[PR #3357] [MERGED] Add Authorization handlers #9480

Closed
opened 2026-02-07 06:02:52 +03:00 by OVERLORD · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/jellyfin/jellyfin/pull/3357
Author: @crobibero
Created: 6/16/2020
Status: Merged
Merged: 6/18/2020
Merged by: @daullmer

Base: api-migrationHead: api-authorization


📝 Commits (9)

  • 4aac936 Add more authorization handlers, actually authorize requests
  • a8adbef Add GetAuthorizationInfo for netcore HttpRequest
  • 774fdbd Fix tests.
  • c246662 Add Default authorization policy
  • b22fdbf Add tests and cleanup
  • b451eb0 Update Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs
  • 2991769 Further cleanup and add final tests
  • 4962e23 revert adding Jellyfin to auth header
  • 0c01b68 Add X-Forward-(For/Proto) support

📊 Changes

32 files changed (+951 additions, -171 deletions)

View changed files

📝 Emby.Server.Implementations/HttpServer/Security/AuthService.cs (+25 -20)
📝 Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs (+78 -37)
Jellyfin.Api/Auth/BaseAuthorizationHandler.cs (+102 -0)
📝 Jellyfin.Api/Auth/CustomAuthenticationHandler.cs (+14 -11)
Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs (+42 -0)
Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs (+11 -0)
📝 Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs (+18 -4)
Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs (+42 -0)
Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs (+11 -0)
Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs (+44 -0)
Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs (+11 -0)
📝 Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs (+24 -2)
Jellyfin.Api/Constants/InternalClaimTypes.cs (+38 -0)
📝 Jellyfin.Api/Constants/Policies.cs (+15 -0)
📝 Jellyfin.Api/Controllers/ConfigurationController.cs (+1 -1)
📝 Jellyfin.Api/Controllers/DevicesController.cs (+1 -1)
📝 Jellyfin.Api/Controllers/PackageController.cs (+1 -1)
📝 Jellyfin.Api/Controllers/SearchController.cs (+2 -1)
📝 Jellyfin.Api/Controllers/SubtitleController.cs (+4 -4)
📝 Jellyfin.Api/Controllers/VideoAttachmentsController.cs (+2 -1)

...and 12 more files

📄 Description

Adds:

DefaultAuthorizationPolicy
IgnoreSchedulePolicy
LocalAccessPolicy

Header:
X-Jellyfin-Token (same as X-Emby-Token)
X-Jellyfin-Authorization (same as X-Emby-Authorization)
Jellyfin parameter for X-Jellyfin-Authorization (allows in place of Mediabrowser)

Note: all endpoints that require authorization will need the default policy for proper authorization to happen.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/jellyfin/jellyfin/pull/3357 **Author:** [@crobibero](https://github.com/crobibero) **Created:** 6/16/2020 **Status:** ✅ Merged **Merged:** 6/18/2020 **Merged by:** [@daullmer](https://github.com/daullmer) **Base:** `api-migration` ← **Head:** `api-authorization` --- ### 📝 Commits (9) - [`4aac936`](https://github.com/jellyfin/jellyfin/commit/4aac93672115d96ab77534f2b6a32a23482dab38) Add more authorization handlers, actually authorize requests - [`a8adbef`](https://github.com/jellyfin/jellyfin/commit/a8adbef74fc8300190c463a9c585b55dcfb0c78e) Add GetAuthorizationInfo for netcore HttpRequest - [`774fdbd`](https://github.com/jellyfin/jellyfin/commit/774fdbd031f96dada757470c6e935f0667c775f1) Fix tests. - [`c246662`](https://github.com/jellyfin/jellyfin/commit/c24666253c48ef17402bd8ddb7688821616ec6ba) Add Default authorization policy - [`b22fdbf`](https://github.com/jellyfin/jellyfin/commit/b22fdbf59ee6536ca255ca3c57a13e5b9293fd78) Add tests and cleanup - [`b451eb0`](https://github.com/jellyfin/jellyfin/commit/b451eb0bdc1594c88af11ae807fb7f3b3c4ef124) Update Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs - [`2991769`](https://github.com/jellyfin/jellyfin/commit/29917699f0854f504452e62ee7be4bff0a4a206d) Further cleanup and add final tests - [`4962e23`](https://github.com/jellyfin/jellyfin/commit/4962e230af13933f6a087b78b16884da0e485688) revert adding Jellyfin to auth header - [`0c01b68`](https://github.com/jellyfin/jellyfin/commit/0c01b6817b9e14661fd1ebea05590b60278e735c) Add X-Forward-(For/Proto) support ### 📊 Changes **32 files changed** (+951 additions, -171 deletions) <details> <summary>View changed files</summary> 📝 `Emby.Server.Implementations/HttpServer/Security/AuthService.cs` (+25 -20) 📝 `Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs` (+78 -37) ➕ `Jellyfin.Api/Auth/BaseAuthorizationHandler.cs` (+102 -0) 📝 `Jellyfin.Api/Auth/CustomAuthenticationHandler.cs` (+14 -11) ➕ `Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandler.cs` (+42 -0) ➕ `Jellyfin.Api/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationRequirement.cs` (+11 -0) 📝 `Jellyfin.Api/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandler.cs` (+18 -4) ➕ `Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandler.cs` (+42 -0) ➕ `Jellyfin.Api/Auth/IgnoreSchedulePolicy/IgnoreScheduleRequirement.cs` (+11 -0) ➕ `Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessHandler.cs` (+44 -0) ➕ `Jellyfin.Api/Auth/LocalAccessPolicy/LocalAccessRequirement.cs` (+11 -0) 📝 `Jellyfin.Api/Auth/RequiresElevationPolicy/RequiresElevationHandler.cs` (+24 -2) ➕ `Jellyfin.Api/Constants/InternalClaimTypes.cs` (+38 -0) 📝 `Jellyfin.Api/Constants/Policies.cs` (+15 -0) 📝 `Jellyfin.Api/Controllers/ConfigurationController.cs` (+1 -1) 📝 `Jellyfin.Api/Controllers/DevicesController.cs` (+1 -1) 📝 `Jellyfin.Api/Controllers/PackageController.cs` (+1 -1) 📝 `Jellyfin.Api/Controllers/SearchController.cs` (+2 -1) 📝 `Jellyfin.Api/Controllers/SubtitleController.cs` (+4 -4) 📝 `Jellyfin.Api/Controllers/VideoAttachmentsController.cs` (+2 -1) _...and 12 more files_ </details> ### 📄 Description Adds: DefaultAuthorizationPolicy IgnoreSchedulePolicy LocalAccessPolicy ~~Header:~~ ~~`X-Jellyfin-Token` (same as `X-Emby-Token`)~~ ~~`X-Jellyfin-Authorization` (same as `X-Emby-Authorization`)~~ ~~`Jellyfin` parameter for `X-Jellyfin-Authorization` (allows in place of `Mediabrowser`)~~ Note: all endpoints that require authorization will need the default policy for proper authorization to happen. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-07 06:02:52 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/jellyfin#9480