Emby.Server.Implementations/HttpServer/Security/AuthService.cs

#pragma warning disable CS1591

using Jellyfin.Data.Enums;
using MediaBrowser.Controller.Net;
using Microsoft.AspNetCore.Http;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class AuthService : IAuthService
    {
        private readonly IAuthorizationContext _authorizationContext;

        public AuthService(
            IAuthorizationContext authorizationContext)
        {
            _authorizationContext = authorizationContext;
        }

        public AuthorizationInfo Authenticate(HttpRequest request)
        {
            var auth = _authorizationContext.GetAuthorizationInfo(request);
            if (auth?.User == null)
            {
                return null;
            }

            if (auth.User.HasPermission(PermissionKind.IsDisabled))
            {
                throw new SecurityException("User account has been disabled.");
            }

            return auth;
        }
    }
}
Fix more warnings 2019-11-01 18:38:54 +01:00			`#pragma warning disable CS1591`

Initial migration code 2020-05-12 22:10:35 -04:00			`using Jellyfin.Data.Enums;`
run all ajax through apiclient 2014-07-02 01:16:59 -04:00			`using MediaBrowser.Controller.Net;`
Add authentication and remove versioning 2019-11-23 16:31:02 +01:00			`using Microsoft.AspNetCore.Http;`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 00:57:18 -04:00
move classes 2016-11-03 21:18:51 -04:00			`namespace Emby.Server.Implementations.HttpServer.Security`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 00:57:18 -04:00			`{`
			`public class AuthService : IAuthService`
			`{`
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`private readonly IAuthorizationContext _authorizationContext;`
completed auth database 2014-07-07 21:41:03 -04:00
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`public AuthService(`
Remove ServiceStack and related stuff 2020-09-02 12:22:14 +02:00			`IAuthorizationContext authorizationContext)`
run all ajax through apiclient 2014-07-02 01:16:59 -04:00			`{`
Replace custom code with Asp.Net Core code 2019-07-28 23:53:19 +02:00			`_authorizationContext = authorizationContext;`
Add authentication and remove versioning 2019-11-23 16:31:02 +01:00			`}`

Add more authorization handlers, actually authorize requests 2020-06-15 12:49:54 -06:00			`public AuthorizationInfo Authenticate(HttpRequest request)`
			`{`
			`var auth = _authorizationContext.GetAuthorizationInfo(request);`
			`if (auth?.User == null)`
			`{`
			`return null;`
			`}`

			`if (auth.User.HasPermission(PermissionKind.IsDisabled))`
			`{`
			`throw new SecurityException("User account has been disabled.");`
			`}`

			`return auth;`
			`}`
fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser 2014-07-02 00:57:18 -04:00			`}`
			`}`