Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Use proper IsApiKey flag

Browse Source
This commit is contained in:
crobibero 2020-10-28 08:40:11 -06:00
parent d5c226b1c3
commit 981f000437
6 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
View File

@ -183,6 +183,12 @@ namespace Emby.Server.Implementations.HttpServer.Security
originalAuthenticationInfo.UserName = authInfo.User.Username; originalAuthenticationInfo.UserName = authInfo.User.Username;
updateToken = true; updateToken = true;
} }
authInfo.IsApiKey = true;
}
else
{
authInfo.IsApiKey = false;
} }
if (updateToken) if (updateToken)

16
Jellyfin.Api/Auth/BaseAuthorizationHandler.cs
View File

@ -1,5 +1,4 @@
using System; using System.Security.Claims;
using System.Security.Claims;
using Jellyfin.Api.Helpers; using Jellyfin.Api.Helpers;
using Jellyfin.Data.Enums; using Jellyfin.Data.Enums;
using MediaBrowser.Common.Extensions; using MediaBrowser.Common.Extensions;
@ -51,6 +50,13 @@ namespace Jellyfin.Api.Auth
bool localAccessOnly = false, bool localAccessOnly = false,
bool requiredDownloadPermission = false) bool requiredDownloadPermission = false)
{ {
// ApiKey is currently global admin, always allow.
var isApiKey = ClaimHelpers.GetIsApiKey(claimsPrincipal);
if (isApiKey)
{
return true;
}
// Ensure claim has userId. // Ensure claim has userId.
var userId = ClaimHelpers.GetUserId(claimsPrincipal); var userId = ClaimHelpers.GetUserId(claimsPrincipal);
if (!userId.HasValue) if (!userId.HasValue)
@ -58,12 +64,6 @@ namespace Jellyfin.Api.Auth
return false; return false;
} }
// UserId of Guid.Empty means token is an apikey.
if (userId.Equals(Guid.Empty))
{
return true;
}
// Ensure userId links to a valid user. // Ensure userId links to a valid user.
var user = _userManager.GetUserById(userId.Value); var user = _userManager.GetUserById(userId.Value);
if (user == null) if (user == null)

5
Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
View File

@ -1,4 +1,3 @@
using System;
using System.Globalization; using System.Globalization;
using System.Security.Authentication; using System.Security.Authentication;
using System.Security.Claims; using System.Security.Claims;
@ -45,8 +44,7 @@ namespace Jellyfin.Api.Auth
{ {
var authorizationInfo = _authService.Authenticate(Request); var authorizationInfo = _authService.Authenticate(Request);
var role = UserRoles.User; var role = UserRoles.User;
// UserId of Guid.Empty means token is an apikey. if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
if (authorizationInfo.UserId.Equals(Guid.Empty) || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
{ {
role = UserRoles.Administrator; role = UserRoles.Administrator;
} }
@ -61,6 +59,7 @@ namespace Jellyfin.Api.Auth
new Claim(InternalClaimTypes.Client, authorizationInfo.Client), new Claim(InternalClaimTypes.Client, authorizationInfo.Client),
new Claim(InternalClaimTypes.Version, authorizationInfo.Version), new Claim(InternalClaimTypes.Version, authorizationInfo.Version),
new Claim(InternalClaimTypes.Token, authorizationInfo.Token), new Claim(InternalClaimTypes.Token, authorizationInfo.Token),
new Claim(InternalClaimTypes.IsApiKey, authorizationInfo.IsApiKey.ToString(CultureInfo.InvariantCulture))
}; };
var identity = new ClaimsIdentity(claims, Scheme.Name); var identity = new ClaimsIdentity(claims, Scheme.Name);

5
Jellyfin.Api/Constants/InternalClaimTypes.cs
View File

@ -34,5 +34,10 @@
/// Token. /// Token.
/// </summary> /// </summary>
public const string Token = "Jellyfin-Token"; public const string Token = "Jellyfin-Token";
/// <summary>
/// Is Api Key.
/// </summary>
public const string IsApiKey = "Jellyfin-IsApiKey";
} }
} }

13
Jellyfin.Api/Helpers/ClaimHelpers.cs
View File

@ -63,6 +63,19 @@ namespace Jellyfin.Api.Helpers
public static string? GetToken(in ClaimsPrincipal user) public static string? GetToken(in ClaimsPrincipal user)
=> GetClaimValue(user, InternalClaimTypes.Token); => GetClaimValue(user, InternalClaimTypes.Token);
/// <summary>
/// Gets a flag specifying whether the request is using an api key.
/// </summary>
/// <param name="user">Current claims principal.</param>
/// <returns>The flag specifying whether the request is using an api key.</returns>
public static bool GetIsApiKey(in ClaimsPrincipal user)
{
var claimValue = GetClaimValue(user, InternalClaimTypes.IsApiKey);
return !string.IsNullOrEmpty(claimValue)
&& bool.TryParse(claimValue, out var parsedClaimValue)
&& parsedClaimValue;
}
private static string? GetClaimValue(in ClaimsPrincipal user, string name) private static string? GetClaimValue(in ClaimsPrincipal user, string name)
{ {
return user?.Identities return user?.Identities

13
MediaBrowser.Controller/Net/AuthorizationInfo.cs
View File

@ -1,10 +1,11 @@
#pragma warning disable CS1591
using System; using System;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
namespace MediaBrowser.Controller.Net namespace MediaBrowser.Controller.Net
{ {
/// <summary>
/// The request authorization info.
/// </summary>
public class AuthorizationInfo public class AuthorizationInfo
{ {
/// <summary> /// <summary>
@ -43,6 +44,14 @@ namespace MediaBrowser.Controller.Net
/// <value>The token.</value> /// <value>The token.</value>
public string Token { get; set; } public string Token { get; set; }
/// <summary>
/// Gets or sets a value indicating whether the authorization is from an api key.
/// </summary>
public bool IsApiKey { get; set; }
/// <summary>
/// Gets or sets the user making the request.
/// </summary>
public User User { get; set; } public User User { get; set; }
} }
} }