< Summary - Jellyfin

Information
Class: Jellyfin.Api.Auth.CustomAuthenticationHandler
Assembly: Jellyfin.Api
File(s): /srv/git/jellyfin/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs
Line coverage
96%
Covered lines: 31
Uncovered lines: 1
Coverable lines: 32
Total lines: 90
Line coverage: 96.8%
Branch coverage
65%
Covered branches: 13
Total branches: 20
Branch coverage: 65%
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 1/23/2026 - 12:11:06 AM Line coverage: 100% (4/4) Total lines: 904/19/2026 - 12:14:27 AM Line coverage: 96.8% (31/32) Branch coverage: 65% (13/20) Total lines: 90 4/19/2026 - 12:14:27 AM Line coverage: 96.8% (31/32) Branch coverage: 65% (13/20) Total lines: 90

Coverage delta

Coverage delta 4 -4

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%
HandleAuthenticateAsync()65%202092.85%

File(s)

/srv/git/jellyfin/Jellyfin.Api/Auth/CustomAuthenticationHandler.cs

#LineLine coverage
 1using System.Globalization;
 2using System.Security.Claims;
 3using System.Text.Encodings.Web;
 4using System.Threading.Tasks;
 5using Jellyfin.Api.Constants;
 6using Jellyfin.Data;
 7using Jellyfin.Database.Implementations.Enums;
 8using MediaBrowser.Controller.Authentication;
 9using MediaBrowser.Controller.Net;
 10using Microsoft.AspNetCore.Authentication;
 11using Microsoft.Extensions.Logging;
 12using Microsoft.Extensions.Options;
 13
 14namespace Jellyfin.Api.Auth
 15{
 16    /// <summary>
 17    /// Custom authentication handler wrapping the legacy authentication.
 18    /// </summary>
 19    public class CustomAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
 20    {
 21        private readonly IAuthService _authService;
 22        private readonly ILogger<CustomAuthenticationHandler> _logger;
 23
 24        /// <summary>
 25        /// Initializes a new instance of the <see cref="CustomAuthenticationHandler" /> class.
 26        /// </summary>
 27        /// <param name="authService">The jellyfin authentication service.</param>
 28        /// <param name="options">Options monitor.</param>
 29        /// <param name="logger">The logger.</param>
 30        /// <param name="encoder">The url encoder.</param>
 31        public CustomAuthenticationHandler(
 32            IAuthService authService,
 33            IOptionsMonitor<AuthenticationSchemeOptions> options,
 34            ILoggerFactory logger,
 35            UrlEncoder encoder)
 17536            : base(options, logger, encoder)
 37        {
 17538            _authService = authService;
 17539            _logger = logger.CreateLogger<CustomAuthenticationHandler>();
 17540        }
 41
 42        /// <inheritdoc />
 43        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 44        {
 45            try
 46            {
 17547                var authorizationInfo = await _authService.Authenticate(Request).ConfigureAwait(false);
 17448                if (!authorizationInfo.HasToken)
 49                {
 7350                    return AuthenticateResult.NoResult();
 51                }
 52
 10153                var role = UserRoles.User;
 10154                if (authorizationInfo.IsApiKey
 10155                    || (authorizationInfo.User?.HasPermission(PermissionKind.IsAdministrator) ?? false))
 56                {
 9757                    role = UserRoles.Administrator;
 58                }
 59
 10160                var claims = new[]
 10161                {
 10162                    new Claim(ClaimTypes.Name, authorizationInfo.User?.Username ?? string.Empty),
 10163                    new Claim(ClaimTypes.Role, role),
 10164                    new Claim(InternalClaimTypes.UserId, authorizationInfo.UserId.ToString("N", CultureInfo.InvariantCul
 10165                    new Claim(InternalClaimTypes.DeviceId, authorizationInfo.DeviceId ?? string.Empty),
 10166                    new Claim(InternalClaimTypes.Device, authorizationInfo.Device ?? string.Empty),
 10167                    new Claim(InternalClaimTypes.Client, authorizationInfo.Client ?? string.Empty),
 10168                    new Claim(InternalClaimTypes.Version, authorizationInfo.Version ?? string.Empty),
 10169                    new Claim(InternalClaimTypes.Token, authorizationInfo.Token),
 10170                    new Claim(InternalClaimTypes.IsApiKey, authorizationInfo.IsApiKey.ToString(CultureInfo.InvariantCult
 10171                };
 72
 10173                var identity = new ClaimsIdentity(claims, Scheme.Name);
 10174                var principal = new ClaimsPrincipal(identity);
 10175                var ticket = new AuthenticationTicket(principal, Scheme.Name);
 76
 10177                return AuthenticateResult.Success(ticket);
 78            }
 179            catch (AuthenticationException ex)
 80            {
 181                _logger.LogDebug(ex, "Error authenticating with {Handler}", nameof(CustomAuthenticationHandler));
 182                return AuthenticateResult.NoResult();
 83            }
 84            catch (SecurityException ex)
 85            {
 086                return AuthenticateResult.Fail(ex);
 87            }
 17588        }
 89    }
 90}
Generated by: ReportGenerator 5.5.7.0
5/6/2026 - 12:15:24 AM
GitHub | reportgenerator.io

Methods/Properties

.ctor(MediaBrowser.Controller.Net.IAuthService,Microsoft.Extensions.Options.IOptionsMonitor`1<Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions>,Microsoft.Extensions.Logging.ILoggerFactory,System.Text.Encodings.Web.UrlEncoder)
HandleAuthenticateAsync()