Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix FirstTimeSetupHandler failing for users and update tests

Browse Source
This commit is contained in:
Bill Thornton 2024-05-31 14:09:04 -04:00
parent a71e2d9f0a
commit 7221e7ca68
2 changed files with 77 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
View File

@ -25,19 +25,30 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
/// <inheritdoc /> /// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
{ {
// Succeed if the startup wizard / first time setup is not complete
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted) if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else if (context.User.IsInRole(UserRoles.Administrator))
// Succeed if user is admin or api key
else if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
// Fail if admin is required and user is not admin
else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator)) else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
{ {
context.Fail(); context.Fail();
} }
// Succeed if admin is not required and user is not guest
else if (!requirement.RequireAdmin && context.User.IsInRole(UserRoles.User))
{
context.Succeed(requirement);
}
// Any user-specific checks are handled in the DefaultAuthorizationHandler. // Any user-specific checks are handled in the DefaultAuthorizationHandler.
return Task.CompletedTask; return Task.CompletedTask;
} }

99
tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
View File

@ -1,14 +1,19 @@
using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Security.Claims; using System.Security.Claims;
using System.Threading.Tasks; using System.Threading.Tasks;
using AutoFixture; using AutoFixture;
using AutoFixture.AutoMoq; using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupPolicy; using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Configuration;
using MediaBrowser.Controller.Library; using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Moq; using Moq;
using Xunit; using Xunit;
@ -18,7 +23,9 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
{ {
private readonly Mock<IConfigurationManager> _configurationManagerMock; private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements; private readonly List<IAuthorizationRequirement> _requirements;
private readonly DefaultAuthorizationHandler _defaultAuthorizationHandler;
private readonly FirstTimeSetupHandler _firstTimeSetupHandler; private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
private readonly IAuthorizationService _authorizationService;
private readonly Mock<IUserManager> _userManagerMock; private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor; private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
@ -31,6 +38,21 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>(); _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
_firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>(); _firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
_defaultAuthorizationHandler = fixture.Create<DefaultAuthorizationHandler>();
var services = new ServiceCollection();
services.AddAuthorizationCore();
services.AddLogging();
services.AddOptions();
services.AddSingleton<IAuthorizationHandler>(_defaultAuthorizationHandler);
services.AddSingleton<IAuthorizationHandler>(_firstTimeSetupHandler);
services.AddAuthorization(options =>
{
options.AddPolicy("FirstTime", policy => policy.Requirements.Add(new FirstTimeSetupRequirement()));
options.AddPolicy("FirstTimeNoAdmin", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(false, false)));
options.AddPolicy("FirstTimeSchedule", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(true, false)));
});
_authorizationService = services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
} }
[Theory] [Theory]
@ -45,17 +67,33 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
_httpContextAccessor, _httpContextAccessor,
userRole); userRole);
var context = new AuthorizationHandlerContext(_requirements, claims, null); var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
await _firstTimeSetupHandler.HandleAsync(context); Assert.True(allowed.Succeeded);
Assert.True(context.HasSucceeded);
} }
[Theory] [Theory]
[InlineData(UserRoles.Administrator, false)] [InlineData(UserRoles.Administrator, true)]
[InlineData(UserRoles.Guest, true)] [InlineData(UserRoles.Guest, false)]
[InlineData(UserRoles.User, false)]
public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
userRole);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
Assert.Equal(shouldSucceed, allowed.Succeeded);
}
[Theory]
[InlineData(UserRoles.Administrator, true)]
[InlineData(UserRoles.Guest, false)]
[InlineData(UserRoles.User, true)] [InlineData(UserRoles.User, true)]
public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldFail) public async Task ShouldRequireUserIfNotAdministrator(string userRole, bool shouldSucceed)
{ {
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser( var claims = TestHelpers.SetupUser(
@ -63,32 +101,9 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
_httpContextAccessor, _httpContextAccessor,
userRole); userRole);
var context = new AuthorizationHandlerContext(_requirements, claims, null); var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeNoAdmin");
await _firstTimeSetupHandler.HandleAsync(context); Assert.Equal(shouldSucceed, allowed.Succeeded);
Assert.Equal(shouldFail, context.HasFailed);
}
[Theory]
[InlineData(UserRoles.Administrator)]
[InlineData(UserRoles.Guest)]
[InlineData(UserRoles.User)]
public async Task ShouldDeferIfNotRequiresAdmin(string userRole)
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
userRole);
var context = new AuthorizationHandlerContext(
new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement(false, false) },
claims,
null);
await _firstTimeSetupHandler.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.False(context.HasFailed);
} }
[Fact] [Fact]
@ -96,10 +111,26 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
{ {
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)])); var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)]));
var context = new AuthorizationHandlerContext(_requirements, claims, null);
await _firstTimeSetupHandler.HandleAsync(context); var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
Assert.True(context.HasSucceeded); Assert.True(allowed.Succeeded);
}
[Fact]
public async Task ShouldDisallowUserIfOutsideSchedule()
{
AccessSchedule[] accessSchedules = { new AccessSchedule(DynamicDayOfWeek.Everyday, 0, 0, Guid.Empty) };
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
UserRoles.User,
accessSchedules);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeSchedule");
Assert.False(allowed.Succeeded);
} }
} }
} }