Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-07-09 03:04:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix FirstTimeSetupHandler not failing on invalid user if not in setup mode (#9747)

Browse Source
This commit is contained in:
Shadowghost 2023-05-10 22:05:27 +02:00 committed by GitHub
parent f0bf5c4998
commit d5fec4963e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
View File

@ -38,7 +38,15 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
return Task.CompletedTask; return Task.CompletedTask;
} }
if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator)) var contextUser = context.User;
if (requirement.RequireAdmin && !contextUser.IsInRole(UserRoles.Administrator))
{
context.Fail();
return Task.CompletedTask;
}
var userId = contextUser.GetUserId();
if (userId.Equals(default))
{ {
context.Fail(); context.Fail();
return Task.CompletedTask; return Task.CompletedTask;
@ -50,7 +58,7 @@ namespace Jellyfin.Api.Auth.FirstTimeSetupPolicy
return Task.CompletedTask; return Task.CompletedTask;
} }
var user = _userManager.GetUserById(context.User.GetUserId()); var user = _userManager.GetUserById(userId);
if (user is null) if (user is null)
{ {
throw new ResourceNotFoundException(); throw new ResourceNotFoundException();

12
Jellyfin.Api/Controllers/SystemController.cs
View File

@ -59,10 +59,12 @@ public class SystemController : BaseJellyfinApiController
/// Gets information about the server. /// Gets information about the server.
/// </summary> /// </summary>
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <response code="403">User does not have permission to retrieve information.</response>
/// <returns>A <see cref="SystemInfo"/> with info about the system.</returns> /// <returns>A <see cref="SystemInfo"/> with info about the system.</returns>
[HttpGet("Info")] [HttpGet("Info")]
[Authorize(Policy = Policies.FirstTimeSetupOrIgnoreParentalControl)] [Authorize(Policy = Policies.FirstTimeSetupOrIgnoreParentalControl)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult<SystemInfo> GetSystemInfo() public ActionResult<SystemInfo> GetSystemInfo()
{ {
return _appHost.GetSystemInfo(Request); return _appHost.GetSystemInfo(Request);
@ -97,10 +99,12 @@ public class SystemController : BaseJellyfinApiController
/// Restarts the application. /// Restarts the application.
/// </summary> /// </summary>
/// <response code="204">Server restarted.</response> /// <response code="204">Server restarted.</response>
/// <response code="403">User does not have permission to restart server.</response>
/// <returns>No content. Server restarted.</returns> /// <returns>No content. Server restarted.</returns>
[HttpPost("Restart")] [HttpPost("Restart")]
[Authorize(Policy = Policies.LocalAccessOrRequiresElevation)] [Authorize(Policy = Policies.LocalAccessOrRequiresElevation)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult RestartApplication() public ActionResult RestartApplication()
{ {
Task.Run(async () => Task.Run(async () =>
@ -115,10 +119,12 @@ public class SystemController : BaseJellyfinApiController
/// Shuts down the application. /// Shuts down the application.
/// </summary> /// </summary>
/// <response code="204">Server shut down.</response> /// <response code="204">Server shut down.</response>
/// <response code="403">User does not have permission to shutdown server.</response>
/// <returns>No content. Server shut down.</returns> /// <returns>No content. Server shut down.</returns>
[HttpPost("Shutdown")] [HttpPost("Shutdown")]
[Authorize(Policy = Policies.RequiresElevation)] [Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult ShutdownApplication() public ActionResult ShutdownApplication()
{ {
Task.Run(async () => Task.Run(async () =>
@ -133,10 +139,12 @@ public class SystemController : BaseJellyfinApiController
/// Gets a list of available server log files. /// Gets a list of available server log files.
/// </summary> /// </summary>
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <response code="403">User does not have permission to get server logs.</response>
/// <returns>An array of <see cref="LogFile"/> with the available log files.</returns> /// <returns>An array of <see cref="LogFile"/> with the available log files.</returns>
[HttpGet("Logs")] [HttpGet("Logs")]
[Authorize(Policy = Policies.RequiresElevation)] [Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult<LogFile[]> GetServerLogs() public ActionResult<LogFile[]> GetServerLogs()
{ {
IEnumerable<FileSystemMetadata> files; IEnumerable<FileSystemMetadata> files;
@ -170,10 +178,12 @@ public class SystemController : BaseJellyfinApiController
/// Gets information about the request endpoint. /// Gets information about the request endpoint.
/// </summary> /// </summary>
/// <response code="200">Information retrieved.</response> /// <response code="200">Information retrieved.</response>
/// <response code="403">User does not have permission to get endpoint information.</response>
/// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns> /// <returns><see cref="EndPointInfo"/> with information about the endpoint.</returns>
[HttpGet("Endpoint")] [HttpGet("Endpoint")]
[Authorize] [Authorize]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
public ActionResult<EndPointInfo> GetEndpointInfo() public ActionResult<EndPointInfo> GetEndpointInfo()
{ {
return new EndPointInfo return new EndPointInfo
@ -188,10 +198,12 @@ public class SystemController : BaseJellyfinApiController
/// </summary> /// </summary>
/// <param name="name">The name of the log file to get.</param> /// <param name="name">The name of the log file to get.</param>
/// <response code="200">Log file retrieved.</response> /// <response code="200">Log file retrieved.</response>
/// <response code="403">User does not have permission to get log files.</response>
/// <returns>The log file.</returns> /// <returns>The log file.</returns>
[HttpGet("Logs/Log")] [HttpGet("Logs/Log")]
[Authorize(Policy = Policies.RequiresElevation)] [Authorize(Policy = Policies.RequiresElevation)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesFile(MediaTypeNames.Text.Plain)] [ProducesFile(MediaTypeNames.Text.Plain)]
public ActionResult GetLogFile([FromQuery, Required] string name) public ActionResult GetLogFile([FromQuery, Required] string name)
{ {