Emby.Server.Implementations/HttpServer/Security/SessionContext.cs

using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Security;
using MediaBrowser.Controller.Session;
using System.Threading.Tasks;
using MediaBrowser.Model.Services;

namespace Emby.Server.Implementations.HttpServer.Security
{
    public class SessionContext : ISessionContext
    {
        private readonly IUserManager _userManager;
        private readonly ISessionManager _sessionManager;
        private readonly IAuthorizationContext _authContext;

        public SessionContext(IUserManager userManager, IAuthorizationContext authContext, ISessionManager sessionManager)
        {
            _userManager = userManager;
            _authContext = authContext;
            _sessionManager = sessionManager;
        }

        public Task<SessionInfo> GetSession(IRequest requestContext)
        {
            var authorization = _authContext.GetAuthorizationInfo(requestContext);

            var user = string.IsNullOrWhiteSpace(authorization.UserId) ? null : _userManager.GetUserById(authorization.UserId);
            return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.RemoteIp, user);
        }

        private AuthenticationInfo GetTokenInfo(IRequest request)
        {
            object info;
            request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
            return info as AuthenticationInfo;
        }

        public Task<SessionInfo> GetSession(object requestContext)
        {
            return GetSession((IRequest)requestContext);
        }

        public async Task<User> GetUser(IRequest requestContext)
        {
            var session = await GetSession(requestContext).ConfigureAwait(false);

            return session == null || !session.UserId.HasValue ? null : _userManager.GetUserById(session.UserId.Value);
        }

        public Task<User> GetUser(object requestContext)
        {
            return GetUser((IRequest)requestContext);
        }
    }
}
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								using MediaBrowser.Controller.Entities;
 								using MediaBrowser.Controller.Library;
 								using MediaBrowser.Controller.Net;
-												fix session not found errors

											
										
										
											2015-03-09 15:40:03 -04:00
+								using MediaBrowser.Controller.Security;
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								using MediaBrowser.Controller.Session;
-												fix session not found errors

											
										
										
											2015-03-09 15:40:03 -04:00
+								using System.Threading.Tasks;
-												make controller project portable

											
										
										
											2016-10-25 15:02:04 -04:00
+								using MediaBrowser.Model.Services;
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
-												move classes

											
										
										
											2016-11-03 21:18:51 -04:00
+								namespace Emby.Server.Implementations.HttpServer.Security
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								{
 								    public class SessionContext : ISessionContext
 								    {
 								        private readonly IUserManager _userManager;
 								        private readonly ISessionManager _sessionManager;
 								        private readonly IAuthorizationContext _authContext;
 								        public SessionContext(IUserManager userManager, IAuthorizationContext authContext, ISessionManager sessionManager)
 								        {
 								            _userManager = userManager;
 								            _authContext = authContext;
 								            _sessionManager = sessionManager;
 								        }
-												update request classes

											
										
										
											2017-09-03 14:38:26 -04:00
+								        public Task<SessionInfo> GetSession(IRequest requestContext)
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								        {
 								            var authorization = _authContext.GetAuthorizationInfo(requestContext);
-												fix session not found errors

											
										
										
											2015-05-24 23:01:44 -04:00
+								            var user = string.IsNullOrWhiteSpace(authorization.UserId) ? null : _userManager.GetUserById(authorization.UserId);
 								            return _sessionManager.LogSessionActivity(authorization.Client, authorization.Version, authorization.DeviceId, authorization.Device, requestContext.RemoteIp, user);
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								        }
-												update request classes

											
										
										
											2017-09-03 14:38:26 -04:00
+								        private AuthenticationInfo GetTokenInfo(IRequest request)
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								        {
-												fix session not found errors

											
										
										
											2015-03-09 15:40:03 -04:00
+								            object info;
 								            request.Items.TryGetValue("OriginalAuthenticationInfo", out info);
 								            return info as AuthenticationInfo;
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								        }
-												revise endpoint attributes

											
										
										
											2014-11-14 21:31:03 -05:00
-												fix session not found errors

											
										
										
											2015-03-09 15:40:03 -04:00
+								        public Task<SessionInfo> GetSession(object requestContext)
-												revise endpoint attributes

											
										
										
											2014-11-14 21:31:03 -05:00
+								        {
-												update request classes

											
										
										
											2017-09-03 14:38:26 -04:00
+								            return GetSession((IRequest)requestContext);
-												revise endpoint attributes

											
										
										
											2014-11-14 21:31:03 -05:00
+								        }
-												update request classes

											
										
										
											2017-09-03 14:38:26 -04:00
+								        public async Task<User> GetUser(IRequest requestContext)
-												fix session not found errors

											
										
										
											2015-03-09 15:40:03 -04:00
+								        {
 								            var session = await GetSession(requestContext).ConfigureAwait(false);
 								            return session == null || !session.UserId.HasValue ? null : _userManager.GetUserById(session.UserId.Value);
 								        }
 								        public Task<User> GetUser(object requestContext)
-												revise endpoint attributes

											
										
										
											2014-11-14 21:31:03 -05:00
+								        {
-												update request classes

											
										
										
											2017-09-03 14:38:26 -04:00
+								            return GetUser((IRequest)requestContext);
-												revise endpoint attributes

											
										
										
											2014-11-14 21:31:03 -05:00
+								        }
-												fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

											
										
										
											2014-07-02 00:57:18 -04:00
+								    }
 								}