< Summary - Jellyfin

Information

Class:	Jellyfin.Server.Implementations.Users.UserManager
Assembly:	Jellyfin.Server.Implementations
File(s):	/srv/git/jellyfin/Jellyfin.Server.Implementations/Users/UserManager.cs

Line coverage

54%

Covered lines:	323
Uncovered lines:	274
Coverable lines:	597
Total lines:	1113
Line coverage:	54.1%

Branch coverage

46%

Covered branches:	90
Total branches:	194
Branch coverage:	46.3%

Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage delta

Metrics

Method	Branch coverage	Crap Score	Cyclomatic complexity	Line coverage
.ctor(...)	100%	1	1	100%
GetUsers()	100%	1	1	100%
GetUsersIds()	100%	2	1	0%
GetUserById(...)	50%	2	2	83.33%
UserQuery(...)	100%	1	1	100%
GetFirstUser()	100%	1	1	100%
GetUserByName(...)	50%	2	2	83.33%
RenameUser()	62.5%	8	8	96.29%
UpdateUserAsync()	62.5%	24	16	68.75%
CreateUserInternalAsync()	100%	2	2	100%
CreateUserAsync()	100%	2	2	100%
DeleteUserAsync()	0%	72	8	0%
ResetPassword(...)	100%	2	1	0%
ChangePassword()	66.66%	6	6	93.75%
GetUserDto(...)	28.57%	14	14	100%
AuthenticateUser()	63.79%	785	58	40%
StartForgotPasswordProcess()	0%	20	4	0%
RedeemPasswordResetPin()	0%	20	4	0%
InitializeAsync()	66.66%	6	6	92.85%
GetAuthenticationProviders()	100%	2	1	0%
GetPasswordResetProviders()	100%	2	1	0%
UpdateConfigurationAsync()	0%	72	8	0%
UpdatePolicyAsync()	0%	156	12	0%
ClearProfileImageAsync()	0%	20	4	0%
ThrowIfInvalidUsername(...)	100%	4	4	100%
GetAuthenticationProvider(...)	100%	1	1	100%
GetPasswordResetProvider(...)	0%	6	2	0%
GetAuthenticationProviders(...)	30%	29	10	42.85%
GetPasswordResetProviders(...)	0%	20	4	0%
AuthenticateLocalUser()	75%	4	4	92.85%
AuthenticateWithProvider()	50%	6	4	54.54%
UpdateUserInternalAsync()	100%	1	1	100%
Dispose()	100%	1	1	100%
Dispose(...)	50%	2	2	100%
.ctor()	100%	1	1	100%
.cctor()	100%	1	1	100%
ShouldLock()	100%	1	1	100%
LockAsync(...)	100%	2	2	100%
AcquireLockAsync()	100%	1	1	100%
Dispose()	100%	2	2	100%
ThrowIfDisposed()	100%	1	1	100%
Dispose()	75%	4	4	80%

File(s)

/srv/git/jellyfin/Jellyfin.Server.Implementations/Users/UserManager.cs

#	Line	Line coverage
	`1`	`#pragma warning disable RS0030 // Do not use banned APIs`
	`2`
	`3`	`using System;`
	`4`	`using System.Collections.Generic;`
	`5`	`using System.Globalization;`
	`6`	`using System.Linq;`
	`7`	`using System.Text.RegularExpressions;`
	`8`	`using System.Threading;`
	`9`	`using System.Threading.Tasks;`
	`10`	`using AsyncKeyedLock;`
	`11`	`using Jellyfin.Data;`
	`12`	`using Jellyfin.Data.Enums;`
	`13`	`using Jellyfin.Data.Events;`
	`14`	`using Jellyfin.Data.Events.Users;`
	`15`	`using Jellyfin.Database.Implementations;`
	`16`	`using Jellyfin.Database.Implementations.Entities;`
	`17`	`using Jellyfin.Database.Implementations.Enums;`
	`18`	`using Jellyfin.Extensions;`
	`19`	`using MediaBrowser.Common;`
	`20`	`using MediaBrowser.Common.Extensions;`
	`21`	`using MediaBrowser.Common.Net;`
	`22`	`using MediaBrowser.Controller.Authentication;`
	`23`	`using MediaBrowser.Controller.Configuration;`
	`24`	`using MediaBrowser.Controller.Drawing;`
	`25`	`using MediaBrowser.Controller.Events;`
	`26`	`using MediaBrowser.Controller.Library;`
	`27`	`using MediaBrowser.Controller.Net;`
	`28`	`using MediaBrowser.Model.Configuration;`
	`29`	`using MediaBrowser.Model.Dto;`
	`30`	`using MediaBrowser.Model.Users;`
	`31`	`using Microsoft.EntityFrameworkCore;`
	`32`	`using Microsoft.Extensions.Logging;`
	`33`
	`34`	`namespace Jellyfin.Server.Implementations.Users`
	`35`	`{`
	`36`	`/// <summary>`
	`37`	`/// Manages the creation and retrieval of <see cref="User"/> instances.`
	`38`	`/// </summary>`
	`39`	`public partial class UserManager : IUserManager, IDisposable`
	`40`	`{`
	`41`	`private readonly IDbContextFactory<JellyfinDbContext> _dbProvider;`
	`42`	`private readonly IEventManager _eventManager;`
	`43`	`private readonly INetworkManager _networkManager;`
	`44`	`private readonly IApplicationHost _appHost;`
	`45`	`private readonly IImageProcessor _imageProcessor;`
	`46`	`private readonly ILogger<UserManager> _logger;`
	`47`	`private readonly IReadOnlyCollection<IPasswordResetProvider> _passwordResetProviders;`
	`48`	`private readonly IReadOnlyCollection<IAuthenticationProvider> _authenticationProviders;`
	`49`	`private readonly InvalidAuthProvider _invalidAuthProvider;`
	`50`	`private readonly DefaultAuthenticationProvider _defaultAuthenticationProvider;`
	`51`	`private readonly DefaultPasswordResetProvider _defaultPasswordResetProvider;`
	`52`	`private readonly IServerConfigurationManager _serverConfigurationManager;`
	`53`
46	`54`	`private readonly LockHelper _userLock = new();`
	`55`
	`56`	`/// <summary>`
	`57`	`/// Initializes a new instance of the <see cref="UserManager"/> class.`
	`58`	`/// </summary>`
	`59`	`/// <param name="dbProvider">The database provider.</param>`
	`60`	`/// <param name="eventManager">The event manager.</param>`
	`61`	`/// <param name="networkManager">The network manager.</param>`
	`62`	`/// <param name="appHost">The application host.</param>`
	`63`	`/// <param name="imageProcessor">The image processor.</param>`
	`64`	`/// <param name="logger">The logger.</param>`
	`65`	`/// <param name="serverConfigurationManager">The system config manager.</param>`
	`66`	`/// <param name="passwordResetProviders">The password reset providers.</param>`
	`67`	`/// <param name="authenticationProviders">The authentication providers.</param>`
	`68`	`public UserManager(`
	`69`	`IDbContextFactory<JellyfinDbContext> dbProvider,`
	`70`	`IEventManager eventManager,`
	`71`	`INetworkManager networkManager,`
	`72`	`IApplicationHost appHost,`
	`73`	`IImageProcessor imageProcessor,`
	`74`	`ILogger<UserManager> logger,`
	`75`	`IServerConfigurationManager serverConfigurationManager,`
	`76`	`IEnumerable<IPasswordResetProvider> passwordResetProviders,`
	`77`	`IEnumerable<IAuthenticationProvider> authenticationProviders)`
	`78`	`{`
46	`79`	`_dbProvider = dbProvider;`
46	`80`	`_eventManager = eventManager;`
46	`81`	`_networkManager = networkManager;`
46	`82`	`_appHost = appHost;`
46	`83`	`_imageProcessor = imageProcessor;`
46	`84`	`_logger = logger;`
46	`85`	`_serverConfigurationManager = serverConfigurationManager;`
	`86`
46	`87`	`_passwordResetProviders = passwordResetProviders.ToList();`
46	`88`	`_authenticationProviders = authenticationProviders.ToList();`
	`89`
46	`90`	`_invalidAuthProvider = _authenticationProviders.OfType<InvalidAuthProvider>().First();`
46	`91`	`_defaultAuthenticationProvider = _authenticationProviders.OfType<DefaultAuthenticationProvider>().First();`
46	`92`	`_defaultPasswordResetProvider = _passwordResetProviders.OfType<DefaultPasswordResetProvider>().First();`
46	`93`	`}`
	`94`
	`95`	`/// <inheritdoc/>`
	`96`	`public event EventHandler<GenericEventArgs<User>>? OnUserUpdated;`
	`97`
	`98`	`/// <inheritdoc/>`
	`99`	`public IEnumerable<User> GetUsers()`
	`100`	`{`
3	`101`	`using var dbContext = _dbProvider.CreateDbContext();`
3	`102`	`return UserQuery(dbContext)`
3	`103`	`.ToArray();`
3	`104`	`}`
	`105`
	`106`	`/// <inheritdoc/>`
	`107`	`public IEnumerable<Guid> GetUsersIds()`
	`108`	`{`
0	`109`	`using var dbContext = _dbProvider.CreateDbContext();`
0	`110`	`return dbContext.Users`
0	`111`	`.AsNoTracking()`
0	`112`	`.Select(user => user.Id)`
0	`113`	`.ToArray();`
0	`114`	`}`
	`115`
	`116`	`// This is some regex that matches only on unicode "word" characters, as well as -, _ and @`
	`117`	`// In theory this will cut out most if not all 'control' characters which should help minimize any weirdness`
	`118`	`// Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), at-signs (@), dashes`
	`119`	`[GeneratedRegex(@"^(?!\s)[\w\ \-'._@+]+(?<!\s)$")]`
	`120`	`private static partial Regex ValidUsernameRegex();`
	`121`
	`122`	`/// <inheritdoc/>`
	`123`	`public User? GetUserById(Guid id)`
	`124`	`{`
244	`125`	`if (id.IsEmpty())`
	`126`	`{`
0	`127`	`throw new ArgumentException("Guid can't be empty", nameof(id));`
	`128`	`}`
	`129`
244	`130`	`using var dbContext = _dbProvider.CreateDbContext();`
244	`131`	`return UserQuery(dbContext)`
244	`132`	`.FirstOrDefault(user => user.Id == id);`
244	`133`	`}`
	`134`
	`135`	`private static IQueryable<User> UserQuery(JellyfinDbContext dbContext)`
	`136`	`{`
367	`137`	`return dbContext.Users`
367	`138`	`.AsSingleQuery()`
367	`139`	`.Include(user => user.Permissions)`
367	`140`	`.Include(user => user.Preferences)`
367	`141`	`.Include(user => user.AccessSchedules)`
367	`142`	`.Include(user => user.ProfileImage)`
367	`143`	`.AsNoTracking();`
	`144`	`}`
	`145`
	`146`	`/// <inheritdoc/>`
	`147`	`public User? GetFirstUser()`
	`148`	`{`
18	`149`	`using var dbContext = _dbProvider.CreateDbContext();`
18	`150`	`return UserQuery(dbContext).FirstOrDefault();`
18	`151`	`}`
	`152`
	`153`	`/// <inheritdoc/>`
	`154`	`public User? GetUserByName(string name)`
	`155`	`{`
48	`156`	`if (string.IsNullOrWhiteSpace(name))`
	`157`	`{`
0	`158`	`throw new ArgumentException("Invalid username", nameof(name));`
	`159`	`}`
	`160`
48	`161`	`using var dbContext = _dbProvider.CreateDbContext();`
	`162`	`#pragma warning disable CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
48	`163`	`return UserQuery(dbContext)`
48	`164`	`.FirstOrDefault(u => u.NormalizedUsername == name.ToUpperInvariant());`
	`165`	`#pragma warning restore CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
48	`166`	`}`
	`167`
	`168`	`/// <inheritdoc/>`
	`169`	`public async Task RenameUser(Guid userId, string oldName, string newName)`
	`170`	`{`
9	`171`	`ThrowIfInvalidUsername(newName);`
	`172`
9	`173`	`if (oldName.Equals(newName, StringComparison.OrdinalIgnoreCase))`
	`174`	`{`
0	`175`	`throw new ArgumentException("The new and old names must be different.");`
	`176`	`}`
	`177`
9	`178`	`User user = null!; // user is never actually null where its used afterwards so we can just ignore.`
9	`179`	`using (await _userLock.LockAsync(userId).ConfigureAwait(false))`
	`180`	`{`
9	`181`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
9	`182`	`await using (dbContext.ConfigureAwait(false))`
	`183`	`{`
	`184`	`#pragma warning disable CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
9	`185`	`if (await dbContext.Users`
9	`186`	`.AnyAsync(u => u.NormalizedUsername == newName.ToUpperInvariant() && u.Id != userId)`
9	`187`	`.ConfigureAwait(false))`
	`188`	`{`
4	`189`	`throw new ArgumentException(string.Format(`
4	`190`	`CultureInfo.InvariantCulture,`
4	`191`	`"A user with the name '{0}' already exists.",`
4	`192`	`newName));`
	`193`	`}`
	`194`	`#pragma warning restore CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
	`195`
5	`196`	`user = await UserQuery(dbContext)`
5	`197`	`.AsTracking()`
5	`198`	`.FirstOrDefaultAsync(u => u.Id == userId)`
5	`199`	`.ConfigureAwait(false)`
5	`200`	`?? throw new ResourceNotFoundException(nameof(userId));`
5	`201`	`user.Username = newName;`
5	`202`	`user.NormalizedUsername = newName.ToUpperInvariant();`
5	`203`	`await UpdateUserInternalAsync(dbContext, user).ConfigureAwait(false);`
	`204`	`}`
5	`205`	`}`
	`206`
5	`207`	`var eventArgs = new UserUpdatedEventArgs(user);`
5	`208`	`await _eventManager.PublishAsync(eventArgs).ConfigureAwait(false);`
5	`209`	`OnUserUpdated?.Invoke(this, eventArgs);`
5	`210`	`}`
	`211`
	`212`	`/// <inheritdoc/>`
	`213`	`public async Task UpdateUserAsync(User user)`
	`214`	`{`
16	`215`	`using (await _userLock.LockAsync(user.Id).ConfigureAwait(false))`
	`216`	`{`
16	`217`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
16	`218`	`await using (dbContext.ConfigureAwait(false))`
	`219`	`{`
	`220`	`// TODO: this is a bit of a hack. Because the user entity can be created in another context, it is m`
16	`221`	`var dbUser = await UserQuery(dbContext)`
16	`222`	`.AsTracking()`
16	`223`	`.FirstOrDefaultAsync(u => u.Id == user.Id)`
16	`224`	`.ConfigureAwait(false)`
16	`225`	`?? throw new ResourceNotFoundException(nameof(user.Id));`
	`226`
16	`227`	`dbContext.Entry(dbUser).CurrentValues.SetValues(user);`
16	`228`	`dbUser.Permissions.Clear();`
800	`229`	`foreach (var permission in user.Permissions)`
	`230`	`{`
384	`231`	`dbUser.Permissions.Add(new Permission(permission.Kind, permission.Value));`
	`232`	`}`
	`233`
16	`234`	`dbUser.Preferences.Clear();`
448	`235`	`foreach (var preference in user.Preferences)`
	`236`	`{`
208	`237`	`dbUser.Preferences.Add(new Preference(preference.Kind, preference.Value));`
	`238`	`}`
	`239`
16	`240`	`dbUser.AccessSchedules.Clear();`
32	`241`	`foreach (var accessSchedule in user.AccessSchedules)`
	`242`	`{`
0	`243`	`dbUser.AccessSchedules.Add(new AccessSchedule(accessSchedule.DayOfWeek, accessSchedule.StartHour`
	`244`	`}`
	`245`
16	`246`	`if (user.ProfileImage is null)`
	`247`	`{`
16	`248`	`if (dbUser.ProfileImage is not null)`
	`249`	`{`
0	`250`	`dbContext.Remove(dbUser.ProfileImage);`
0	`251`	`dbUser.ProfileImage = null;`
	`252`	`}`
	`253`	`}`
0	`254`	`else if (dbUser.ProfileImage is null)`
	`255`	`{`
0	`256`	`dbUser.ProfileImage = new Jellyfin.Database.Implementations.Entities.ImageInfo(user.ProfileImage`
0	`257`	`{`
0	`258`	`LastModified = user.ProfileImage.LastModified`
0	`259`	`};`
	`260`	`}`
	`261`	`else`
	`262`	`{`
0	`263`	`dbUser.ProfileImage.Path = user.ProfileImage.Path;`
0	`264`	`dbUser.ProfileImage.LastModified = user.ProfileImage.LastModified;`
	`265`	`}`
	`266`
16	`267`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`268`	`}`
16	`269`	`}`
16	`270`	`}`
	`271`
	`272`	`internal async Task<User> CreateUserInternalAsync(string name, JellyfinDbContext dbContext)`
	`273`	`{`
	`274`	`// TODO: Remove after user item data is migrated.`
47	`275`	`var max = await dbContext.Users.AsQueryable().AnyAsync().ConfigureAwait(false)`
47	`276`	`? await dbContext.Users.AsQueryable().Select(u => u.InternalId).MaxAsync().ConfigureAwait(false)`
47	`277`	`: 0;`
	`278`
47	`279`	`var user = new User(`
47	`280`	`name,`
47	`281`	`_defaultAuthenticationProvider.GetType().FullName!,`
47	`282`	`_defaultPasswordResetProvider.GetType().FullName!)`
47	`283`	`{`
47	`284`	`InternalId = max + 1`
47	`285`	`};`
	`286`
47	`287`	`user.AddDefaultPermissions();`
47	`288`	`user.AddDefaultPreferences();`
	`289`
47	`290`	`return user;`
47	`291`	`}`
	`292`
	`293`	`/// <inheritdoc/>`
	`294`	`public async Task<User> CreateUserAsync(string name)`
	`295`	`{`
36	`296`	`ThrowIfInvalidUsername(name);`
	`297`
	`298`	`User newUser;`
35	`299`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
35	`300`	`await using (dbContext.ConfigureAwait(false))`
	`301`	`{`
	`302`	`#pragma warning disable CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
35	`303`	`if (await dbContext.Users`
35	`304`	`.AnyAsync(u => u.NormalizedUsername == name.ToUpperInvariant())`
35	`305`	`.ConfigureAwait(false))`
	`306`	`{`
4	`307`	`throw new ArgumentException(string.Format(`
4	`308`	`CultureInfo.InvariantCulture,`
4	`309`	`"A user with the name '{0}' already exists.",`
4	`310`	`name));`
	`311`	`}`
	`312`	`#pragma warning restore CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
	`313`
31	`314`	`newUser = await CreateUserInternalAsync(name, dbContext).ConfigureAwait(false);`
	`315`
31	`316`	`dbContext.Users.Add(newUser);`
31	`317`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`318`	`}`
	`319`
31	`320`	`await _eventManager.PublishAsync(new UserCreatedEventArgs(newUser)).ConfigureAwait(false);`
	`321`
31	`322`	`return newUser;`
31	`323`	`}`
	`324`
	`325`	`/// <inheritdoc/>`
	`326`	`public async Task DeleteUserAsync(Guid userId)`
	`327`	`{`
	`328`	`User? user;`
0	`329`	`using (await _userLock.LockAsync(userId).ConfigureAwait(false))`
	`330`	`{`
0	`331`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
0	`332`	`await using (dbContext.ConfigureAwait(false))`
	`333`	`{`
0	`334`	`user = await dbContext.Users`
0	`335`	`.Include(u => u.Permissions)`
0	`336`	`.FirstOrDefaultAsync(u => u.Id.Equals(userId))`
0	`337`	`.ConfigureAwait(false);`
0	`338`	`if (user is null)`
	`339`	`{`
0	`340`	`throw new ResourceNotFoundException(nameof(userId));`
	`341`	`}`
	`342`
0	`343`	`var userCount = await dbContext.Users.CountAsync().ConfigureAwait(false);`
0	`344`	`if (userCount == 1)`
	`345`	`{`
0	`346`	`throw new InvalidOperationException(string.Format(`
0	`347`	`CultureInfo.InvariantCulture,`
0	`348`	`"The user '{0}' cannot be deleted because there must be at least one user in the system.",`
0	`349`	`user.Username));`
	`350`	`}`
	`351`
0	`352`	`if (user.HasPermission(PermissionKind.IsAdministrator)`
0	`353`	`&& await dbContext.Users`
0	`354`	`.CountAsync(i => i.Permissions.Any(p => p.Kind == PermissionKind.IsAdministrator && p.Value)`
0	`355`	`.ConfigureAwait(false) == 1)`
	`356`	`{`
0	`357`	`throw new ArgumentException(`
0	`358`	`string.Format(`
0	`359`	`CultureInfo.InvariantCulture,`
0	`360`	`"The user '{0}' cannot be deleted because there must be at least one admin user in the s`
0	`361`	`user.Username),`
0	`362`	`nameof(userId));`
	`363`	`}`
	`364`
0	`365`	`dbContext.Users.Remove(user);`
0	`366`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`367`	`}`
0	`368`	`}`
	`369`
0	`370`	`await _eventManager.PublishAsync(new UserDeletedEventArgs(user)).ConfigureAwait(false);`
0	`371`	`}`
	`372`
	`373`	`/// <inheritdoc/>`
	`374`	`public Task ResetPassword(Guid userId)`
	`375`	`{`
0	`376`	`return ChangePassword(userId, string.Empty);`
	`377`	`}`
	`378`
	`379`	`/// <inheritdoc/>`
	`380`	`public async Task ChangePassword(Guid userId, string newPassword)`
	`381`	`{`
3	`382`	`User dbUser = null!;`
3	`383`	`using (await _userLock.LockAsync(userId).ConfigureAwait(false))`
	`384`	`{`
3	`385`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
3	`386`	`await using (dbContext.ConfigureAwait(false))`
	`387`	`{`
3	`388`	`dbUser = await UserQuery(dbContext)`
3	`389`	`.AsTracking()`
3	`390`	`.FirstOrDefaultAsync(u => u.Id == userId)`
3	`391`	`.ConfigureAwait(false)`
3	`392`	`?? throw new ResourceNotFoundException(nameof(userId));`
3	`393`	`if (dbUser.HasPermission(PermissionKind.IsAdministrator) && string.IsNullOrWhiteSpace(newPassword))`
	`394`	`{`
0	`395`	`throw new ArgumentException("Admin user passwords must not be empty", nameof(newPassword));`
	`396`	`}`
	`397`
3	`398`	`await GetAuthenticationProvider(dbUser).ChangePassword(dbUser, newPassword).ConfigureAwait(false);`
3	`399`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`400`	`}`
3	`401`	`}`
	`402`
3	`403`	`await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(dbUser)).ConfigureAwait(false);`
3	`404`	`}`
	`405`
	`406`	`/// <inheritdoc/>`
	`407`	`public UserDto GetUserDto(User user, string? remoteEndPoint = null)`
	`408`	`{`
35	`409`	`var castReceiverApplications = _serverConfigurationManager.Configuration.CastReceiverApplications;`
35	`410`	`return new UserDto`
35	`411`	`{`
35	`412`	`Name = user.Username,`
35	`413`	`Id = user.Id,`
35	`414`	`ServerId = _appHost.SystemId,`
35	`415`	`EnableAutoLogin = user.EnableAutoLogin,`
35	`416`	`LastLoginDate = user.LastLoginDate,`
35	`417`	`LastActivityDate = user.LastActivityDate,`
35	`418`	`PrimaryImageTag = user.ProfileImage is not null ? _imageProcessor.GetImageCacheTag(user) : null,`
35	`419`	`Configuration = new UserConfiguration`
35	`420`	`{`
35	`421`	`SubtitleMode = user.SubtitleMode,`
35	`422`	`HidePlayedInLatest = user.HidePlayedInLatest,`
35	`423`	`EnableLocalPassword = user.EnableLocalPassword,`
35	`424`	`PlayDefaultAudioTrack = user.PlayDefaultAudioTrack,`
35	`425`	`DisplayCollectionsView = user.DisplayCollectionsView,`
35	`426`	`DisplayMissingEpisodes = user.DisplayMissingEpisodes,`
35	`427`	`AudioLanguagePreference = user.AudioLanguagePreference,`
35	`428`	`RememberAudioSelections = user.RememberAudioSelections,`
35	`429`	`EnableNextEpisodeAutoPlay = user.EnableNextEpisodeAutoPlay,`
35	`430`	`RememberSubtitleSelections = user.RememberSubtitleSelections,`
35	`431`	`SubtitleLanguagePreference = user.SubtitleLanguagePreference ?? string.Empty,`
35	`432`	`OrderedViews = user.GetPreferenceValues<Guid>(PreferenceKind.OrderedViews),`
35	`433`	`GroupedFolders = user.GetPreferenceValues<Guid>(PreferenceKind.GroupedFolders),`
35	`434`	`MyMediaExcludes = user.GetPreferenceValues<Guid>(PreferenceKind.MyMediaExcludes),`
35	`435`	`LatestItemsExcludes = user.GetPreferenceValues<Guid>(PreferenceKind.LatestItemExcludes),`
35	`436`	`CastReceiverId = string.IsNullOrEmpty(user.CastReceiverId)`
35	`437`	`? castReceiverApplications.FirstOrDefault()?.Id`
35	`438`	`: castReceiverApplications.FirstOrDefault(c => string.Equals(c.Id, user.CastReceiverId, StringCo`
35	`439`	`?? castReceiverApplications.FirstOrDefault()?.Id`
35	`440`	`},`
35	`441`	`Policy = new UserPolicy`
35	`442`	`{`
35	`443`	`MaxParentalRating = user.MaxParentalRatingScore,`
35	`444`	`MaxParentalSubRating = user.MaxParentalRatingSubScore,`
35	`445`	`EnableUserPreferenceAccess = user.EnableUserPreferenceAccess,`
35	`446`	`RemoteClientBitrateLimit = user.RemoteClientBitrateLimit ?? 0,`
35	`447`	`AuthenticationProviderId = user.AuthenticationProviderId,`
35	`448`	`PasswordResetProviderId = user.PasswordResetProviderId,`
35	`449`	`InvalidLoginAttemptCount = user.InvalidLoginAttemptCount,`
35	`450`	`LoginAttemptsBeforeLockout = user.LoginAttemptsBeforeLockout ?? -1,`
35	`451`	`MaxActiveSessions = user.MaxActiveSessions,`
35	`452`	`IsAdministrator = user.HasPermission(PermissionKind.IsAdministrator),`
35	`453`	`IsHidden = user.HasPermission(PermissionKind.IsHidden),`
35	`454`	`IsDisabled = user.HasPermission(PermissionKind.IsDisabled),`
35	`455`	`EnableSharedDeviceControl = user.HasPermission(PermissionKind.EnableSharedDeviceControl),`
35	`456`	`EnableRemoteAccess = user.HasPermission(PermissionKind.EnableRemoteAccess),`
35	`457`	`EnableLiveTvManagement = user.HasPermission(PermissionKind.EnableLiveTvManagement),`
35	`458`	`EnableLiveTvAccess = user.HasPermission(PermissionKind.EnableLiveTvAccess),`
35	`459`	`EnableMediaPlayback = user.HasPermission(PermissionKind.EnableMediaPlayback),`
35	`460`	`EnableAudioPlaybackTranscoding = user.HasPermission(PermissionKind.EnableAudioPlaybackTranscoding),`
35	`461`	`EnableVideoPlaybackTranscoding = user.HasPermission(PermissionKind.EnableVideoPlaybackTranscoding),`
35	`462`	`EnableContentDeletion = user.HasPermission(PermissionKind.EnableContentDeletion),`
35	`463`	`EnableContentDownloading = user.HasPermission(PermissionKind.EnableContentDownloading),`
35	`464`	`EnableSyncTranscoding = user.HasPermission(PermissionKind.EnableSyncTranscoding),`
35	`465`	`EnableMediaConversion = user.HasPermission(PermissionKind.EnableMediaConversion),`
35	`466`	`EnableAllChannels = user.HasPermission(PermissionKind.EnableAllChannels),`
35	`467`	`EnableAllDevices = user.HasPermission(PermissionKind.EnableAllDevices),`
35	`468`	`EnableAllFolders = user.HasPermission(PermissionKind.EnableAllFolders),`
35	`469`	`EnableRemoteControlOfOtherUsers = user.HasPermission(PermissionKind.EnableRemoteControlOfOtherUsers)`
35	`470`	`EnablePlaybackRemuxing = user.HasPermission(PermissionKind.EnablePlaybackRemuxing),`
35	`471`	`ForceRemoteSourceTranscoding = user.HasPermission(PermissionKind.ForceRemoteSourceTranscoding),`
35	`472`	`EnablePublicSharing = user.HasPermission(PermissionKind.EnablePublicSharing),`
35	`473`	`EnableCollectionManagement = user.HasPermission(PermissionKind.EnableCollectionManagement),`
35	`474`	`EnableSubtitleManagement = user.HasPermission(PermissionKind.EnableSubtitleManagement),`
35	`475`	`AccessSchedules = user.AccessSchedules.ToArray(),`
35	`476`	`BlockedTags = user.GetPreference(PreferenceKind.BlockedTags),`
35	`477`	`AllowedTags = user.GetPreference(PreferenceKind.AllowedTags),`
35	`478`	`EnabledChannels = user.GetPreferenceValues<Guid>(PreferenceKind.EnabledChannels),`
35	`479`	`EnabledDevices = user.GetPreference(PreferenceKind.EnabledDevices),`
35	`480`	`EnabledFolders = user.GetPreferenceValues<Guid>(PreferenceKind.EnabledFolders),`
35	`481`	`EnableContentDeletionFromFolders = user.GetPreference(PreferenceKind.EnableContentDeletionFromFolder`
35	`482`	`SyncPlayAccess = user.SyncPlayAccess,`
35	`483`	`BlockedChannels = user.GetPreferenceValues<Guid>(PreferenceKind.BlockedChannels),`
35	`484`	`BlockedMediaFolders = user.GetPreferenceValues<Guid>(PreferenceKind.BlockedMediaFolders),`
35	`485`	`BlockUnratedItems = user.GetPreferenceValues<UnratedItem>(PreferenceKind.BlockUnratedItems)`
35	`486`	`}`
35	`487`	`};`
	`488`	`}`
	`489`
	`490`	`/// <inheritdoc/>`
	`491`	`public async Task<User?> AuthenticateUser(`
	`492`	`string username,`
	`493`	`string password,`
	`494`	`string remoteEndPoint,`
	`495`	`bool isUserSession)`
	`496`	`{`
15	`497`	`if (string.IsNullOrWhiteSpace(username))`
	`498`	`{`
0	`499`	`_logger.LogInformation("Authentication request without username has been denied (IP: {IP}).", remoteEndP`
0	`500`	`throw new ArgumentNullException(nameof(username));`
	`501`	`}`
	`502`
	`503`	`bool success;`
15	`504`	`var user = GetUserByName(username);`
15	`505`	`using (await _userLock.LockAsync(user?.Id ?? Guid.Empty).ConfigureAwait(false))`
	`506`	`{`
15	`507`	`using var dbContext = _dbProvider.CreateDbContext();`
	`508`
	`509`	`// Reload the user now that we hold the lock so the RowVersion is current.`
	`510`	`// GetUserByName uses AsNoTracking and the snapshot may be stale if another`
	`511`	`// write (e.g. a concurrent login) incremented RowVersion after our initial load.`
15	`512`	`if (user is not null)`
	`513`	`{`
15	`514`	`user = await UserQuery(dbContext).FirstOrDefaultAsync(e => e.Id == user.Id).ConfigureAwait(false) ??`
	`515`	`}`
	`516`
15	`517`	`var authResult = await AuthenticateLocalUser(username, password, user)`
15	`518`	`.ConfigureAwait(false);`
15	`519`	`var authenticationProvider = authResult.AuthenticationProvider;`
15	`520`	`success = authResult.Success;`
	`521`
15	`522`	`if (success && user is not null)`
	`523`	`{`
	`524`	`// refresh the user if the auth provider might have updated it in the auth method.`
	`525`	`// this is a hack, this needs removal once the LDAP plugin uses the correct interface to get the use`
15	`526`	`user = await UserQuery(dbContext).FirstOrDefaultAsync(e => e.Id == user.Id).ConfigureAwait(false);`
	`527`	`}`
	`528`
15	`529`	`if (user is null)`
	`530`	`{`
0	`531`	`string updatedUsername = authResult.Username;`
	`532`
0	`533`	`if (success`
0	`534`	`&& authenticationProvider is not null`
0	`535`	`&& authenticationProvider is not DefaultAuthenticationProvider)`
	`536`	`{`
	`537`	`// Trust the username returned by the authentication provider`
0	`538`	`username = updatedUsername;`
	`539`
	`540`	`// Search the database for the user again`
	`541`	`// the authentication provider might have created it`
	`542`	`#pragma warning disable CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
0	`543`	`user = await UserQuery(dbContext)`
0	`544`	`.FirstOrDefaultAsync(e => e.NormalizedUsername == username.ToUpperInvariant()).ConfigureAwai`
	`545`
0	`546`	`if (authenticationProvider is IHasNewUserPolicy hasNewUserPolicy && user is not null)`
	`547`	`{`
0	`548`	`await UpdatePolicyAsync(user.Id, hasNewUserPolicy.GetNewUserPolicy()).ConfigureAwait(false);`
0	`549`	`user = await UserQuery(dbContext)`
0	`550`	`.FirstOrDefaultAsync(e => e.NormalizedUsername == username.ToUpperInvariant()).Configure`
	`551`	`#pragma warning restore CA1862 // Use the 'StringComparison' method overloads to perform case-insensitive string compari`
	`552`	`}`
	`553`	`}`
	`554`	`}`
	`555`
15	`556`	`if (success && user is not null && authenticationProvider is not null)`
	`557`	`{`
15	`558`	`var providerId = authenticationProvider.GetType().FullName;`
	`559`
15	`560`	`if (providerId is not null && !string.Equals(providerId, user.AuthenticationProviderId, StringCompar`
	`561`	`{`
0	`562`	`await dbContext.Users`
0	`563`	`.Where(e => e.Id == user.Id)`
0	`564`	`.ExecuteUpdateAsync(e => e.SetProperty(f => f.AuthenticationProviderId, providerId))`
0	`565`	`.ConfigureAwait(false);`
	`566`	`}`
	`567`	`}`
	`568`
15	`569`	`if (user is null)`
	`570`	`{`
0	`571`	`_logger.LogInformation(`
0	`572`	`"Authentication request for {UserName} has been denied (IP: {IP}).",`
0	`573`	`username,`
0	`574`	`remoteEndPoint);`
0	`575`	`throw new AuthenticationException("Invalid username or password entered.");`
	`576`	`}`
	`577`
15	`578`	`if (user.HasPermission(PermissionKind.IsDisabled))`
	`579`	`{`
0	`580`	`_logger.LogInformation(`
0	`581`	`"Authentication request for {UserName} has been denied because this account is currently disable`
0	`582`	`username,`
0	`583`	`remoteEndPoint);`
0	`584`	`throw new SecurityException(`
0	`585`	`$"The {user.Username} account is currently disabled. Please consult with your administrator.");`
	`586`	`}`
	`587`
15	`588`	`if (!user.HasPermission(PermissionKind.EnableRemoteAccess) &&`
15	`589`	`!_networkManager.IsInLocalNetwork(remoteEndPoint))`
	`590`	`{`
0	`591`	`_logger.LogInformation(`
0	`592`	`"Authentication request for {UserName} forbidden: remote access disabled and user not in local n`
0	`593`	`username,`
0	`594`	`remoteEndPoint);`
0	`595`	`throw new SecurityException("Forbidden.");`
	`596`	`}`
	`597`
15	`598`	`if (!user.IsParentalScheduleAllowed())`
	`599`	`{`
0	`600`	`_logger.LogInformation(`
0	`601`	`"Authentication request for {UserName} is not allowed at this time due parental restrictions (IP`
0	`602`	`username,`
0	`603`	`remoteEndPoint);`
0	`604`	`throw new SecurityException("User is not allowed access at this time.");`
	`605`	`}`
	`606`
	`607`	`// Update LastActivityDate and LastLoginDate, then save`
15	`608`	`if (success)`
	`609`	`{`
15	`610`	`if (isUserSession)`
	`611`	`{`
15	`612`	`var date = DateTime.UtcNow;`
15	`613`	`await dbContext.Users`
15	`614`	`.Where(e => e.Id == user.Id)`
15	`615`	`.ExecuteUpdateAsync(e => e`
15	`616`	`.SetProperty(f => f.LastActivityDate, date)`
15	`617`	`.SetProperty(f => f.LastLoginDate, date))`
15	`618`	`.ConfigureAwait(false);`
	`619`	`}`
	`620`
15	`621`	`await dbContext.Users`
15	`622`	`.Where(e => e.Id == user.Id)`
15	`623`	`.ExecuteUpdateAsync(e => e.SetProperty(f => f.InvalidLoginAttemptCount, 0))`
15	`624`	`.ConfigureAwait(false);`
15	`625`	`_logger.LogInformation("Authentication request for {UserName} has succeeded.", user.Username);`
	`626`	`}`
	`627`	`else`
	`628`	`{`
0	`629`	`user.InvalidLoginAttemptCount++;`
0	`630`	`int? maxInvalidLogins = user.LoginAttemptsBeforeLockout;`
0	`631`	`if (maxInvalidLogins.HasValue && user.InvalidLoginAttemptCount >= maxInvalidLogins)`
	`632`	`{`
0	`633`	`user.SetPermission(PermissionKind.IsDisabled, true);`
0	`634`	`await dbContext.SaveChangesAsync()`
0	`635`	`.ConfigureAwait(false);`
0	`636`	`await _eventManager.PublishAsync(new UserLockedOutEventArgs(user)).ConfigureAwait(false);`
0	`637`	`_logger.LogWarning(`
0	`638`	`"Disabling user {Username} due to {Attempts} unsuccessful login attempts.",`
0	`639`	`user.Username,`
0	`640`	`user.InvalidLoginAttemptCount);`
	`641`	`}`
	`642`
0	`643`	`await dbContext.Users`
0	`644`	`.Where(e => e.Id == user.Id)`
0	`645`	`.ExecuteUpdateAsync(e => e.SetProperty(f => f.InvalidLoginAttemptCount, f => f.InvalidLoginAttem`
0	`646`	`.ConfigureAwait(false);`
	`647`
0	`648`	`_logger.LogInformation(`
0	`649`	`"Authentication request for {UserName} has been denied (IP: {IP}).",`
0	`650`	`user.Username,`
0	`651`	`remoteEndPoint);`
	`652`	`}`
15	`653`	`}`
	`654`
15	`655`	`return success ? user : null;`
15	`656`	`}`
	`657`
	`658`	`/// <inheritdoc/>`
	`659`	`public async Task<ForgotPasswordResult> StartForgotPasswordProcess(string enteredUsername, bool isInNetwork)`
	`660`	`{`
0	`661`	`var user = string.IsNullOrWhiteSpace(enteredUsername) ? null : GetUserByName(enteredUsername);`
0	`662`	`var passwordResetProvider = GetPasswordResetProvider(user);`
	`663`
0	`664`	`var result = await passwordResetProvider`
0	`665`	`.StartForgotPasswordProcess(user, enteredUsername, isInNetwork)`
0	`666`	`.ConfigureAwait(false);`
	`667`
0	`668`	`if (user is not null && isInNetwork)`
	`669`	`{`
0	`670`	`await UpdateUserAsync(user).ConfigureAwait(false);`
	`671`	`}`
	`672`
0	`673`	`return result;`
0	`674`	`}`
	`675`
	`676`	`/// <inheritdoc/>`
	`677`	`public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)`
	`678`	`{`
0	`679`	`foreach (var provider in _passwordResetProviders)`
	`680`	`{`
0	`681`	`var result = await provider.RedeemPasswordResetPin(pin).ConfigureAwait(false);`
	`682`
0	`683`	`if (result.Success)`
	`684`	`{`
0	`685`	`return result;`
	`686`	`}`
	`687`	`}`
	`688`
0	`689`	`return new PinRedeemResult();`
0	`690`	`}`
	`691`
	`692`	`/// <inheritdoc />`
	`693`	`public async Task InitializeAsync()`
	`694`	`{`
	`695`	`// TODO: Refactor the startup wizard so that it doesn't require a user to already exist.`
17	`696`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
17	`697`	`await using (dbContext.ConfigureAwait(false))`
	`698`	`{`
17	`699`	`if (await dbContext.Users.AnyAsync().ConfigureAwait(false))`
	`700`	`{`
	`701`	`return;`
	`702`	`}`
	`703`
16	`704`	`var defaultName = Environment.UserName;`
16	`705`	`if (string.IsNullOrWhiteSpace(defaultName) \|\| !ValidUsernameRegex().IsMatch(defaultName))`
	`706`	`{`
0	`707`	`defaultName = "MyJellyfinUser";`
	`708`	`}`
	`709`
16	`710`	`_logger.LogWarning("No users, creating one with username {UserName}", defaultName);`
	`711`
16	`712`	`var newUser = await CreateUserInternalAsync(defaultName, dbContext).ConfigureAwait(false);`
16	`713`	`newUser.SetPermission(PermissionKind.IsAdministrator, true);`
16	`714`	`newUser.SetPermission(PermissionKind.EnableContentDeletion, true);`
16	`715`	`newUser.SetPermission(PermissionKind.EnableRemoteControlOfOtherUsers, true);`
	`716`
16	`717`	`dbContext.Users.Add(newUser);`
16	`718`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`719`	`}`
17	`720`	`}`
	`721`
	`722`	`/// <inheritdoc/>`
	`723`	`public NameIdPair[] GetAuthenticationProviders()`
	`724`	`{`
0	`725`	`return _authenticationProviders`
0	`726`	`.Where(provider => provider.IsEnabled)`
0	`727`	`.OrderBy(i => i is DefaultAuthenticationProvider ? 0 : 1)`
0	`728`	`.ThenBy(i => i.Name)`
0	`729`	`.Select(i => new NameIdPair`
0	`730`	`{`
0	`731`	`Name = i.Name,`
0	`732`	`Id = i.GetType().FullName`
0	`733`	`})`
0	`734`	`.ToArray();`
	`735`	`}`
	`736`
	`737`	`/// <inheritdoc/>`
	`738`	`public NameIdPair[] GetPasswordResetProviders()`
	`739`	`{`
0	`740`	`return _passwordResetProviders`
0	`741`	`.Where(provider => provider.IsEnabled)`
0	`742`	`.OrderBy(i => i is DefaultPasswordResetProvider ? 0 : 1)`
0	`743`	`.ThenBy(i => i.Name)`
0	`744`	`.Select(i => new NameIdPair`
0	`745`	`{`
0	`746`	`Name = i.Name,`
0	`747`	`Id = i.GetType().FullName`
0	`748`	`})`
0	`749`	`.ToArray();`
	`750`	`}`
	`751`
	`752`	`/// <inheritdoc/>`
	`753`	`public async Task UpdateConfigurationAsync(Guid userId, UserConfiguration config)`
	`754`	`{`
0	`755`	`using (await _userLock.LockAsync(userId).ConfigureAwait(false))`
	`756`	`{`
0	`757`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
0	`758`	`await using (dbContext.ConfigureAwait(false))`
	`759`	`{`
0	`760`	`var user = UserQuery(dbContext)`
0	`761`	`.AsTracking()`
0	`762`	`.FirstOrDefault(u => u.Id.Equals(userId))`
0	`763`	`?? throw new ArgumentException("No user exists with given Id!");`
	`764`
0	`765`	`user.SubtitleMode = config.SubtitleMode;`
0	`766`	`user.HidePlayedInLatest = config.HidePlayedInLatest;`
0	`767`	`user.EnableLocalPassword = config.EnableLocalPassword;`
0	`768`	`user.PlayDefaultAudioTrack = config.PlayDefaultAudioTrack;`
0	`769`	`user.DisplayCollectionsView = config.DisplayCollectionsView;`
0	`770`	`user.DisplayMissingEpisodes = config.DisplayMissingEpisodes;`
0	`771`	`user.AudioLanguagePreference = config.AudioLanguagePreference;`
0	`772`	`user.RememberAudioSelections = config.RememberAudioSelections;`
0	`773`	`user.EnableNextEpisodeAutoPlay = config.EnableNextEpisodeAutoPlay;`
0	`774`	`user.RememberSubtitleSelections = config.RememberSubtitleSelections;`
0	`775`	`user.SubtitleLanguagePreference = config.SubtitleLanguagePreference;`
	`776`
	`777`	`// Only set cast receiver id if it is passed in and it exists in the server config.`
0	`778`	`if (!string.IsNullOrEmpty(config.CastReceiverId)`
0	`779`	`&& _serverConfigurationManager.Configuration.CastReceiverApplications.Any(c => string.Equals(c.I`
	`780`	`{`
0	`781`	`user.CastReceiverId = config.CastReceiverId;`
	`782`	`}`
	`783`
0	`784`	`user.SetPreference(PreferenceKind.OrderedViews, config.OrderedViews);`
0	`785`	`user.SetPreference(PreferenceKind.GroupedFolders, config.GroupedFolders);`
0	`786`	`user.SetPreference(PreferenceKind.MyMediaExcludes, config.MyMediaExcludes);`
0	`787`	`user.SetPreference(PreferenceKind.LatestItemExcludes, config.LatestItemsExcludes);`
	`788`
0	`789`	`dbContext.Update(user);`
0	`790`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`791`	`}`
0	`792`	`}`
0	`793`	`}`
	`794`
	`795`	`/// <inheritdoc/>`
	`796`	`public async Task UpdatePolicyAsync(Guid userId, UserPolicy policy)`
	`797`	`{`
0	`798`	`using (await _userLock.LockAsync(userId).ConfigureAwait(false))`
	`799`	`{`
0	`800`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
0	`801`	`await using (dbContext.ConfigureAwait(false))`
	`802`	`{`
0	`803`	`var user = UserQuery(dbContext)`
0	`804`	`.AsTracking()`
0	`805`	`.FirstOrDefault(u => u.Id.Equals(userId))`
0	`806`	`?? throw new ArgumentException("No user exists with given Id!");`
	`807`
	`808`	`// The default number of login attempts is 3, but for some god forsaken reason it's sent to the serv`
0	`809`	`int? maxLoginAttempts = policy.LoginAttemptsBeforeLockout switch`
0	`810`	`{`
0	`811`	`-1 => null,`
0	`812`	`0 => 3,`
0	`813`	`_ => policy.LoginAttemptsBeforeLockout`
0	`814`	`};`
	`815`
0	`816`	`user.MaxParentalRatingScore = policy.MaxParentalRating;`
0	`817`	`user.MaxParentalRatingSubScore = policy.MaxParentalSubRating;`
0	`818`	`user.EnableUserPreferenceAccess = policy.EnableUserPreferenceAccess;`
0	`819`	`user.RemoteClientBitrateLimit = policy.RemoteClientBitrateLimit;`
0	`820`	`user.AuthenticationProviderId = policy.AuthenticationProviderId;`
0	`821`	`user.PasswordResetProviderId = policy.PasswordResetProviderId;`
0	`822`	`user.InvalidLoginAttemptCount = policy.InvalidLoginAttemptCount;`
0	`823`	`user.LoginAttemptsBeforeLockout = maxLoginAttempts;`
0	`824`	`user.MaxActiveSessions = policy.MaxActiveSessions;`
0	`825`	`user.SyncPlayAccess = policy.SyncPlayAccess;`
0	`826`	`user.SetPermission(PermissionKind.IsAdministrator, policy.IsAdministrator);`
0	`827`	`user.SetPermission(PermissionKind.IsHidden, policy.IsHidden);`
0	`828`	`user.SetPermission(PermissionKind.IsDisabled, policy.IsDisabled);`
0	`829`	`user.SetPermission(PermissionKind.EnableSharedDeviceControl, policy.EnableSharedDeviceControl);`
0	`830`	`user.SetPermission(PermissionKind.EnableRemoteAccess, policy.EnableRemoteAccess);`
0	`831`	`user.SetPermission(PermissionKind.EnableLiveTvManagement, policy.EnableLiveTvManagement);`
0	`832`	`user.SetPermission(PermissionKind.EnableLiveTvAccess, policy.EnableLiveTvAccess);`
0	`833`	`user.SetPermission(PermissionKind.EnableMediaPlayback, policy.EnableMediaPlayback);`
0	`834`	`user.SetPermission(PermissionKind.EnableAudioPlaybackTranscoding, policy.EnableAudioPlaybackTranscod`
0	`835`	`user.SetPermission(PermissionKind.EnableVideoPlaybackTranscoding, policy.EnableVideoPlaybackTranscod`
0	`836`	`user.SetPermission(PermissionKind.EnableContentDeletion, policy.EnableContentDeletion);`
0	`837`	`user.SetPermission(PermissionKind.EnableContentDownloading, policy.EnableContentDownloading);`
0	`838`	`user.SetPermission(PermissionKind.EnableSyncTranscoding, policy.EnableSyncTranscoding);`
0	`839`	`user.SetPermission(PermissionKind.EnableMediaConversion, policy.EnableMediaConversion);`
0	`840`	`user.SetPermission(PermissionKind.EnableAllChannels, policy.EnableAllChannels);`
0	`841`	`user.SetPermission(PermissionKind.EnableAllDevices, policy.EnableAllDevices);`
0	`842`	`user.SetPermission(PermissionKind.EnableAllFolders, policy.EnableAllFolders);`
0	`843`	`user.SetPermission(PermissionKind.EnableRemoteControlOfOtherUsers, policy.EnableRemoteControlOfOther`
0	`844`	`user.SetPermission(PermissionKind.EnablePlaybackRemuxing, policy.EnablePlaybackRemuxing);`
0	`845`	`user.SetPermission(PermissionKind.EnableCollectionManagement, policy.EnableCollectionManagement);`
0	`846`	`user.SetPermission(PermissionKind.EnableSubtitleManagement, policy.EnableSubtitleManagement);`
0	`847`	`user.SetPermission(PermissionKind.EnableLyricManagement, policy.EnableLyricManagement);`
0	`848`	`user.SetPermission(PermissionKind.ForceRemoteSourceTranscoding, policy.ForceRemoteSourceTranscoding)`
0	`849`	`user.SetPermission(PermissionKind.EnablePublicSharing, policy.EnablePublicSharing);`
	`850`
0	`851`	`user.AccessSchedules.Clear();`
0	`852`	`foreach (var policyAccessSchedule in policy.AccessSchedules)`
	`853`	`{`
0	`854`	`user.AccessSchedules.Add(policyAccessSchedule);`
	`855`	`}`
	`856`
	`857`	`// TODO: fix this at some point`
0	`858`	`user.SetPreference(PreferenceKind.BlockUnratedItems, policy.BlockUnratedItems ?? Array.Empty<Unrated`
0	`859`	`user.SetPreference(PreferenceKind.BlockedTags, policy.BlockedTags);`
0	`860`	`user.SetPreference(PreferenceKind.AllowedTags, policy.AllowedTags);`
0	`861`	`user.SetPreference(PreferenceKind.EnabledChannels, policy.EnabledChannels);`
0	`862`	`user.SetPreference(PreferenceKind.EnabledDevices, policy.EnabledDevices);`
0	`863`	`user.SetPreference(PreferenceKind.EnabledFolders, policy.EnabledFolders);`
0	`864`	`user.SetPreference(PreferenceKind.EnableContentDeletionFromFolders, policy.EnableContentDeletionFrom`
	`865`
0	`866`	`dbContext.Update(user);`
0	`867`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`868`	`}`
0	`869`	`}`
0	`870`	`}`
	`871`
	`872`	`/// <inheritdoc/>`
	`873`	`public async Task ClearProfileImageAsync(User user)`
	`874`	`{`
0	`875`	`if (user.ProfileImage is null)`
	`876`	`{`
0	`877`	`return;`
	`878`	`}`
	`879`
0	`880`	`using (await _userLock.LockAsync(user.Id).ConfigureAwait(false))`
	`881`	`{`
0	`882`	`var dbContext = await _dbProvider.CreateDbContextAsync().ConfigureAwait(false);`
0	`883`	`await using (dbContext.ConfigureAwait(false))`
	`884`	`{`
0	`885`	`dbContext.Remove(user.ProfileImage);`
0	`886`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
	`887`	`}`
	`888`
0	`889`	`user.ProfileImage = null;`
0	`890`	`}`
0	`891`	`}`
	`892`
	`893`	`internal static void ThrowIfInvalidUsername(string name)`
	`894`	`{`
58	`895`	`if (!string.IsNullOrWhiteSpace(name) && ValidUsernameRegex().IsMatch(name))`
	`896`	`{`
50	`897`	`return;`
	`898`	`}`
	`899`
8	`900`	`throw new ArgumentException("Usernames can contain unicode symbols, numbers (0-9), dashes (-), underscores (`
	`901`	`}`
	`902`
	`903`	`private IAuthenticationProvider GetAuthenticationProvider(User user)`
	`904`	`{`
3	`905`	`return GetAuthenticationProviders(user)[0];`
	`906`	`}`
	`907`
	`908`	`private IPasswordResetProvider GetPasswordResetProvider(User? user)`
	`909`	`{`
0	`910`	`if (user is null)`
	`911`	`{`
0	`912`	`return _defaultPasswordResetProvider;`
	`913`	`}`
	`914`
0	`915`	`return GetPasswordResetProviders(user)[0];`
	`916`	`}`
	`917`
	`918`	`private List<IAuthenticationProvider> GetAuthenticationProviders(User? user)`
	`919`	`{`
18	`920`	`var authenticationProviderId = user?.AuthenticationProviderId;`
	`921`
18	`922`	`var providers = _authenticationProviders.Where(i => i.IsEnabled).ToList();`
	`923`
18	`924`	`if (!string.IsNullOrEmpty(authenticationProviderId))`
	`925`	`{`
18	`926`	`providers = providers.Where(i => string.Equals(authenticationProviderId, i.GetType().FullName, StringCom`
	`927`	`}`
	`928`
18	`929`	`if (providers.Count == 0)`
	`930`	`{`
	`931`	`// Assign the user to the InvalidAuthProvider since no configured auth provider was valid/found`
0	`932`	`_logger.LogWarning(`
0	`933`	`"User {Username} was found with invalid/missing Authentication Provider {AuthenticationProviderId}.`
0	`934`	`user?.Username,`
0	`935`	`user?.AuthenticationProviderId);`
0	`936`	`providers = new List<IAuthenticationProvider>`
0	`937`	`{`
0	`938`	`_invalidAuthProvider`
0	`939`	`};`
	`940`	`}`
	`941`
18	`942`	`return providers;`
	`943`	`}`
	`944`
	`945`	`private IPasswordResetProvider[] GetPasswordResetProviders(User user)`
	`946`	`{`
0	`947`	`var passwordResetProviderId = user.PasswordResetProviderId;`
0	`948`	`var providers = _passwordResetProviders.Where(i => i.IsEnabled).ToArray();`
	`949`
0	`950`	`if (!string.IsNullOrEmpty(passwordResetProviderId))`
	`951`	`{`
0	`952`	`providers = providers.Where(i =>`
0	`953`	`string.Equals(passwordResetProviderId, i.GetType().FullName, StringComparison.OrdinalIgnoreCase)`
0	`954`	`.ToArray();`
	`955`	`}`
	`956`
0	`957`	`if (providers.Length == 0)`
	`958`	`{`
0	`959`	`providers = new IPasswordResetProvider[]`
0	`960`	`{`
0	`961`	`_defaultPasswordResetProvider`
0	`962`	`};`
	`963`	`}`
	`964`
0	`965`	`return providers;`
	`966`	`}`
	`967`
	`968`	`private async Task<(IAuthenticationProvider? AuthenticationProvider, string Username, bool Success)> Authenticat`
	`969`	`string username,`
	`970`	`string password,`
	`971`	`User? user)`
	`972`	`{`
15	`973`	`bool success = false;`
15	`974`	`IAuthenticationProvider? authenticationProvider = null;`
	`975`
45	`976`	`foreach (var provider in GetAuthenticationProviders(user))`
	`977`	`{`
15	`978`	`var providerAuthResult =`
15	`979`	`await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false);`
15	`980`	`var updatedUsername = providerAuthResult.Username;`
15	`981`	`success = providerAuthResult.Success;`
	`982`
15	`983`	`if (success)`
	`984`	`{`
15	`985`	`authenticationProvider = provider;`
15	`986`	`username = updatedUsername;`
15	`987`	`break;`
	`988`	`}`
0	`989`	`}`
	`990`
15	`991`	`return (authenticationProvider, username, success);`
15	`992`	`}`
	`993`
	`994`	`private async Task<(string Username, bool Success)> AuthenticateWithProvider(`
	`995`	`IAuthenticationProvider provider,`
	`996`	`string username,`
	`997`	`string password,`
	`998`	`User? resolvedUser)`
	`999`	`{`
	`1000`	`try`
	`1001`	`{`
15	`1002`	`var authenticationResult = provider is IRequiresResolvedUser requiresResolvedUser`
15	`1003`	`? await requiresResolvedUser.Authenticate(username, password, resolvedUser).ConfigureAwait(false)`
15	`1004`	`: await provider.Authenticate(username, password).ConfigureAwait(false);`
	`1005`
15	`1006`	`if (authenticationResult.Username != username)`
	`1007`	`{`
0	`1008`	`_logger.LogDebug("Authentication provider provided updated username {1}", authenticationResult.Usern`
0	`1009`	`username = authenticationResult.Username;`
	`1010`	`}`
	`1011`
15	`1012`	`return (username, true);`
	`1013`	`}`
0	`1014`	`catch (AuthenticationException ex)`
	`1015`	`{`
0	`1016`	`_logger.LogDebug(ex, "Error authenticating with provider {Provider}", provider.Name);`
	`1017`
0	`1018`	`return (username, false);`
	`1019`	`}`
15	`1020`	`}`
	`1021`
	`1022`	`private async Task UpdateUserInternalAsync(JellyfinDbContext dbContext, User user)`
	`1023`	`{`
5	`1024`	`dbContext.Users.Attach(user);`
5	`1025`	`dbContext.Entry(user).State = EntityState.Modified;`
5	`1026`	`await dbContext.SaveChangesAsync().ConfigureAwait(false);`
5	`1027`	`}`
	`1028`
	`1029`	`/// <inheritdoc/>`
	`1030`	`public void Dispose()`
	`1031`	`{`
46	`1032`	`Dispose(true);`
46	`1033`	`GC.SuppressFinalize(this);`
46	`1034`	`}`
	`1035`
	`1036`	`/// <summary>`
	`1037`	`/// Disposes all members of this class.`
	`1038`	`/// </summary>`
	`1039`	`/// <param name="disposing">Defines if the class has been cleaned up by a dispose or finalizer.</param>`
	`1040`	`protected virtual void Dispose(bool disposing)`
	`1041`	`{`
46	`1042`	`if (disposing)`
	`1043`	`{`
46	`1044`	`_userLock.Dispose();`
	`1045`	`}`
46	`1046`	`}`
	`1047`
	`1048`	`internal sealed class LockHelper : IDisposable`
	`1049`	`{`
50	`1050`	`private readonly AsyncKeyedLocker<Guid> _userLock = new();`
	`1051`
	`1052`	`private bool _disposed;`
	`1053`
2	`1054`	`public static AsyncLocal<int> IsNestedLock { get; set; } = new();`
	`1055`
	`1056`	`public bool ShouldLock()`
	`1057`	`{`
5	`1058`	`return IsNestedLock.Value == 0;`
	`1059`	`}`
	`1060`
	`1061`	`public ValueTask<IDisposable> LockAsync(Guid key)`
	`1062`	`{`
48	`1063`	`ThrowIfDisposed();`
47	`1064`	`var isNested = LockHelper.IsNestedLock.Value != 0;`
47	`1065`	`LockHelper.IsNestedLock.Value = LockHelper.IsNestedLock.Value + 1;`
47	`1066`	`if (isNested)`
	`1067`	`{`
1	`1068`	`return new ValueTask<IDisposable>(new LockHandle { Parent = null });`
	`1069`	`}`
	`1070`
46	`1071`	`return AcquireLockAsync(key);`
	`1072`	`}`
	`1073`
	`1074`	`private async ValueTask<IDisposable> AcquireLockAsync(Guid key)`
	`1075`	`{`
46	`1076`	`var lockHandle = await _userLock.LockAsync(key, true).ConfigureAwait(false);`
46	`1077`	`return new LockHandle { Parent = lockHandle };`
46	`1078`	`}`
	`1079`
	`1080`	`public void Dispose()`
	`1081`	`{`
53	`1082`	`if (_disposed)`
	`1083`	`{`
3	`1084`	`return;`
	`1085`	`}`
	`1086`
50	`1087`	`_disposed = true;`
50	`1088`	`_userLock.Dispose();`
50	`1089`	`}`
	`1090`
	`1091`	`private void ThrowIfDisposed()`
	`1092`	`{`
48	`1093`	`ObjectDisposedException.ThrowIf(_disposed, this);`
47	`1094`	`}`
	`1095`
	`1096`	`private sealed class LockHandle : IDisposable`
	`1097`	`{`
	`1098`	`public required IDisposable? Parent { get; init; }`
	`1099`
	`1100`	`public void Dispose()`
	`1101`	`{`
47	`1102`	`Parent?.Dispose();`
47	`1103`	`LockHelper.IsNestedLock.Value = LockHelper.IsNestedLock.Value - 1;`
	`1104`
47	`1105`	`if (LockHelper.IsNestedLock.Value < 0)`
	`1106`	`{`
0	`1107`	`throw new InvalidOperationException("Mismatched locking detected. Threads internal NestedLock is`
	`1108`	`}`
47	`1109`	`}`
	`1110`	`}`
	`1111`	`}`
	`1112`	`}`
	`1113`	`}`

< Summary - Jellyfin

Coverage history

Coverage delta

Metrics

File(s)

/srv/git/jellyfin/Jellyfin.Server.Implementations/Users/UserManager.cs

Methods/Properties