Merge pull request #4443 from cvium/fix_auth_again_again_again

Remove OriginalAuthenticationInfo and add IsAuthenticated property

Emby.Server.Implementations/HttpServer/Security/AuthService.cs

@@ -1,6 +1,7 @@
 #pragma warning disable CS1591
 
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Http;
 
@@ -19,9 +20,9 @@ namespace Emby.Server.Implementations.HttpServer.Security
         public AuthorizationInfo Authenticate(HttpRequest request)
         {
             var auth = _authorizationContext.GetAuthorizationInfo(request);
-            if (auth == null)
+            if (!auth.IsAuthenticated)
             {
-                throw new SecurityException("Unauthenticated request.");
+                throw new AuthenticationException("Invalid token.");
             }
 
             if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)

Emby.Server.Implementations/HttpServer/Security/AuthorizationContext.cs

@@ -36,8 +36,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
         public AuthorizationInfo GetAuthorizationInfo(HttpRequest requestContext)
         {
             var auth = GetAuthorizationDictionary(requestContext);
-            var (authInfo, _) =
-                GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
+            var authInfo = GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query);
             return authInfo;
         }
 
@@ -49,19 +48,13 @@ namespace Emby.Server.Implementations.HttpServer.Security
         private AuthorizationInfo GetAuthorization(HttpContext httpReq)
         {
             var auth = GetAuthorizationDictionary(httpReq);
-            var (authInfo, originalAuthInfo) =
-                GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
-
-            if (originalAuthInfo != null)
-            {
-                httpReq.Request.HttpContext.Items["OriginalAuthenticationInfo"] = originalAuthInfo;
-            }
+            var authInfo = GetAuthorizationInfoFromDictionary(auth, httpReq.Request.Headers, httpReq.Request.Query);
 
             httpReq.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;
             return authInfo;
         }
 
-        private (AuthorizationInfo authInfo, AuthenticationInfo originalAuthenticationInfo) GetAuthorizationInfoFromDictionary(
+        private AuthorizationInfo GetAuthorizationInfoFromDictionary(
             in Dictionary<string, string> auth,
             in IHeaderDictionary headers,
             in IQueryCollection queryString)
@@ -108,13 +101,14 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 Device = device,
                 DeviceId = deviceId,
                 Version = version,
-                Token = token
+                Token = token,
+                IsAuthenticated = false
             };
 
             if (string.IsNullOrWhiteSpace(token))
             {
                 // Request doesn't contain a token.
-                return (null, null);
+                return authInfo;
             }
 
             var result = _authRepo.Get(new AuthenticationInfoQuery
@@ -122,6 +116,11 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 AccessToken = token
             });
 
+            if (result.Items.Count > 0)
+            {
+                authInfo.IsAuthenticated = true;
+            }
+
             var originalAuthenticationInfo = result.Items.Count > 0 ? result.Items[0] : null;
 
             if (originalAuthenticationInfo != null)
@@ -197,7 +196,7 @@ namespace Emby.Server.Implementations.HttpServer.Security
                 }
             }
 
-            return (authInfo, originalAuthenticationInfo);
+            return authInfo;
         }
 
         /// <summary>

Jellyfin.Api/Auth/CustomAuthenticationHandler.cs

@@ -1,10 +1,10 @@
 using System.Globalization;
-using System.Security.Authentication;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Logging;

MediaBrowser.Controller/Net/AuthorizationInfo.cs

@@ -53,5 +53,10 @@ namespace MediaBrowser.Controller.Net
         /// Gets or sets the user making the request.
         /// </summary>
         public User User { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether the token is authenticated.
+        /// </summary>
+        public bool IsAuthenticated { get; set; }
     }
 }

tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs

@@ -8,6 +8,7 @@ using Jellyfin.Api.Auth;
 using Jellyfin.Api.Constants;
 using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
+using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Net;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Http;
@@ -68,14 +69,14 @@ namespace Jellyfin.Api.Tests.Auth
         }
 
         [Fact]
-        public async Task HandleAuthenticateAsyncShouldFailOnSecurityException()
+        public async Task HandleAuthenticateAsyncShouldFailOnAuthenticationException()
         {
             var errorMessage = _fixture.Create<string>();
 
             _jellyfinAuthServiceMock.Setup(
                     a => a.Authenticate(
                         It.IsAny<HttpRequest>()))
-                .Throws(new SecurityException(errorMessage));
+                .Throws(new AuthenticationException(errorMessage));
 
             var authenticateResult = await _sut.AuthenticateAsync();