jellyfin/Emby.Server.Implementations/HttpServer/Security/AuthService.cs

#pragma warning disable CS1591

using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class AuthService : IAuthService
    {
        private readonly IAuthorizationContext _authorizationContext;

        public AuthService(
            IAuthorizationContext authorizationContext)
        {
            _authorizationContext = authorizationContext;
        }

        public AuthorizationInfo Authenticate(HttpRequest request)
        {
            var auth = _authorizationContext.GetAuthorizationInfo(request);
            if (auth == null)
            {
                throw new SecurityException("Unauthenticated request.");
            }

            if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
            {
                throw new SecurityException("User account has been disabled.");
            }

            return auth;
        }
    }
}
Fix more warnings 2019-11-01 10:38:54 -07:00			`#pragma warning disable CS1591`

Initial migration code 2020-05-12 19:10:35 -07:00			`using Jellyfin.Data.Enums;`
run all ajax through apiclient 2014-07-01 22:16:59 -07:00			`using MediaBrowser.Controller.Net;`
Add authentication and remove versioning 2019-11-23 08:31:02 -07:00			`using Microsoft.AspNetCore.Http;`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-01 21:57:18 -07:00
move classes 2016-11-03 18:18:51 -07:00			`namespace Emby.Server.Implementations.HttpServer.Security`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-01 21:57:18 -07:00			`{`
			`public class AuthService : IAuthService`
			`{`
Replace custom code with Asp.Net Core code 2019-07-28 14:53:19 -07:00			`private readonly IAuthorizationContext _authorizationContext;`
completed auth database 2014-07-07 18:41:03 -07:00
Replace custom code with Asp.Net Core code 2019-07-28 14:53:19 -07:00			`public AuthService(`
Remove ServiceStack and related stuff 2020-09-02 03:22:14 -07:00			`IAuthorizationContext authorizationContext)`
run all ajax through apiclient 2014-07-01 22:16:59 -07:00			`{`
Replace custom code with Asp.Net Core code 2019-07-28 14:53:19 -07:00			`_authorizationContext = authorizationContext;`
Add authentication and remove versioning 2019-11-23 08:31:02 -07:00			`}`

Add more authorization handlers, actually authorize requests 2020-06-15 11:49:54 -07:00			`public AuthorizationInfo Authenticate(HttpRequest request)`
			`{`
			`var auth = _authorizationContext.GetAuthorizationInfo(request);`
Move SecurityException 2020-10-15 07:02:59 -07:00			`if (auth == null)`
			`{`
			`throw new SecurityException("Unauthenticated request.");`
			`}`

Allow apikey to authenticate as admin 2020-10-14 16:58:33 -07:00			`if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)`
Add more authorization handlers, actually authorize requests 2020-06-15 11:49:54 -07:00			`{`
			`throw new SecurityException("User account has been disabled.");`
			`}`

			`return auth;`
			`}`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-01 21:57:18 -07:00			`}`
			`}`