|
|
@@ -1,14 +1,19 @@
|
|
|
+using System;
|
|
|
using System.Collections.Generic;
|
|
|
using System.Security.Claims;
|
|
|
using System.Threading.Tasks;
|
|
|
using AutoFixture;
|
|
|
using AutoFixture.AutoMoq;
|
|
|
+using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
|
|
|
using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
|
|
|
using Jellyfin.Api.Constants;
|
|
|
+using Jellyfin.Data.Entities;
|
|
|
+using Jellyfin.Data.Enums;
|
|
|
using MediaBrowser.Common.Configuration;
|
|
|
using MediaBrowser.Controller.Library;
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
using Microsoft.AspNetCore.Http;
|
|
|
+using Microsoft.Extensions.DependencyInjection;
|
|
|
using Moq;
|
|
|
using Xunit;
|
|
|
|
|
|
@@ -18,7 +23,9 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
{
|
|
|
private readonly Mock<IConfigurationManager> _configurationManagerMock;
|
|
|
private readonly List<IAuthorizationRequirement> _requirements;
|
|
|
+ private readonly DefaultAuthorizationHandler _defaultAuthorizationHandler;
|
|
|
private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
|
|
|
+ private readonly IAuthorizationService _authorizationService;
|
|
|
private readonly Mock<IUserManager> _userManagerMock;
|
|
|
private readonly Mock<IHttpContextAccessor> _httpContextAccessor;
|
|
|
|
|
|
@@ -31,6 +38,21 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();
|
|
|
|
|
|
_firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
|
|
|
+ _defaultAuthorizationHandler = fixture.Create<DefaultAuthorizationHandler>();
|
|
|
+
|
|
|
+ var services = new ServiceCollection();
|
|
|
+ services.AddAuthorizationCore();
|
|
|
+ services.AddLogging();
|
|
|
+ services.AddOptions();
|
|
|
+ services.AddSingleton<IAuthorizationHandler>(_defaultAuthorizationHandler);
|
|
|
+ services.AddSingleton<IAuthorizationHandler>(_firstTimeSetupHandler);
|
|
|
+ services.AddAuthorization(options =>
|
|
|
+ {
|
|
|
+ options.AddPolicy("FirstTime", policy => policy.Requirements.Add(new FirstTimeSetupRequirement()));
|
|
|
+ options.AddPolicy("FirstTimeNoAdmin", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(false, false)));
|
|
|
+ options.AddPolicy("FirstTimeSchedule", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(true, false)));
|
|
|
+ });
|
|
|
+ _authorizationService = services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
|
|
|
}
|
|
|
|
|
|
[Theory]
|
|
|
@@ -45,17 +67,16 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
_httpContextAccessor,
|
|
|
userRole);
|
|
|
|
|
|
- var context = new AuthorizationHandlerContext(_requirements, claims, null);
|
|
|
+ var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
|
|
|
|
|
|
- await _firstTimeSetupHandler.HandleAsync(context);
|
|
|
- Assert.True(context.HasSucceeded);
|
|
|
+ Assert.True(allowed.Succeeded);
|
|
|
}
|
|
|
|
|
|
[Theory]
|
|
|
- [InlineData(UserRoles.Administrator, false)]
|
|
|
- [InlineData(UserRoles.Guest, true)]
|
|
|
- [InlineData(UserRoles.User, true)]
|
|
|
- public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldFail)
|
|
|
+ [InlineData(UserRoles.Administrator, true)]
|
|
|
+ [InlineData(UserRoles.Guest, false)]
|
|
|
+ [InlineData(UserRoles.User, false)]
|
|
|
+ public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
|
|
|
{
|
|
|
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
|
|
var claims = TestHelpers.SetupUser(
|
|
|
@@ -63,17 +84,16 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
_httpContextAccessor,
|
|
|
userRole);
|
|
|
|
|
|
- var context = new AuthorizationHandlerContext(_requirements, claims, null);
|
|
|
+ var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
|
|
|
|
|
|
- await _firstTimeSetupHandler.HandleAsync(context);
|
|
|
- Assert.Equal(shouldFail, context.HasFailed);
|
|
|
+ Assert.Equal(shouldSucceed, allowed.Succeeded);
|
|
|
}
|
|
|
|
|
|
[Theory]
|
|
|
- [InlineData(UserRoles.Administrator)]
|
|
|
- [InlineData(UserRoles.Guest)]
|
|
|
- [InlineData(UserRoles.User)]
|
|
|
- public async Task ShouldDeferIfNotRequiresAdmin(string userRole)
|
|
|
+ [InlineData(UserRoles.Administrator, true)]
|
|
|
+ [InlineData(UserRoles.Guest, false)]
|
|
|
+ [InlineData(UserRoles.User, true)]
|
|
|
+ public async Task ShouldRequireUserIfNotAdministrator(string userRole, bool shouldSucceed)
|
|
|
{
|
|
|
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
|
|
var claims = TestHelpers.SetupUser(
|
|
|
@@ -81,14 +101,9 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
_httpContextAccessor,
|
|
|
userRole);
|
|
|
|
|
|
- var context = new AuthorizationHandlerContext(
|
|
|
- new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement(false, false) },
|
|
|
- claims,
|
|
|
- null);
|
|
|
+ var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeNoAdmin");
|
|
|
|
|
|
- await _firstTimeSetupHandler.HandleAsync(context);
|
|
|
- Assert.False(context.HasSucceeded);
|
|
|
- Assert.False(context.HasFailed);
|
|
|
+ Assert.Equal(shouldSucceed, allowed.Succeeded);
|
|
|
}
|
|
|
|
|
|
[Fact]
|
|
|
@@ -96,10 +111,26 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupPolicy
|
|
|
{
|
|
|
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
|
|
var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)]));
|
|
|
- var context = new AuthorizationHandlerContext(_requirements, claims, null);
|
|
|
|
|
|
- await _firstTimeSetupHandler.HandleAsync(context);
|
|
|
- Assert.True(context.HasSucceeded);
|
|
|
+ var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
|
|
|
+ Assert.True(allowed.Succeeded);
|
|
|
+ }
|
|
|
+
|
|
|
+ [Fact]
|
|
|
+ public async Task ShouldDisallowUserIfOutsideSchedule()
|
|
|
+ {
|
|
|
+ AccessSchedule[] accessSchedules = { new AccessSchedule(DynamicDayOfWeek.Everyday, 0, 0, Guid.Empty) };
|
|
|
+
|
|
|
+ TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
|
|
|
+ var claims = TestHelpers.SetupUser(
|
|
|
+ _userManagerMock,
|
|
|
+ _httpContextAccessor,
|
|
|
+ UserRoles.User,
|
|
|
+ accessSchedules);
|
|
|
+
|
|
|
+ var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeSchedule");
|
|
|
+
|
|
|
+ Assert.False(allowed.Succeeded);
|
|
|
}
|
|
|
}
|
|
|
}
|
Bill Thornton