited to 'tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs') diff --git a/Jellyfin.Api/Controllers/LibraryController.cs b/Jellyfin.Api/Controllers/LibraryController.cs index bf59febed..e094d2d77 100644 --- a/Jellyfin.Api/Controllers/LibraryController.cs +++ b/Jellyfin.Api/Controllers/LibraryController.cs @@ -15,6 +15,7 @@ using Jellyfin.Api.Models.LibraryDtos; using Jellyfin.Data.Entities; using Jellyfin.Data.Enums; using Jellyfin.Extensions; +using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Progress; using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Dto; @@ -332,12 +333,26 @@ public class LibraryController : BaseJellyfinApiController [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult DeleteItem(Guid itemId) { + var isApiKey = User.GetIsApiKey(); + var userId = User.GetUserId(); + var user = !isApiKey && !userId.Equals(default) + ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException() + : null; + if (!isApiKey && user is null) + { + return Unauthorized("Unauthorized access"); + } + var item = _libraryManager.GetItemById(itemId); - var user = _userManager.GetUserById(User.GetUserId()); + if (item is null) + { + return NotFound(); + } - if (!item.CanDelete(user)) + if (user is not null && !item.CanDelete(user)) { return Unauthorized("Unauthorized access"); } @@ -361,26 +376,31 @@ public class LibraryController : BaseJellyfinApiController [Authorize] [ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status404NotFound)] public ActionResult DeleteItems([FromQuery, ModelBinder(typeof(CommaDelimitedArrayModelBinder))] Guid[] ids) { - if (ids.Length == 0) + var isApiKey = User.GetIsApiKey(); + var userId = User.GetUserId(); + var user = !isApiKey && !userId.Equals(default) + ? _userManager.GetUserById(userId) ?? throw new ResourceNotFoundException() + : null; + + if (!isApiKey && user is null) { - return NoContent(); + return Unauthorized("Unauthorized access"); } foreach (var i in ids) { var item = _libraryManager.GetItemById(i); - var user = _userManager.GetUserById(User.GetUserId()); - - if (!item.CanDelete(user)) + if (item is null) { - if (ids.Length > 1) - { - return Unauthorized("Unauthorized access"); - } + return NotFound(); + } - continue; + if (user is not null && !item.CanDelete(user)) + { + return Unauthorized("Unauthorized access"); } _libraryManager.DeleteItem( diff --git a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs index 013d19a9f..8998683a7 100644 --- a/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs +++ b/tests/Jellyfin.Server.Integration.Tests/Controllers/LibraryControllerTests.cs @@ -37,4 +37,27 @@ public sealed class LibraryControllerTests : IClassFixture