< Summary - Jellyfin

Information

Class:	Jellyfin.Server.Implementations.Security.AuthorizationContext
Assembly:	Jellyfin.Server.Implementations
File(s):	/srv/git/jellyfin/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs

Line coverage

88%

Covered lines:	37
Uncovered lines:	5
Coverable lines:	42
Total lines:	319
Line coverage:	88%

Branch coverage

75%

Covered branches:	27
Total branches:	36
Branch coverage:	75%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Metrics

Method	Branch coverage	Crap Score	Cyclomatic complexity	Line coverage
.ctor(...)	100%	1	1	100%
GetAuthorizationInfo(...)	0%	20	4	0%
GetAuthorizationDictionary(...)	100%	6	6	100%
GetAuthorization(...)	37.5%	9	8	80%
GetParts(...)	100%	18	18	100%

File(s)

/srv/git/jellyfin/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs

#	Line	Line coverage
	`1`	`#pragma warning disable CS1591`
	`2`
	`3`	`using System;`
	`4`	`using System.Collections.Generic;`
	`5`	`using System.Net;`
	`6`	`using System.Threading.Tasks;`
	`7`	`using Jellyfin.Data.Queries;`
	`8`	`using Jellyfin.Database.Implementations;`
	`9`	`using Jellyfin.Extensions;`
	`10`	`using MediaBrowser.Controller;`
	`11`	`using MediaBrowser.Controller.Configuration;`
	`12`	`using MediaBrowser.Controller.Devices;`
	`13`	`using MediaBrowser.Controller.Library;`
	`14`	`using MediaBrowser.Controller.Net;`
	`15`	`using Microsoft.AspNetCore.Http;`
	`16`	`using Microsoft.EntityFrameworkCore;`
	`17`	`using Microsoft.Net.Http.Headers;`
	`18`
	`19`	`namespace Jellyfin.Server.Implementations.Security`
	`20`	`{`
	`21`	`public class AuthorizationContext : IAuthorizationContext`
	`22`	`{`
	`23`	`private readonly IDbContextFactory<JellyfinDbContext> _jellyfinDbProvider;`
	`24`	`private readonly IUserManager _userManager;`
	`25`	`private readonly IDeviceManager _deviceManager;`
	`26`	`private readonly IServerApplicationHost _serverApplicationHost;`
	`27`	`private readonly IServerConfigurationManager _configurationManager;`
	`28`
	`29`	`public AuthorizationContext(`
	`30`	`IDbContextFactory<JellyfinDbContext> jellyfinDb,`
	`31`	`IUserManager userManager,`
	`32`	`IDeviceManager deviceManager,`
	`33`	`IServerApplicationHost serverApplicationHost,`
	`34`	`IServerConfigurationManager configurationManager)`
	`35`	`{`
20	`36`	`_jellyfinDbProvider = jellyfinDb;`
20	`37`	`_userManager = userManager;`
20	`38`	`_deviceManager = deviceManager;`
20	`39`	`_serverApplicationHost = serverApplicationHost;`
20	`40`	`_configurationManager = configurationManager;`
20	`41`	`}`
	`42`
	`43`	`public Task<AuthorizationInfo> GetAuthorizationInfo(HttpContext requestContext)`
	`44`	`{`
0	`45`	`if (requestContext.Request.HttpContext.Items.TryGetValue("AuthorizationInfo", out var cached) && cached is n`
	`46`	`{`
0	`47`	`return Task.FromResult((AuthorizationInfo)cached); // Cache should never contain null`
	`48`	`}`
	`49`
0	`50`	`return GetAuthorization(requestContext);`
	`51`	`}`
	`52`
	`53`	`public async Task<AuthorizationInfo> GetAuthorizationInfo(HttpRequest requestContext)`
	`54`	`{`
	`55`	`var auth = GetAuthorizationDictionary(requestContext);`
	`56`	`var authInfo = await GetAuthorizationInfoFromDictionary(auth, requestContext.Headers, requestContext.Query).`
	`57`	`return authInfo;`
	`58`	`}`
	`59`
	`60`	`/// <summary>`
	`61`	`/// Gets the authorization.`
	`62`	`/// </summary>`
	`63`	`/// <param name="httpContext">The HTTP context.</param>`
	`64`	`/// <returns>Dictionary{System.StringSystem.String}.</returns>`
	`65`	`private async Task<AuthorizationInfo> GetAuthorization(HttpContext httpContext)`
	`66`	`{`
	`67`	`var authInfo = await GetAuthorizationInfo(httpContext.Request).ConfigureAwait(false);`
	`68`
	`69`	`httpContext.Request.HttpContext.Items["AuthorizationInfo"] = authInfo;`
	`70`	`return authInfo;`
	`71`	`}`
	`72`
	`73`	`private async Task<AuthorizationInfo> GetAuthorizationInfoFromDictionary(`
	`74`	`Dictionary<string, string>? auth,`
	`75`	`IHeaderDictionary headers,`
	`76`	`IQueryCollection queryString)`
	`77`	`{`
	`78`	`string? deviceId = null;`
	`79`	`string? deviceName = null;`
	`80`	`string? client = null;`
	`81`	`string? version = null;`
	`82`	`string? token = null;`
	`83`
	`84`	`if (auth is not null)`
	`85`	`{`
	`86`	`auth.TryGetValue("DeviceId", out deviceId);`
	`87`	`auth.TryGetValue("Device", out deviceName);`
	`88`	`auth.TryGetValue("Client", out client);`
	`89`	`auth.TryGetValue("Version", out version);`
	`90`	`auth.TryGetValue("Token", out token);`
	`91`	`}`
	`92`
	`93`	`if (_configurationManager.Configuration.EnableLegacyAuthorization && string.IsNullOrEmpty(token))`
	`94`	`{`
	`95`	`token = headers["X-Emby-Token"];`
	`96`	`}`
	`97`
	`98`	`if (_configurationManager.Configuration.EnableLegacyAuthorization && string.IsNullOrEmpty(token))`
	`99`	`{`
	`100`	`token = headers["X-MediaBrowser-Token"];`
	`101`	`}`
	`102`
	`103`	`if (string.IsNullOrEmpty(token))`
	`104`	`{`
	`105`	`token = queryString["ApiKey"];`
	`106`	`}`
	`107`
	`108`	`if (_configurationManager.Configuration.EnableLegacyAuthorization && string.IsNullOrEmpty(token))`
	`109`	`{`
	`110`	`token = queryString["api_key"];`
	`111`	`}`
	`112`
	`113`	`var authInfo = new AuthorizationInfo`
	`114`	`{`
	`115`	`Client = client,`
	`116`	`Device = deviceName,`
	`117`	`DeviceId = deviceId,`
	`118`	`Version = version,`
	`119`	`Token = token,`
	`120`	`IsAuthenticated = false`
	`121`	`};`
	`122`
	`123`	`if (!authInfo.HasToken)`
	`124`	`{`
	`125`	`// Request doesn't contain a token.`
	`126`	`return authInfo;`
	`127`	`}`
	`128`
	`129`	`var dbContext = await _jellyfinDbProvider.CreateDbContextAsync().ConfigureAwait(false);`
	`130`	`await using (dbContext.ConfigureAwait(false))`
	`131`	`{`
	`132`	`var device = _deviceManager.GetDevices(`
	`133`	`new DeviceQuery { AccessToken = token }).Items.FirstOrDefault();`
	`134`
	`135`	`if (device is not null)`
	`136`	`{`
	`137`	`authInfo.IsAuthenticated = true;`
	`138`	`var updateToken = false;`
	`139`
	`140`	`// TODO: Remove these checks for IsNullOrWhiteSpace`
	`141`	`if (string.IsNullOrWhiteSpace(authInfo.Client))`
	`142`	`{`
	`143`	`authInfo.Client = device.AppName;`
	`144`	`}`
	`145`
	`146`	`if (string.IsNullOrWhiteSpace(authInfo.DeviceId))`
	`147`	`{`
	`148`	`authInfo.DeviceId = device.DeviceId;`
	`149`	`}`
	`150`
	`151`	`// Temporary. TODO - allow clients to specify that the token has been shared with a casting device`
	`152`	`var allowTokenInfoUpdate = !authInfo.Client.Contains("chromecast", StringComparison.OrdinalIgnoreCas`
	`153`
	`154`	`if (string.IsNullOrWhiteSpace(authInfo.Device))`
	`155`	`{`
	`156`	`authInfo.Device = device.DeviceName;`
	`157`	`}`
	`158`	`else if (!string.Equals(authInfo.Device, device.DeviceName, StringComparison.OrdinalIgnoreCase))`
	`159`	`{`
	`160`	`if (allowTokenInfoUpdate)`
	`161`	`{`
	`162`	`updateToken = true;`
	`163`	`device.DeviceName = authInfo.Device;`
	`164`	`}`
	`165`	`}`
	`166`
	`167`	`if (string.IsNullOrWhiteSpace(authInfo.Version))`
	`168`	`{`
	`169`	`authInfo.Version = device.AppVersion;`
	`170`	`}`
	`171`	`else if (!string.Equals(authInfo.Version, device.AppVersion, StringComparison.OrdinalIgnoreCase))`
	`172`	`{`
	`173`	`if (allowTokenInfoUpdate)`
	`174`	`{`
	`175`	`updateToken = true;`
	`176`	`device.AppVersion = authInfo.Version;`
	`177`	`}`
	`178`	`}`
	`179`
	`180`	`if ((DateTime.UtcNow - device.DateLastActivity).TotalMinutes > 3)`
	`181`	`{`
	`182`	`device.DateLastActivity = DateTime.UtcNow;`
	`183`	`updateToken = true;`
	`184`	`}`
	`185`
	`186`	`authInfo.User = _userManager.GetUserById(device.UserId);`
	`187`
	`188`	`if (updateToken)`
	`189`	`{`
	`190`	`await _deviceManager.UpdateDevice(device).ConfigureAwait(false);`
	`191`	`}`
	`192`	`}`
	`193`	`else`
	`194`	`{`
	`195`	`var key = await dbContext.ApiKeys.FirstOrDefaultAsync(apiKey => apiKey.AccessToken == token).Configu`
	`196`	`if (key is not null)`
	`197`	`{`
	`198`	`authInfo.IsAuthenticated = true;`
	`199`	`authInfo.Client = key.Name;`
	`200`	`authInfo.Token = key.AccessToken;`
	`201`	`if (string.IsNullOrWhiteSpace(authInfo.DeviceId))`
	`202`	`{`
	`203`	`authInfo.DeviceId = _serverApplicationHost.SystemId;`
	`204`	`}`
	`205`
	`206`	`if (string.IsNullOrWhiteSpace(authInfo.Device))`
	`207`	`{`
	`208`	`authInfo.Device = _serverApplicationHost.Name;`
	`209`	`}`
	`210`
	`211`	`if (string.IsNullOrWhiteSpace(authInfo.Version))`
	`212`	`{`
	`213`	`authInfo.Version = _serverApplicationHost.ApplicationVersionString;`
	`214`	`}`
	`215`
	`216`	`authInfo.IsApiKey = true;`
	`217`	`}`
	`218`	`}`
	`219`
	`220`	`return authInfo;`
	`221`	`}`
	`222`	`}`
	`223`
	`224`	`/// <summary>`
	`225`	`/// Gets the auth.`
	`226`	`/// </summary>`
	`227`	`/// <param name="httpReq">The HTTP request.</param>`
	`228`	`/// <returns>Dictionary{System.StringSystem.String}.</returns>`
	`229`	`private Dictionary<string, string>? GetAuthorizationDictionary(HttpRequest httpReq)`
	`230`	`{`
187	`231`	`var auth = httpReq.Headers[HeaderNames.Authorization];`
	`232`
187	`233`	`if (_configurationManager.Configuration.EnableLegacyAuthorization && string.IsNullOrEmpty(auth))`
	`234`	`{`
59	`235`	`auth = httpReq.Headers["X-Emby-Authorization"];`
	`236`	`}`
	`237`
187	`238`	`return auth.Count > 0 ? GetAuthorization(auth[0]) : null;`
	`239`	`}`
	`240`
	`241`	`/// <summary>`
	`242`	`/// Gets the authorization.`
	`243`	`/// </summary>`
	`244`	`/// <param name="authorizationHeader">The authorization header.</param>`
	`245`	`/// <returns>Dictionary{System.StringSystem.String}.</returns>`
	`246`	`private Dictionary<string, string>? GetAuthorization(ReadOnlySpan<char> authorizationHeader)`
	`247`	`{`
128	`248`	`var firstSpace = authorizationHeader.IndexOf(' ');`
	`249`
	`250`	`// There should be at least two parts`
128	`251`	`if (firstSpace == -1)`
	`252`	`{`
0	`253`	`return null;`
	`254`	`}`
	`255`
128	`256`	`var name = authorizationHeader[..firstSpace];`
	`257`
128	`258`	`var validName = name.Equals("MediaBrowser", StringComparison.OrdinalIgnoreCase);`
128	`259`	`validName = validName \|\| (_configurationManager.Configuration.EnableLegacyAuthorization && name.Equals("Emby`
	`260`
128	`261`	`if (!validName)`
	`262`	`{`
0	`263`	`return null;`
	`264`	`}`
	`265`
	`266`	`// Remove up until the first space`
128	`267`	`authorizationHeader = authorizationHeader[(firstSpace + 1)..];`
128	`268`	`return GetParts(authorizationHeader);`
	`269`	`}`
	`270`
	`271`	`/// <summary>`
	`272`	`/// Get the authorization header components.`
	`273`	`/// </summary>`
	`274`	`/// <param name="authorizationHeader">The authorization header.</param>`
	`275`	`/// <returns>Dictionary{System.StringSystem.String}.</returns>`
	`276`	`public static Dictionary<string, string> GetParts(ReadOnlySpan<char> authorizationHeader)`
	`277`	`{`
133	`278`	`var result = new Dictionary<string, string>();`
133	`279`	`var escaped = false;`
133	`280`	`int start = 0;`
133	`281`	`string key = string.Empty;`
	`282`
	`283`	`int i;`
34666	`284`	`for (i = 0; i < authorizationHeader.Length; i++)`
	`285`	`{`
17200	`286`	`var token = authorizationHeader[i];`
17200	`287`	`if (token == '"' \|\| token == ',')`
	`288`	`{`
	`289`	`// Applying a XOR logic to evaluate whether it is opening or closing a value`
1523	`290`	`escaped = (!escaped) == (token == '"');`
1523	`291`	`if (token == ',' && !escaped)`
	`292`	`{`
	`293`	`// Meeting a comma after a closing escape char means the value is complete`
485	`294`	`if (start < i)`
	`295`	`{`
485	`296`	`result[key] = WebUtility.UrlDecode(authorizationHeader[start..i].Trim('"').ToString());`
485	`297`	`key = string.Empty;`
	`298`	`}`
	`299`
485	`300`	`start = i + 1;`
	`301`	`}`
	`302`	`}`
15677	`303`	`else if (!escaped && token == '=')`
	`304`	`{`
618	`305`	`key = authorizationHeader[start.. i].Trim().ToString();`
618	`306`	`start = i + 1;`
	`307`	`}`
	`308`	`}`
	`309`
	`310`	`// Add last value`
133	`311`	`if (start < i)`
	`312`	`{`
133	`313`	`result[key] = WebUtility.UrlDecode(authorizationHeader[start..i].Trim('"').ToString());`
	`314`	`}`
	`315`
133	`316`	`return result;`
	`317`	`}`
	`318`	`}`
	`319`	`}`

< Summary - Jellyfin

Coverage history

Metrics

File(s)

/srv/git/jellyfin/Jellyfin.Server.Implementations/Security/AuthorizationContext.cs

Methods/Properties