starred/jellyfin-jellyfin-1
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-12-27 11:14:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Return correct status codes for authentication and authorization errors

Browse Source 
- Use AuthenticatonException to return 401
- Use SecurityException to return 403
- Update existing throws to throw the correct exception for the circumstance
This commit is contained in:
Mark Monteiro
2020-04-13 13:17:46 -04:00
parent 6d35dd6b32
commit 53380689ad
4 changed files with 13 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Emby.Server.Implementations/Library/UserManager.cs
View File

@@ -20,6 +20,7 @@ using MediaBrowser.Controller.Drawing;
using MediaBrowser.Controller.Dto;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Controller.Plugins;
using MediaBrowser.Controller.Providers;
@@ -324,21 +325,17 @@ namespace Emby.Server.Implementations.Library
if (user.Policy.IsDisabled)
{
throw new AuthenticationException(
string.Format(
CultureInfo.InvariantCulture,
"The {0} account is currently disabled. Please consult with your administrator.",
user.Name));
throw new SecurityException($"The {user.Name} account is currently disabled. Please consult with your administrator.");
}
if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
{
throw new AuthenticationException("Forbidden.");
throw new SecurityException("Forbidden.");
}
if (!user.IsParentalScheduleAllowed())
{
throw new AuthenticationException("User is not allowed access at this time.");
throw new SecurityException("User is not allowed access at this time.");
}
// Update LastActivityDate and LastLoginDate, then save