Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-06-03 21:54:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7474 from nielsvanvelzen/api-secure

Browse Source
This commit is contained in:
Cody Robibero 2022-03-18 16:52:59 -06:00 committed by GitHub
commit 6a567e8c76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Jellyfin.Api/Controllers/DashboardController.cs
View File

@ -4,10 +4,12 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Net.Mime; using System.Net.Mime;
using Jellyfin.Api.Attributes; using Jellyfin.Api.Attributes;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Models; using Jellyfin.Api.Models;
using MediaBrowser.Common.Plugins; using MediaBrowser.Common.Plugins;
using MediaBrowser.Model.Net; using MediaBrowser.Model.Net;
using MediaBrowser.Model.Plugins; using MediaBrowser.Model.Plugins;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -46,6 +48,7 @@ namespace Jellyfin.Api.Controllers
[HttpGet("web/ConfigurationPages")] [HttpGet("web/ConfigurationPages")]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
[Authorize(Policy = Policies.DefaultAuthorization)]
public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages( public ActionResult<IEnumerable<ConfigurationPageInfo>> GetConfigurationPages(
[FromQuery] bool? enableInMainMenu) [FromQuery] bool? enableInMainMenu)
{ {

3
Jellyfin.Api/Controllers/UserViewsController.cs
View File

@ -4,6 +4,7 @@ using System.ComponentModel.DataAnnotations;
using System.Globalization; using System.Globalization;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Extensions; using Jellyfin.Api.Extensions;
using Jellyfin.Api.ModelBinders; using Jellyfin.Api.ModelBinders;
using Jellyfin.Api.Models.UserViewDtos; using Jellyfin.Api.Models.UserViewDtos;
@ -15,6 +16,7 @@ using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Entities; using MediaBrowser.Model.Entities;
using MediaBrowser.Model.Library; using MediaBrowser.Model.Library;
using MediaBrowser.Model.Querying; using MediaBrowser.Model.Querying;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
@ -24,6 +26,7 @@ namespace Jellyfin.Api.Controllers
/// User views controller. /// User views controller.
/// </summary> /// </summary>
[Route("")] [Route("")]
[Authorize(Policy = Policies.DefaultAuthorization)]
public class UserViewsController : BaseJellyfinApiController public class UserViewsController : BaseJellyfinApiController
{ {
private readonly IUserManager _userManager; private readonly IUserManager _userManager;

3
tests/Jellyfin.Server.Integration.Tests/Controllers/DashboardControllerTests.cs
View File

@ -14,6 +14,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
{ {
private readonly JellyfinApplicationFactory _factory; private readonly JellyfinApplicationFactory _factory;
private readonly JsonSerializerOptions _jsonOpions = JsonDefaults.Options; private readonly JsonSerializerOptions _jsonOpions = JsonDefaults.Options;
private static string? _accessToken;
public DashboardControllerTests(JellyfinApplicationFactory factory) public DashboardControllerTests(JellyfinApplicationFactory factory)
{ {
@ -57,6 +58,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
public async Task GetConfigurationPages_NoParams_AllConfigurationPages() public async Task GetConfigurationPages_NoParams_AllConfigurationPages()
{ {
var client = _factory.CreateClient(); var client = _factory.CreateClient();
client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
var response = await client.GetAsync("/web/ConfigurationPages").ConfigureAwait(false); var response = await client.GetAsync("/web/ConfigurationPages").ConfigureAwait(false);
@ -71,6 +73,7 @@ namespace Jellyfin.Server.Integration.Tests.Controllers
public async Task GetConfigurationPages_True_MainMenuConfigurationPages() public async Task GetConfigurationPages_True_MainMenuConfigurationPages()
{ {
var client = _factory.CreateClient(); var client = _factory.CreateClient();
client.DefaultRequestHeaders.AddAuthHeader(_accessToken ??= await AuthHelper.CompleteStartupAsync(client).ConfigureAwait(false));
var response = await client.GetAsync("/web/ConfigurationPages?enableInMainMenu=true").ConfigureAwait(false); var response = await client.GetAsync("/web/ConfigurationPages?enableInMainMenu=true").ConfigureAwait(false);