Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-06-03 21:54:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Get userId from claim

Browse Source
This commit is contained in:
Matt Montgomery 2020-08-17 18:48:58 -05:00
parent 5f1a863241
commit 1ff4f8e6c6
1 changed files with 7 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Jellyfin.Api/Controllers/QuickConnectController.cs
View File

@ -1,9 +1,7 @@
using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.QuickConnect; using MediaBrowser.Controller.QuickConnect;
using MediaBrowser.Model.QuickConnect; using MediaBrowser.Model.QuickConnect;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
@ -18,19 +16,14 @@ namespace Jellyfin.Api.Controllers
public class QuickConnectController : BaseJellyfinApiController public class QuickConnectController : BaseJellyfinApiController
{ {
private readonly IQuickConnect _quickConnect; private readonly IQuickConnect _quickConnect;
private readonly IAuthorizationContext _authContext;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="QuickConnectController"/> class. /// Initializes a new instance of the <see cref="QuickConnectController"/> class.
/// </summary> /// </summary>
/// <param name="quickConnect">Instance of the <see cref="IQuickConnect"/> interface.</param> /// <param name="quickConnect">Instance of the <see cref="IQuickConnect"/> interface.</param>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param> public QuickConnectController(IQuickConnect quickConnect)
public QuickConnectController(
IQuickConnect quickConnect,
IAuthorizationContext authContext)
{ {
_quickConnect = quickConnect; _quickConnect = quickConnect;
_authContext = authContext;
} }
/// <summary> /// <summary>
@ -121,22 +114,22 @@ namespace Jellyfin.Api.Controllers
/// Authorizes a pending quick connect request. /// Authorizes a pending quick connect request.
/// </summary> /// </summary>
/// <param name="code">Quick connect code to authorize.</param> /// <param name="code">Quick connect code to authorize.</param>
/// <param name="userId">User id.</param>
/// <response code="200">Quick connect result authorized successfully.</response> /// <response code="200">Quick connect result authorized successfully.</response>
/// <response code="403">User is not allowed to authorize quick connect requests.</response> /// <response code="403">Unknown user id.</response>
/// <returns>Boolean indicating if the authorization was successful.</returns> /// <returns>Boolean indicating if the authorization was successful.</returns>
[HttpPost("Authorize")] [HttpPost("Authorize")]
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult<bool> Authorize([FromQuery, Required] string code, [FromQuery, Required] Guid userId) public ActionResult<bool> Authorize([FromQuery, Required] string code)
{ {
if (!RequestHelpers.AssertCanUpdateUser(_authContext, HttpContext.Request, userId, true)) var userId = ClaimHelpers.GetUserId(Request.HttpContext.User);
if (!userId.HasValue)
{ {
return Forbid("User is not allowed to authorize quick connect requests."); return Forbid("Unknown user id");
} }
return _quickConnect.AuthorizeRequest(userId, code); return _quickConnect.AuthorizeRequest(userId.Value, code);
} }
/// <summary> /// <summary>