< Summary - Jellyfin

Information
Class: Jellyfin.Api.Auth.CustomAuthenticationHandler
Assembly: Jellyfin.Api
File(s): /srv/git/jellyfin/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
Line coverage
96%
Covered lines: 31
Uncovered lines: 1
Coverable lines: 32
Total lines: 90
Line coverage: 96.8%
Branch coverage
65%
Covered branches: 13
Total branches: 20
Branch coverage: 65%
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 4/8/2026 - 12:11:47 AM Line coverage: 100% (4/4) Total lines: 904/19/2026 - 12:14:27 AM Line coverage: 96.8% (31/32) Branch coverage: 65% (13/20) Total lines: 90 4/19/2026 - 12:14:27 AM Line coverage: 96.8% (31/32) Branch coverage: 65% (13/20) Total lines: 90

Coverage delta

Coverage delta 4 -4

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%
HandleAuthenticateAsync()65%202092.85%

File(s)

/srv/git/jellyfin/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs

#LineLine coverage
 1using System.Globalization;
 2using System.Security.Claims;
 3using System.Text.Encodings.Web;
 4using System.Threading.Tasks;
 5using Jellyfin.Api.Constants;
 6using Jellyfin.Data;
 7using Jellyfin.Database.Implementations.Enums;
 8using MediaBrowser.Controller.Authentication;
 9using MediaBrowser.Controller.Net;
 10using Microsoft.AspNetCore.Authentication;
 11using Microsoft.Extensions.Logging;
 12using Microsoft.Extensions.Options;
 13
 14namespace Jellyfin.Api.Auth
 15{
 16    /// <summary>
 17    /// Custom authentication handler wrapping the legacy authentication.
 18    /// </summary>
 19    public class CustomAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 20    {
 21        private readonly IAuthService _authService;
 22        private readonly ILogger<CustomAuthenticationHandler> _logger;
 23
 24        /// <summary>
 25        /// Initializes a new instance of the <see cref="CustomAuthenticationHandler" /> class.
 26        /// </summary>
 27        /// <param name="authService">The jellyfin authentication service.</param>
 28        /// <param name="options">Options monitor.</param>
 29        /// <param name="logger">The logger.</param>
 30        /// <param name="encoder">The url encoder.</param>
 31        public CustomAuthenticationHandler(
 32            IAuthService authService,
 33            IOptionsMonitor<AuthenticationSchemeOptions> options,
 34            ILoggerFactory logger,
 35            UrlEncoder encoder)
 20636            : base(options, logger, encoder)
 37        {
 20638            _authService = authService;
 20639            _logger = logger.CreateLogger<CustomAuthenticationHandler>();
 20640        }
 41
 42        /// <inheritdoc />
 43        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 44        {
 45            try
 46            {
 20647                var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
 20548                if (!authorizationInfo.HasToken)
 49                {
 7650                    return AuthenticateResult.NoResult();
 51                }
 52
 12953                var role = UserRoles.User;
 12954                if (authorizationInfo.IsApiKey
 12955                    || (authorizationInfo.User?.HasPermission(PermissionKind.IsAdministrator) ?? false))
 56                {
 12557                    role = UserRoles.Administrator;
 58                }
 59
 12960                var claims = new[]
 12961                {
 12962                    new Claim(ClaimTypes.Name, authorizationInfo.User?.Username ?? string.Empty),
 12963                    new Claim(ClaimTypes.Role, role),
 12964                    new Claim(InternalClaimTypes.UserId, authorizationInfo.UserId.ToString("N", CultureInfo.InvariantCul
 12965                    new Claim(InternalClaimTypes.DeviceId, authorizationInfo.DeviceId ?? string.Empty),
 12966                    new Claim(InternalClaimTypes.Device, authorizationInfo.Device ?? string.Empty),
 12967                    new Claim(InternalClaimTypes.Client, authorizationInfo.Client ?? string.Empty),
 12968                    new Claim(InternalClaimTypes.Version, authorizationInfo.Version ?? string.Empty),
 12969                    new Claim(InternalClaimTypes.Token, authorizationInfo.Token),
 12970                    new Claim(InternalClaimTypes.IsApiKey, authorizationInfo.IsApiKey.ToString(CultureInfo.InvariantCult
 12971                };
 72
 12973                var identity = new ClaimsIdentity(claims, Scheme.Name);
 12974                var principal = new ClaimsPrincipal(identity);
 12975                var ticket = new AuthenticationTicket(principal, Scheme.Name);
 76
 12977                return AuthenticateResult.Success(ticket);
 78            }
 179            catch (AuthenticationException ex)
 80            {
 181                _logger.LogDebug(ex, "Error authenticating with {Handler}", nameof(CustomAuthenticationHandler));
 182                return AuthenticateResult.NoResult();
 83            }
 84            catch (SecurityException ex)
 85            {
 086                return AuthenticateResult.Fail(ex);
 87            }
 20688        }
 89    }
 90}