From 3f651de24c76f9980fac690e51fa93b3d1163f72 Mon Sep 17 00:00:00 2001 From: Claus Vium Date: Sat, 23 Nov 2019 16:31:02 +0100 Subject: Add authentication and remove versioning --- Jellyfin.Api/Auth/CustomAuthenticationHandler.cs | 53 ++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 Jellyfin.Api/Auth/CustomAuthenticationHandler.cs (limited to 'Jellyfin.Api/Auth/CustomAuthenticationHandler.cs') diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs new file mode 100644 index 000000000..bb6192b03 --- /dev/null +++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs @@ -0,0 +1,53 @@ +using System.Security.Claims; +using System.Text.Encodings.Web; +using System.Threading.Tasks; +using MediaBrowser.Controller.Net; +using Microsoft.AspNetCore.Authentication; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; + +namespace Jellyfin.Api.Auth +{ + public class CustomAuthenticationHandler : AuthenticationHandler + { + private readonly IAuthService _authService; + + public CustomAuthenticationHandler( + IAuthService authService, + IOptionsMonitor options, + ILoggerFactory logger, + UrlEncoder encoder, + ISystemClock clock) : base(options, logger, encoder, clock) + { + _authService = authService; + } + + protected override Task HandleAuthenticateAsync() + { + var authenticatedAttribute = new AuthenticatedAttribute(); + try + { + var user = _authService.Authenticate(Request, authenticatedAttribute); + if (user == null) + { + return Task.FromResult(AuthenticateResult.Fail("Invalid user")); + } + + var claims = new[] + { + new Claim(ClaimTypes.Name, user.Name), + new Claim(ClaimTypes.Role, user.Policy.IsAdministrator ? "Administrator" : "User"), + }; + var identity = new ClaimsIdentity(claims, Scheme.Name); + var principal = new ClaimsPrincipal(identity); + var ticket = new AuthenticationTicket(principal, Scheme.Name); + + return Task.FromResult(AuthenticateResult.Success(ticket)); + } + catch (SecurityException ex) + { + return Task.FromResult(AuthenticateResult.Fail(ex)); + } + } + } +} -- cgit v1.2.3 From c2cdbc909ba8371261bb88b5dd313262be755fa3 Mon Sep 17 00:00:00 2001 From: Claus Vium Date: Sat, 23 Nov 2019 20:31:17 +0100 Subject: Add style rules and fix it all --- Jellyfin.Api/Auth/CustomAuthenticationHandler.cs | 17 +++++++++- .../FirstTimeSetupOrElevatedHandler.cs | 14 ++++++-- .../FirstTimeSetupOrElevatedRequirement.cs | 3 ++ .../RequiresElevationHandler.cs | 7 +++- .../RequiresElevationRequirement.cs | 4 ++- Jellyfin.Api/BaseJellyfinApiController.cs | 4 ++- Jellyfin.Api/Controllers/StartupController.cs | 37 +++++++++++++++++++++- Jellyfin.Api/Enums/UserRole.cs | 23 ++++++++++++++ .../Extensions/ApiApplicationBuilderExtensions.cs | 8 +++++ .../Extensions/ApiServiceCollectionExtensions.cs | 26 ++++++++++++++- Jellyfin.Api/Jellyfin.Api.csproj | 14 ++++++++ .../Models/Startup/StartupConfigurationDto.cs | 14 ++++++++ Jellyfin.Api/Models/Startup/StartupUserDto.cs | 10 ++++++ Jellyfin.Api/MvcRoutePrefix.cs | 10 +++++- 14 files changed, 181 insertions(+), 10 deletions(-) create mode 100644 Jellyfin.Api/Enums/UserRole.cs (limited to 'Jellyfin.Api/Auth/CustomAuthenticationHandler.cs') diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs index bb6192b03..a753d6083 100644 --- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs +++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs @@ -1,6 +1,7 @@ using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; +using Jellyfin.Api.Enums; using MediaBrowser.Controller.Net; using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Logging; @@ -8,10 +9,21 @@ using Microsoft.Extensions.Options; namespace Jellyfin.Api.Auth { + /// + /// Custom authentication handler wrapping the legacy authentication. + /// public class CustomAuthenticationHandler : AuthenticationHandler { private readonly IAuthService _authService; + /// + /// Initializes a new instance of the class. + /// + /// The jellyfin authentication service. + /// Options monitor. + /// The logger. + /// The url encoder. + /// The system clock. public CustomAuthenticationHandler( IAuthService authService, IOptionsMonitor options, @@ -22,6 +34,7 @@ namespace Jellyfin.Api.Auth _authService = authService; } + /// protected override Task HandleAuthenticateAsync() { var authenticatedAttribute = new AuthenticatedAttribute(); @@ -36,7 +49,9 @@ namespace Jellyfin.Api.Auth var claims = new[] { new Claim(ClaimTypes.Name, user.Name), - new Claim(ClaimTypes.Role, user.Policy.IsAdministrator ? "Administrator" : "User"), + new Claim( + ClaimTypes.Role, + value: user.Policy.IsAdministrator ? UserRole.Administrator.ToString() : UserRole.User.ToString()) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs index 73925cd61..f07e568de 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs @@ -1,27 +1,35 @@ using System.Threading.Tasks; +using Jellyfin.Api.Enums; using MediaBrowser.Common.Configuration; using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy { + /// + /// Authorization handler for requiring first time setup or elevated privileges. + /// public class FirstTimeSetupOrElevatedHandler : AuthorizationHandler { private readonly IConfigurationManager _configurationManager; + /// + /// Initializes a new instance of the class. + /// + /// The jellyfin configuration manager. public FirstTimeSetupOrElevatedHandler(IConfigurationManager configurationManager) { _configurationManager = configurationManager; } - protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement firstTimeSetupOrElevatedRequirement) + /// + protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupOrElevatedRequirement firstTimeSetupOrElevatedRequirement) { if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted) { context.Succeed(firstTimeSetupOrElevatedRequirement); } - else if (context.User.IsInRole("Administrator")) + else if (context.User.IsInRole(UserRole.Administrator.ToString())) { - // TODO user role enum context.Succeed(firstTimeSetupOrElevatedRequirement); } else diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs index 42436c870..a59015542 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedRequirement.cs @@ -2,6 +2,9 @@ using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy { + /// + /// The authorization requirement, requiring first time setup or elevated privileges, for the authorization handler. + /// public class FirstTimeSetupOrElevatedRequirement : IAuthorizationRequirement { } diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs index 694827458..8674f3e26 100644 --- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs +++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs @@ -1,13 +1,18 @@ using System.Threading.Tasks; +using Jellyfin.Api.Enums; using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.RequiresElevationPolicy { + /// + /// Authorization handler for requiring elevated privileges. + /// public class RequiresElevationHandler : AuthorizationHandler { + /// protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement) { - if (context.User.IsInRole("Administrator")) + if (context.User.IsInRole(UserRole.Administrator.ToString())) { context.Succeed(requirement); } diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs index dd51cd3c2..cfff1cc0c 100644 --- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs +++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationRequirement.cs @@ -2,8 +2,10 @@ using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.RequiresElevationPolicy { + /// + /// The authorization requirement for requiring elevated privileges in the authorization handler. + /// public class RequiresElevationRequirement : IAuthorizationRequirement { - } } diff --git a/Jellyfin.Api/BaseJellyfinApiController.cs b/Jellyfin.Api/BaseJellyfinApiController.cs index 796a8039a..1f4508e6c 100644 --- a/Jellyfin.Api/BaseJellyfinApiController.cs +++ b/Jellyfin.Api/BaseJellyfinApiController.cs @@ -2,10 +2,12 @@ using Microsoft.AspNetCore.Mvc; namespace Jellyfin.Api { + /// + /// Base api controller for the API setting a default route. + /// [ApiController] [Route("[controller]")] public class BaseJellyfinApiController : ControllerBase { - } } diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs index 271745e05..0e7d17a27 100644 --- a/Jellyfin.Api/Controllers/StartupController.cs +++ b/Jellyfin.Api/Controllers/StartupController.cs @@ -8,18 +8,29 @@ using Microsoft.AspNetCore.Mvc; namespace Jellyfin.Api.Controllers { + /// + /// The startup wizard controller. + /// [Authorize(Policy = "FirstTimeSetupOrElevated")] public class StartupController : BaseJellyfinApiController { private readonly IServerConfigurationManager _config; private readonly IUserManager _userManager; + /// + /// Initializes a new instance of the class. + /// + /// The server configuration manager. + /// The user manager. public StartupController(IServerConfigurationManager config, IUserManager userManager) { _config = config; _userManager = userManager; } + /// + /// Api endpoint for completing the startup wizard. + /// [HttpPost("Complete")] public void CompleteWizard() { @@ -28,6 +39,10 @@ namespace Jellyfin.Api.Controllers _config.SaveConfiguration(); } + /// + /// Endpoint for getting the initial startup wizard configuration. + /// + /// The initial startup wizard configuration. [HttpGet("Configuration")] public StartupConfigurationDto GetStartupConfiguration() { @@ -41,6 +56,12 @@ namespace Jellyfin.Api.Controllers return result; } + /// + /// Endpoint for updating the initial startup wizard configuration. + /// + /// The UI language culture. + /// The metadata country code. + /// The preferred language for metadata. [HttpPost("Configuration")] public void UpdateInitialConfiguration( [FromForm] string uiCulture, @@ -53,6 +74,11 @@ namespace Jellyfin.Api.Controllers _config.SaveConfiguration(); } + /// + /// Endpoint for (dis)allowing remote access and UPnP. + /// + /// Enable remote access. + /// Enable UPnP. [HttpPost("RemoteAccess")] public void SetRemoteAccess([FromForm] bool enableRemoteAccess, [FromForm] bool enableAutomaticPortMapping) { @@ -61,8 +87,12 @@ namespace Jellyfin.Api.Controllers _config.SaveConfiguration(); } + /// + /// Endpoint for returning the first user. + /// + /// The first user. [HttpGet("User")] - public StartupUserDto GetUser() + public StartupUserDto GetFirstUser() { var user = _userManager.Users.First(); @@ -73,6 +103,11 @@ namespace Jellyfin.Api.Controllers }; } + /// + /// Endpoint for updating the user name and password. + /// + /// The DTO containing username and password. + /// The async task. [HttpPost("User")] public async Task UpdateUser([FromForm] StartupUserDto startupUserDto) { diff --git a/Jellyfin.Api/Enums/UserRole.cs b/Jellyfin.Api/Enums/UserRole.cs new file mode 100644 index 000000000..05826d9f4 --- /dev/null +++ b/Jellyfin.Api/Enums/UserRole.cs @@ -0,0 +1,23 @@ +namespace Jellyfin.Api.Enums +{ + /// + /// Enum for user roles used in the authentication and authorization for the API. + /// + public enum UserRole + { + /// + /// Guest user. + /// + Guest = 0, + + /// + /// Regular user with no special privileges. + /// + User = 1, + + /// + /// Administrator user with elevated privileges. + /// + Administrator = 2 + } +} diff --git a/Jellyfin.Api/Extensions/ApiApplicationBuilderExtensions.cs b/Jellyfin.Api/Extensions/ApiApplicationBuilderExtensions.cs index 18442bf27..f70466ebe 100644 --- a/Jellyfin.Api/Extensions/ApiApplicationBuilderExtensions.cs +++ b/Jellyfin.Api/Extensions/ApiApplicationBuilderExtensions.cs @@ -2,8 +2,16 @@ using Microsoft.AspNetCore.Builder; namespace Jellyfin.Api.Extensions { + /// + /// Extensions for adding API specific functionality to the application pipeline. + /// public static class ApiApplicationBuilderExtensions { + /// + /// Adds swagger and swagger UI to the application pipeline. + /// + /// The application builder. + /// The updated application builder. public static IApplicationBuilder UseJellyfinApiSwagger(this IApplicationBuilder applicationBuilder) { applicationBuilder.UseSwagger(); diff --git a/Jellyfin.Api/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Api/Extensions/ApiServiceCollectionExtensions.cs index 1c682f8e4..38f5f6d39 100644 --- a/Jellyfin.Api/Extensions/ApiServiceCollectionExtensions.cs +++ b/Jellyfin.Api/Extensions/ApiServiceCollectionExtensions.cs @@ -1,4 +1,3 @@ -using Emby.Server.Implementations; using Jellyfin.Api.Auth; using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy; using Jellyfin.Api.Auth.RequiresElevationPolicy; @@ -12,8 +11,16 @@ using Microsoft.OpenApi.Models; namespace Jellyfin.Api.Extensions { + /// + /// API specific extensions for the service collection. + /// public static class ApiServiceCollectionExtensions { + /// + /// Adds jellyfin API authorization policies to the DI container. + /// + /// The service collection. + /// The updated service collection. public static IServiceCollection AddJellyfinApiAuthorization(this IServiceCollection serviceCollection) { serviceCollection.AddSingleton(); @@ -37,12 +44,23 @@ namespace Jellyfin.Api.Extensions }); } + /// + /// Adds custom legacy authentication to the service collection. + /// + /// The service collection. + /// The updated service collection. public static AuthenticationBuilder AddCustomAuthentication(this IServiceCollection serviceCollection) { return serviceCollection.AddAuthentication("CustomAuthentication") .AddScheme("CustomAuthentication", null); } + /// + /// Extension method for adding the jellyfin API to the service collection. + /// + /// The service collection. + /// The base url for the API. + /// The MVC builder. public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl) { return serviceCollection.AddMvc(opts => @@ -55,12 +73,18 @@ namespace Jellyfin.Api.Extensions opts.UseGeneralRoutePrefix(baseUrl); }) .SetCompatibilityVersion(CompatibilityVersion.Version_2_2) + // Clear app parts to avoid other assemblies being picked up .ConfigureApplicationPartManager(a => a.ApplicationParts.Clear()) .AddApplicationPart(typeof(StartupController).Assembly) .AddControllersAsServices(); } + /// + /// Adds Swagger to the service collection. + /// + /// The service collection. + /// The updated service collection. public static IServiceCollection AddJellyfinApiSwagger(this IServiceCollection serviceCollection) { return serviceCollection.AddSwaggerGen(c => diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj index d77861cc4..1cc23c07b 100644 --- a/Jellyfin.Api/Jellyfin.Api.csproj +++ b/Jellyfin.Api/Jellyfin.Api.csproj @@ -2,6 +2,8 @@ netstandard2.1 + true + true @@ -15,4 +17,16 @@ + + + + + + + + + + ../jellyfin.ruleset + + diff --git a/Jellyfin.Api/Models/Startup/StartupConfigurationDto.cs b/Jellyfin.Api/Models/Startup/StartupConfigurationDto.cs index 769d2e1bb..dac15e412 100644 --- a/Jellyfin.Api/Models/Startup/StartupConfigurationDto.cs +++ b/Jellyfin.Api/Models/Startup/StartupConfigurationDto.cs @@ -1,9 +1,23 @@ namespace Jellyfin.Api.Models.Startup { + /// + /// The startup configuration DTO. + /// public class StartupConfigurationDto { + /// + /// Gets or sets UI language culture. + /// public string UICulture { get; set; } + + /// + /// Gets or sets the metadata country code. + /// public string MetadataCountryCode { get; set; } + + /// + /// Gets or sets the preferred language for the metadata. + /// public string PreferredMetadataLanguage { get; set; } } } diff --git a/Jellyfin.Api/Models/Startup/StartupUserDto.cs b/Jellyfin.Api/Models/Startup/StartupUserDto.cs index c7c2e8cb0..7e890d76a 100644 --- a/Jellyfin.Api/Models/Startup/StartupUserDto.cs +++ b/Jellyfin.Api/Models/Startup/StartupUserDto.cs @@ -1,8 +1,18 @@ namespace Jellyfin.Api.Models.Startup { + /// + /// The startup user DTO. + /// public class StartupUserDto { + /// + /// Gets or sets the username. + /// public string Name { get; set; } + + /// + /// Gets or sets the user's password. + /// public string Password { get; set; } } } diff --git a/Jellyfin.Api/MvcRoutePrefix.cs b/Jellyfin.Api/MvcRoutePrefix.cs index 974a2a885..e00973094 100644 --- a/Jellyfin.Api/MvcRoutePrefix.cs +++ b/Jellyfin.Api/MvcRoutePrefix.cs @@ -3,10 +3,18 @@ using System.Linq; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.ApplicationModels; -namespace Emby.Server.Implementations +namespace Jellyfin.Api { + /// + /// Route prefixing for ASP.NET MVC. + /// public static class MvcRoutePrefix { + /// + /// Adds route prefixes to the MVC conventions. + /// + /// The MVC options. + /// The list of prefixes. public static void UseGeneralRoutePrefix(this MvcOptions opts, params string[] prefixes) { opts.Conventions.Insert(0, new RoutePrefixConvention(prefixes)); -- cgit v1.2.3 From 2af5922af06c865d676e817112ef76a92a23e1b6 Mon Sep 17 00:00:00 2001 From: Claus Vium Date: Sun, 24 Nov 2019 18:25:43 +0100 Subject: Fix review comments --- Emby.Server.Implementations/ApplicationHost.cs | 7 +++++-- .../HttpServer/Security/AuthService.cs | 4 ++-- Jellyfin.Api/Auth/CustomAuthenticationHandler.cs | 4 ++-- .../FirstTimeSetupOrElevatedHandler.cs | 4 ++-- .../RequiresElevationHandler.cs | 4 ++-- Jellyfin.Api/Constants/UserRole.cs | 23 ++++++++++++++++++++++ Jellyfin.Api/Enums/UserRole.cs | 23 ---------------------- Jellyfin.Api/Jellyfin.Api.csproj | 2 +- 8 files changed, 37 insertions(+), 34 deletions(-) create mode 100644 Jellyfin.Api/Constants/UserRole.cs delete mode 100644 Jellyfin.Api/Enums/UserRole.cs (limited to 'Jellyfin.Api/Auth/CustomAuthenticationHandler.cs') diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs index 3b9ea4121..4fd08258a 100644 --- a/Emby.Server.Implementations/ApplicationHost.cs +++ b/Emby.Server.Implementations/ApplicationHost.cs @@ -231,7 +231,10 @@ namespace Emby.Server.Implementations } } - public IServiceProvider ServiceProvider; + /// + /// Gets or sets the service provider. + /// + public IServiceProvider ServiceProvider { get; set; } /// /// Gets the server configuration manager. @@ -835,7 +838,7 @@ namespace Emby.Server.Implementations serviceCollection.AddSingleton(authContext); serviceCollection.AddSingleton(new SessionContext(UserManager, authContext, SessionManager)); - AuthService = new AuthService(LoggerFactory, authContext, ServerConfigurationManager, SessionManager, NetworkManager); + AuthService = new AuthService(LoggerFactory.CreateLogger(), authContext, ServerConfigurationManager, SessionManager, NetworkManager); serviceCollection.AddSingleton(AuthService); SubtitleEncoder = new MediaBrowser.MediaEncoding.Subtitles.SubtitleEncoder(LibraryManager, LoggerFactory, ApplicationPaths, FileSystemManager, MediaEncoder, JsonSerializer, HttpClient, MediaSourceManager, ProcessFactory); diff --git a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs index 81dab83d5..594f46498 100644 --- a/Emby.Server.Implementations/HttpServer/Security/AuthService.cs +++ b/Emby.Server.Implementations/HttpServer/Security/AuthService.cs @@ -22,13 +22,13 @@ namespace Emby.Server.Implementations.HttpServer.Security private readonly INetworkManager _networkManager; public AuthService( - ILoggerFactory loggerFactory, + ILogger logger, IAuthorizationContext authorizationContext, IServerConfigurationManager config, ISessionManager sessionManager, INetworkManager networkManager) { - _logger = loggerFactory.CreateLogger(); + _logger = logger; _authorizationContext = authorizationContext; _config = config; _sessionManager = sessionManager; diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs index a753d6083..6ca992c61 100644 --- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs +++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs @@ -1,7 +1,7 @@ using System.Security.Claims; using System.Text.Encodings.Web; using System.Threading.Tasks; -using Jellyfin.Api.Enums; +using Jellyfin.Api.Constants; using MediaBrowser.Controller.Net; using Microsoft.AspNetCore.Authentication; using Microsoft.Extensions.Logging; @@ -51,7 +51,7 @@ namespace Jellyfin.Api.Auth new Claim(ClaimTypes.Name, user.Name), new Claim( ClaimTypes.Role, - value: user.Policy.IsAdministrator ? UserRole.Administrator.ToString() : UserRole.User.ToString()) + value: user.Policy.IsAdministrator ? UserRole.Administrator : UserRole.User) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs index f07e568de..2450e7bc7 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs @@ -1,5 +1,5 @@ using System.Threading.Tasks; -using Jellyfin.Api.Enums; +using Jellyfin.Api.Constants; using MediaBrowser.Common.Configuration; using Microsoft.AspNetCore.Authorization; @@ -28,7 +28,7 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy { context.Succeed(firstTimeSetupOrElevatedRequirement); } - else if (context.User.IsInRole(UserRole.Administrator.ToString())) + else if (context.User.IsInRole(UserRole.Administrator)) { context.Succeed(firstTimeSetupOrElevatedRequirement); } diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs index 8674f3e26..108c29a2c 100644 --- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs +++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs @@ -1,5 +1,5 @@ using System.Threading.Tasks; -using Jellyfin.Api.Enums; +using Jellyfin.Api.Constants; using Microsoft.AspNetCore.Authorization; namespace Jellyfin.Api.Auth.RequiresElevationPolicy @@ -12,7 +12,7 @@ namespace Jellyfin.Api.Auth.RequiresElevationPolicy /// protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement) { - if (context.User.IsInRole(UserRole.Administrator.ToString())) + if (context.User.IsInRole(UserRole.Administrator)) { context.Succeed(requirement); } diff --git a/Jellyfin.Api/Constants/UserRole.cs b/Jellyfin.Api/Constants/UserRole.cs new file mode 100644 index 000000000..b1da61557 --- /dev/null +++ b/Jellyfin.Api/Constants/UserRole.cs @@ -0,0 +1,23 @@ +namespace Jellyfin.Api.Constants +{ + /// + /// Constants for user roles used in the authentication and authorization for the API. + /// + public static class UserRole + { + /// + /// Guest user. + /// + public const string Guest = "Guest"; + + /// + /// Regular user with no special privileges. + /// + public const string User = "User"; + + /// + /// Administrator user with elevated privileges. + /// + public const string Administrator = "Administrator"; + } +} diff --git a/Jellyfin.Api/Enums/UserRole.cs b/Jellyfin.Api/Enums/UserRole.cs deleted file mode 100644 index 05826d9f4..000000000 --- a/Jellyfin.Api/Enums/UserRole.cs +++ /dev/null @@ -1,23 +0,0 @@ -namespace Jellyfin.Api.Enums -{ - /// - /// Enum for user roles used in the authentication and authorization for the API. - /// - public enum UserRole - { - /// - /// Guest user. - /// - Guest = 0, - - /// - /// Regular user with no special privileges. - /// - User = 1, - - /// - /// Administrator user with elevated privileges. - /// - Administrator = 2 - } -} diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj index 1cc23c07b..6ad97b60f 100644 --- a/Jellyfin.Api/Jellyfin.Api.csproj +++ b/Jellyfin.Api/Jellyfin.Api.csproj @@ -19,7 +19,7 @@ - + -- cgit v1.2.3 From 47a4f2f387825d9c249c53b3796a43e3eac52b58 Mon Sep 17 00:00:00 2001 From: Claus Vium Date: Sun, 24 Nov 2019 19:25:46 +0100 Subject: Fix more review comments --- Emby.Server.Implementations/ApplicationHost.cs | 21 ++++++++++++++------ Jellyfin.Api/Auth/CustomAuthenticationHandler.cs | 2 +- .../FirstTimeSetupOrElevatedHandler.cs | 2 +- .../RequiresElevationHandler.cs | 2 +- Jellyfin.Api/Constants/AuthenticationSchemes.cs | 13 ++++++++++++ Jellyfin.Api/Constants/Policies.cs | 18 +++++++++++++++++ Jellyfin.Api/Constants/UserRole.cs | 23 ---------------------- Jellyfin.Api/Constants/UserRoles.cs | 23 ++++++++++++++++++++++ Jellyfin.Api/Controllers/StartupController.cs | 3 ++- Jellyfin.Api/Jellyfin.Api.csproj | 6 +++--- .../Extensions/ApiServiceCollectionExtensions.cs | 13 ++++++------ 11 files changed, 84 insertions(+), 42 deletions(-) create mode 100644 Jellyfin.Api/Constants/AuthenticationSchemes.cs create mode 100644 Jellyfin.Api/Constants/Policies.cs delete mode 100644 Jellyfin.Api/Constants/UserRole.cs create mode 100644 Jellyfin.Api/Constants/UserRoles.cs (limited to 'Jellyfin.Api/Auth/CustomAuthenticationHandler.cs') diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs index 4fd08258a..c5f8b58c4 100644 --- a/Emby.Server.Implementations/ApplicationHost.cs +++ b/Emby.Server.Implementations/ApplicationHost.cs @@ -236,6 +236,21 @@ namespace Emby.Server.Implementations /// public IServiceProvider ServiceProvider { get; set; } + /// + /// Gets the http port for the webhost. + /// + public int HttpPort { get; private set; } + + /// + /// Gets the https port for the webhost. + /// + public int HttpsPort { get; private set; } + + /// + /// Gets the content root for the webhost. + /// + public string ContentRoot { get; private set; } + /// /// Gets the server configuration manager. /// @@ -1604,12 +1619,6 @@ namespace Emby.Server.Implementations ? Environment.MachineName : ServerConfigurationManager.Configuration.ServerName; - public int HttpPort { get; private set; } - - public int HttpsPort { get; private set; } - - public string ContentRoot { get; private set; } - /// /// Shuts down. /// diff --git a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs index 6ca992c61..26f7d9d2d 100644 --- a/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs +++ b/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs @@ -51,7 +51,7 @@ namespace Jellyfin.Api.Auth new Claim(ClaimTypes.Name, user.Name), new Claim( ClaimTypes.Role, - value: user.Policy.IsAdministrator ? UserRole.Administrator : UserRole.User) + value: user.Policy.IsAdministrator ? UserRoles.Administrator : UserRoles.User) }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); diff --git a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs index 2450e7bc7..34aa5d12c 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs @@ -28,7 +28,7 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy { context.Succeed(firstTimeSetupOrElevatedRequirement); } - else if (context.User.IsInRole(UserRole.Administrator)) + else if (context.User.IsInRole(UserRoles.Administrator)) { context.Succeed(firstTimeSetupOrElevatedRequirement); } diff --git a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs index 108c29a2c..2d3bb1aa4 100644 --- a/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs +++ b/Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs @@ -12,7 +12,7 @@ namespace Jellyfin.Api.Auth.RequiresElevationPolicy /// protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequiresElevationRequirement requirement) { - if (context.User.IsInRole(UserRole.Administrator)) + if (context.User.IsInRole(UserRoles.Administrator)) { context.Succeed(requirement); } diff --git a/Jellyfin.Api/Constants/AuthenticationSchemes.cs b/Jellyfin.Api/Constants/AuthenticationSchemes.cs new file mode 100644 index 000000000..bac3379e7 --- /dev/null +++ b/Jellyfin.Api/Constants/AuthenticationSchemes.cs @@ -0,0 +1,13 @@ +namespace Jellyfin.Api.Constants +{ + /// + /// Authentication schemes for user authentication in the API. + /// + public static class AuthenticationSchemes + { + /// + /// Scheme name for the custom legacy authentication. + /// + public const string CustomAuthentication = "CustomAuthentication"; + } +} diff --git a/Jellyfin.Api/Constants/Policies.cs b/Jellyfin.Api/Constants/Policies.cs new file mode 100644 index 000000000..e2b383f75 --- /dev/null +++ b/Jellyfin.Api/Constants/Policies.cs @@ -0,0 +1,18 @@ +namespace Jellyfin.Api.Constants +{ + /// + /// Policies for the API authorization. + /// + public static class Policies + { + /// + /// Policy name for requiring first time setup or elevated privileges. + /// + public const string FirstTimeSetupOrElevated = "FirstTimeOrElevated"; + + /// + /// Policy name for requiring elevated privileges. + /// + public const string RequiresElevation = "RequiresElevation"; + } +} diff --git a/Jellyfin.Api/Constants/UserRole.cs b/Jellyfin.Api/Constants/UserRole.cs deleted file mode 100644 index b1da61557..000000000 --- a/Jellyfin.Api/Constants/UserRole.cs +++ /dev/null @@ -1,23 +0,0 @@ -namespace Jellyfin.Api.Constants -{ - /// - /// Constants for user roles used in the authentication and authorization for the API. - /// - public static class UserRole - { - /// - /// Guest user. - /// - public const string Guest = "Guest"; - - /// - /// Regular user with no special privileges. - /// - public const string User = "User"; - - /// - /// Administrator user with elevated privileges. - /// - public const string Administrator = "Administrator"; - } -} diff --git a/Jellyfin.Api/Constants/UserRoles.cs b/Jellyfin.Api/Constants/UserRoles.cs new file mode 100644 index 000000000..d9a536e7d --- /dev/null +++ b/Jellyfin.Api/Constants/UserRoles.cs @@ -0,0 +1,23 @@ +namespace Jellyfin.Api.Constants +{ + /// + /// Constants for user roles used in the authentication and authorization for the API. + /// + public static class UserRoles + { + /// + /// Guest user. + /// + public const string Guest = "Guest"; + + /// + /// Regular user with no special privileges. + /// + public const string User = "User"; + + /// + /// Administrator user with elevated privileges. + /// + public const string Administrator = "Administrator"; + } +} diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs index 50f3dc83c..1014c8c56 100644 --- a/Jellyfin.Api/Controllers/StartupController.cs +++ b/Jellyfin.Api/Controllers/StartupController.cs @@ -1,5 +1,6 @@ using System.Linq; using System.Threading.Tasks; +using Jellyfin.Api.Constants; using Jellyfin.Api.Models.StartupDtos; using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Library; @@ -11,7 +12,7 @@ namespace Jellyfin.Api.Controllers /// /// The startup wizard controller. /// - [Authorize(Policy = "FirstTimeSetupOrElevated")] + [Authorize(Policy = Policies.FirstTimeSetupOrElevated)] public class StartupController : BaseJellyfinApiController { private readonly IServerConfigurationManager _config; diff --git a/Jellyfin.Api/Jellyfin.Api.csproj b/Jellyfin.Api/Jellyfin.Api.csproj index 6ad97b60f..a2818b45d 100644 --- a/Jellyfin.Api/Jellyfin.Api.csproj +++ b/Jellyfin.Api/Jellyfin.Api.csproj @@ -20,9 +20,9 @@ - - - + + + diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs index e5a8937e8..dd4f9cd23 100644 --- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs +++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs @@ -2,6 +2,7 @@ using Jellyfin.Api; using Jellyfin.Api.Auth; using Jellyfin.Api.Auth.FirstTimeSetupOrElevatedPolicy; using Jellyfin.Api.Auth.RequiresElevationPolicy; +using Jellyfin.Api.Constants; using Jellyfin.Api.Controllers; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; @@ -27,17 +28,17 @@ namespace Jellyfin.Server.Extensions return serviceCollection.AddAuthorizationCore(options => { options.AddPolicy( - "RequiresElevation", + Policies.RequiresElevation, policy => { - policy.AddAuthenticationSchemes("CustomAuthentication"); + policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication); policy.AddRequirements(new RequiresElevationRequirement()); }); options.AddPolicy( - "FirstTimeSetupOrElevated", + Policies.FirstTimeSetupOrElevated, policy => { - policy.AddAuthenticationSchemes("CustomAuthentication"); + policy.AddAuthenticationSchemes(AuthenticationSchemes.CustomAuthentication); policy.AddRequirements(new FirstTimeSetupOrElevatedRequirement()); }); }); @@ -50,8 +51,8 @@ namespace Jellyfin.Server.Extensions /// The updated service collection. public static AuthenticationBuilder AddCustomAuthentication(this IServiceCollection serviceCollection) { - return serviceCollection.AddAuthentication("CustomAuthentication") - .AddScheme("CustomAuthentication", null); + return serviceCollection.AddAuthentication(AuthenticationSchemes.CustomAuthentication) + .AddScheme(AuthenticationSchemes.CustomAuthentication, null); } /// -- cgit v1.2.3