Accueil Explorer Aide
Connexion
mirrors
/
jellyfin
miroir de https://github.com/jellyfin/jellyfin
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

Return correct status codes for authentication and authorization errors

- Use AuthenticatonException to return 401
- Use SecurityException to return 403
- Update existing throws to throw the correct exception for the circumstance
Mark Monteiro il y a 5 ans
Parent
6d35dd6b32
commit
53380689ad
4 fichiers modifiés avec 13 ajouts et 12 suppressions
Vue séparée Afficher les stats Diff
  1. 4 1
      Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
  2. 4 3
      Emby.Server.Implementations/HttpServer/Security/AuthService.cs
  3. 4 7
      Emby.Server.Implementations/Library/UserManager.cs
  4. 1 1
      Emby.Server.Implementations/Session/SessionManager.cs

+ 4 - 1
Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
Voir le fichier 

@@ -14,6 +14,7 @@ using Emby.Server.Implementations.Services;
 
 using MediaBrowser.Common.Extensions;
 
 using MediaBrowser.Common.Net;
 
 using MediaBrowser.Controller;
 
+using MediaBrowser.Controller.Authentication;
 
 using MediaBrowser.Controller.Configuration;
 
 using MediaBrowser.Controller.Net;
 
 using MediaBrowser.Model.Events;
 
@@ -230,7 +231,8 @@ namespace Emby.Server.Implementations.HttpServer
 
             switch (ex)
 
             {
 
                 case ArgumentException _: return 400;
 
-                case SecurityException _: return 401;
 
+                case AuthenticationException _: return 401;
 
+                case SecurityException _: return 403;
 
                 case DirectoryNotFoundException _:
 
                 case FileNotFoundException _:
 
                 case ResourceNotFoundException _: return 404;
 
@@ -550,6 +552,7 @@ namespace Emby.Server.Implementations.HttpServer
 
                     || ex is IOException
 
                     || ex is OperationCanceledException
 
                     || ex is SecurityException
 
+                    || ex is AuthenticationException
 
                     || ex is FileNotFoundException;
 
                 await ErrorHandler(ex, httpReq, !ignoreStackTrace, urlToLog).ConfigureAwait(false);
 
             }

+ 4 - 3
Emby.Server.Implementations/HttpServer/Security/AuthService.cs
Voir le fichier 

@@ -2,6 +2,7 @@
 
 
 using System;
 
 using System.Linq;
 
+using System.Security.Authentication;
 
 using Emby.Server.Implementations.SocketSharp;
 
 using MediaBrowser.Common.Net;
 
 using MediaBrowser.Controller.Configuration;
 
@@ -68,7 +69,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
 
             if (user == null && auth.UserId != Guid.Empty)
 
             {
 
-                throw new SecurityException("User with Id " + auth.UserId + " not found");
 
+                throw new AuthenticationException("User with Id " + auth.UserId + " not found");
 
             }
 
 
             if (user != null)
 
@@ -212,14 +213,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
 
         {
 
             if (string.IsNullOrEmpty(token))
 
             {
 
-                throw new SecurityException("Access token is required.");
 
+                throw new AuthenticationException("Access token is required.");
 
             }
 
 
             var info = GetTokenInfo(request);
 
 
             if (info == null)
 
             {
 
-                throw new SecurityException("Access token is invalid or expired.");
 
+                throw new AuthenticationException("Access token is invalid or expired.");
 
             }
 
 
             //if (!string.IsNullOrEmpty(info.UserId))

+ 4 - 7
Emby.Server.Implementations/Library/UserManager.cs
Voir le fichier 

@@ -20,6 +20,7 @@ using MediaBrowser.Controller.Drawing;
 
 using MediaBrowser.Controller.Dto;
 
 using MediaBrowser.Controller.Entities;
 
 using MediaBrowser.Controller.Library;
 
+using MediaBrowser.Controller.Net;
 
 using MediaBrowser.Controller.Persistence;
 
 using MediaBrowser.Controller.Plugins;
 
 using MediaBrowser.Controller.Providers;
 
@@ -324,21 +325,17 @@ namespace Emby.Server.Implementations.Library
 
 
             if (user.Policy.IsDisabled)
 
             {
 
-                throw new AuthenticationException(
 
-                    string.Format(
 
-                        CultureInfo.InvariantCulture,
 
-                        "The {0} account is currently disabled. Please consult with your administrator.",
 
-                        user.Name));
 
+                throw new SecurityException($"The {user.Name} account is currently disabled. Please consult with your administrator.");
 
             }
 
 
             if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
 
             {
 
-                throw new AuthenticationException("Forbidden.");
 
+                throw new SecurityException("Forbidden.");
 
             }
 
 
             if (!user.IsParentalScheduleAllowed())
 
             {
 
-                throw new AuthenticationException("User is not allowed access at this time.");
 
+                throw new SecurityException("User is not allowed access at this time.");
 
             }
 
 
             // Update LastActivityDate and LastLoginDate, then save

+ 1 - 1
Emby.Server.Implementations/Session/SessionManager.cs
Voir le fichier 

@@ -1414,7 +1414,7 @@ namespace Emby.Server.Implementations.Session
 
             if (user == null)
 
             {
 
                 AuthenticationFailed?.Invoke(this, new GenericEventArgs<AuthenticationRequest>(request));
 
-                throw new SecurityException("Invalid username or password entered.");
 
+                throw new AuthenticationException("Invalid username or password entered.");
 
             }
 
 
             if (!string.IsNullOrEmpty(request.DeviceId)