Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-05-31 20:24:21 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add userId parameter to AuthorizeQuickConnect

Browse Source
This commit is contained in:
Niels van Velzen 2022-11-12 10:19:52 +01:00
parent db2c0d4c91
commit fd73f346dc
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Jellyfin.Api/Controllers/QuickConnectController.cs
View File

@ -1,3 +1,4 @@
using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
@ -96,6 +97,7 @@ namespace Jellyfin.Api.Controllers
/// Authorizes a pending quick connect request. /// Authorizes a pending quick connect request.
/// </summary> /// </summary>
/// <param name="code">Quick connect code to authorize.</param> /// <param name="code">Quick connect code to authorize.</param>
/// <param name="userId">The user the authorize. Access to the requested user is required.</param>
/// <response code="200">Quick connect result authorized successfully.</response> /// <response code="200">Quick connect result authorized successfully.</response>
/// <response code="403">Unknown user id.</response> /// <response code="403">Unknown user id.</response>
/// <returns>Boolean indicating if the authorization was successful.</returns> /// <returns>Boolean indicating if the authorization was successful.</returns>
@ -103,17 +105,19 @@ namespace Jellyfin.Api.Controllers
[Authorize(Policy = Policies.DefaultAuthorization)] [Authorize(Policy = Policies.DefaultAuthorization)]
[ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code) public async Task<ActionResult<bool>> AuthorizeQuickConnect([FromQuery, Required] string code, [FromQuery] Guid? userId = null)
{ {
var userId = User.GetUserId(); var currentUserId = User.GetUserId();
if (userId.Equals(default)) var actualUserId = userId ?? currentUserId;
if (actualUserId.Equals(default) || (!userId.Equals(currentUserId) && !User.IsInRole(UserRoles.Administrator)))
{ {
return StatusCode(StatusCodes.Status403Forbidden, "Unknown user id"); return Forbid("Unknown user id");
} }
try try
{ {
return await _quickConnect.AuthorizeRequest(userId, code).ConfigureAwait(false); return await _quickConnect.AuthorizeRequest(actualUserId, code).ConfigureAwait(false);
} }
catch (AuthenticationException) catch (AuthenticationException)
{ {