首頁 探索 說明
登入
mirrors
/
jellyfin
镜像来自 https://github.com/jellyfin/jellyfin
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Don't throw exception on unauthenticated requests

Cody Robibero 3 年之前
父節點
8868b34d78
當前提交
4a28f46cac
共有 4 個文件被更改,包括 14 次插入2 次删除
分割檢視 顯示文件統計
  1. 1 1
      Emby.Server.Implementations/HttpServer/Security/AuthService.cs
  2. 6 1
      Emby.Server.Implementations/HttpServer/WebSocketManager.cs
  3. 5 0
      Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
  4. 2 0
      tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs

+ 1 - 1
Emby.Server.Implementations/HttpServer/Security/AuthService.cs
查看文件 

@@ -24,7 +24,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
 
             if (!auth.HasToken)
 
             {
 
-                throw new AuthenticationException("Request does not contain a token.");
 
+                return auth;
 
             }
 
 
             if (!auth.IsAuthenticated)

+ 6 - 1
Emby.Server.Implementations/HttpServer/WebSocketManager.cs
查看文件 

@@ -35,7 +35,12 @@ namespace Emby.Server.Implementations.HttpServer
 
         /// <inheritdoc />
 
         public async Task WebSocketRequestHandler(HttpContext context)
 
         {
 
-            _ = await _authService.Authenticate(context.Request).ConfigureAwait(false);
 
+            var authorizationInfo = await _authService.Authenticate(context.Request).ConfigureAwait(false);
 
+            if (!authorizationInfo.IsAuthenticated)
 
+            {
 
+                throw new SecurityException("Token is required");
 
+            }
 
+
 
             try
 
             {
 
                 _logger.LogInformation("WS {IP} request", context.Connection.RemoteIpAddress);

+ 5 - 0
Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
查看文件 

@@ -45,6 +45,11 @@ namespace Jellyfin.Api.Auth
 
             try
 
             {
 
                 var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
 
+                if (!authorizationInfo.HasToken)
 
+                {
 
+                    return AuthenticateResult.NoResult();
 
+                }
 
+
 
                 var role = UserRoles.User;
 
                 if (authorizationInfo.IsApiKey || authorizationInfo.User.HasPermission(PermissionKind.IsAdministrator))
 
                 {

+ 2 - 0
tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs
查看文件 

@@ -132,6 +132,8 @@ namespace Jellyfin.Api.Tests.Auth
 
             authorizationInfo.User.AddDefaultPreferences();
 
             authorizationInfo.User.SetPermission(PermissionKind.IsAdministrator, isAdmin);
 
             authorizationInfo.IsApiKey = false;
 
+            authorizationInfo.HasToken = true;
 
+            authorizationInfo.Token = "fake-token";
 
 
             _jellyfinAuthServiceMock.Setup(
 
                     a => a.Authenticate(