From 8fa7ff647a769a2dc4e6eecb349ff8abd4596c83 Mon Sep 17 00:00:00 2001 From: Bill Thornton Date: Wed, 29 May 2024 14:35:41 -0400 Subject: [PATCH] Defer standard authentication checks to DefaultAuthorizationHandler --- .../FirstTimeSetupHandler.cs | 10 +-------- .../FirstTimeSetupHandlerTests.cs | 21 ++++++++++--------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs index 9b4e2182c5..28b493fa6f 100644 --- a/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs +++ b/Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs @@ -32,16 +32,8 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy { context.Fail(); } - else if (!requirement.RequireAdmin && context.User.IsInRole(UserRoles.Guest)) - { - context.Fail(); - } - else - { - // Any user-specific checks are handled in the DefaultAuthorizationHandler. - context.Succeed(requirement); - } + // Any user-specific checks are handled in the DefaultAuthorizationHandler. return Task.CompletedTask; } } diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs index 2e6ffb5f6a..06c0c108ec 100644 --- a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs @@ -52,10 +52,10 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy } [Theory] - [InlineData(UserRoles.Administrator, true)] - [InlineData(UserRoles.Guest, false)] - [InlineData(UserRoles.User, false)] - public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed) + [InlineData(UserRoles.Administrator, false)] + [InlineData(UserRoles.Guest, true)] + [InlineData(UserRoles.User, true)] + public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldFail) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); var claims = TestHelpers.SetupUser( @@ -66,14 +66,14 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy var context = new AuthorizationHandlerContext(_requirements, claims, null); await _firstTimeSetupHandler.HandleAsync(context); - Assert.Equal(shouldSucceed, context.HasSucceeded); + Assert.Equal(shouldFail, context.HasFailed); } [Theory] - [InlineData(UserRoles.Administrator, true)] - [InlineData(UserRoles.Guest, false)] - [InlineData(UserRoles.User, true)] - public async Task ShouldRequireUserIfNotRequiresAdmin(string userRole, bool shouldSucceed) + [InlineData(UserRoles.Administrator)] + [InlineData(UserRoles.Guest)] + [InlineData(UserRoles.User)] + public async Task ShouldDeferIfNotRequiresAdmin(string userRole) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); var claims = TestHelpers.SetupUser( @@ -87,7 +87,8 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy null); await _firstTimeSetupHandler.HandleAsync(context); - Assert.Equal(shouldSucceed, context.HasSucceeded); + Assert.False(context.HasSucceeded); + Assert.False(context.HasFailed); } [Fact]