starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-21 00:05:26 +03:00
Code Issues Packages Projects Releases Wiki Activity

fixes #789 - Security Issue: API allows access to any folder of the PC running MediaBrowser

Browse Source
This commit is contained in:
Luke Pulverenti
2014-07-02 00:57:18 -04:00
parent 3bef6ead9c
commit 389390b82e
39 changed files with 587 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
MediaBrowser.Server.Implementations/HttpServer/Security/SessionContext.cs Normal file
View File

@@ -0,0 +1,36 @@
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Session;
using ServiceStack.Web;
namespace MediaBrowser.Server.Implementations.HttpServer.Security
{
public class SessionContext : ISessionContext
{
private readonly IUserManager _userManager;
private readonly ISessionManager _sessionManager;
private readonly IAuthorizationContext _authContext;
public SessionContext(IUserManager userManager, IAuthorizationContext authContext, ISessionManager sessionManager)
{
_userManager = userManager;
_authContext = authContext;
_sessionManager = sessionManager;
}
public SessionInfo GetSession(IRequest requestContext)
{
var authorization = _authContext.GetAuthorizationInfo(requestContext);
return _sessionManager.GetSession(authorization.DeviceId, authorization.Client, authorization.Version);
}
public User GetUser(IRequest requestContext)
{
var session = GetSession(requestContext);
return session == null || !session.UserId.HasValue ? null : _userManager.GetUserById(session.UserId.Value);
}
}
}