Explorar o código

Don't throw exception on unauthenticated requests

Cody Robibero %!s(int64=4) %!d(string=hai) anos
pai
achega
4a28f46cac

+ 1 - 1
Emby.Server.Implementations/HttpServer/Security/AuthService.cs

@@ -24,7 +24,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
             if (!auth.HasToken)
             {
-                throw new AuthenticationException("Request does not contain a token.");
+                return auth;
             }
 
             if (!auth.IsAuthenticated)

+ 6 - 1
Emby.Server.Implementations/HttpServer/WebSocketManager.cs

@@ -35,7 +35,12 @@ namespace Emby.Server.Implementations.HttpServer
         /// <inheritdoc />
         public async Task WebSocketRequestHandler(HttpContext context)
         {
-            _ = await _authService.Authenticate(context.Request).ConfigureAwait(false);
+            var authorizationInfo = await _authService.Authenticate(context.Request).ConfigureAwait(false);
+            if (!authorizationInfo.IsAuthenticated)
+            {
+                throw new SecurityException("Token is required");
+            }
+
             try
             {
                 _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);

+ 5 - 0
Jellyfin.Api/Auth/CustomAuthenticationHandler.cs

@@ -45,6 +45,11 @@ namespace Jellyfin.Api.Auth
             try
             {
                 var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
+                if (!authorizationInfo.HasToken)
+                {
+                    return AuthenticateResult.NoResult();
+                }
+
                 var role = UserRoles.User;
                 if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
                 {

+ 2 - 0
tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs

@@ -132,6 +132,8 @@ namespace Jellyfin.Api.Tests.Auth
             authorizationInfo.User.AddDefaultPreferences();
             authorizationInfo.User.SetPermission(PermissionKind.IsAdministrator, isAdmin);
             authorizationInfo.IsApiKey = false;
+            authorizationInfo.HasToken = true;
+            authorizationInfo.Token = "fake-token";
 
             _jellyfinAuthServiceMock.Setup(
                     a => a.Authenticate(