private async Task <User> UpdateUserInfo(KeycloakUser keycloakUser, User jellyfinUser) { jellyfinUser.SetPermission(PermissionKind.IsDisabled, true); jellyfinUser.SetPermission(PermissionKind.IsAdministrator, false); jellyfinUser.SetPermission(PermissionKind.EnableContentDownloading, false); foreach (string permission in keycloakUser.Permissions) { switch (permission) { case "administrator": jellyfinUser.SetPermission(PermissionKind.IsAdministrator, true); break; case "allowed_access": jellyfinUser.SetPermission(PermissionKind.IsDisabled, false); break; } } await _userManager.UpdateUserAsync(jellyfinUser).ConfigureAwait(false); return(jellyfinUser); }
public async Task <ProviderAuthenticationResult> Authenticate(string username, string password) { _userManager ??= _applicationHost.Resolve <IUserManager>(); string totp = null; if (Enable2FA) { var match = Regex.Match(password, TwoFactorPattern); if (match.Success) { password = match.Groups[1].Value; totp = match.Groups[2].Value; } } User user = null; try { user = _userManager.GetUserByName(username); } catch (Exception e) { _logger.LogWarning("User Manager could not find a user for Keycloak User, this may not be fatal", e); } KeycloakUser keycloakUser = await GetKeycloakUser(username, password, totp); if (keycloakUser == null) { throw new AuthenticationException("Error completing Keycloak login. Invalid username or password."); } if (user == null) { if (CreateUser) { _logger.LogInformation($"Creating user {username}"); user = await _userManager.CreateUserAsync(username).ConfigureAwait(false); user.AuthenticationProviderId = GetType().FullName; await UpdateUserInfo(keycloakUser, user); } else { _logger.LogError("Keycloak User not configured for Jellyfin: {username}", username); throw new AuthenticationException( $"Automatic User Creation is disabled and there is no Jellyfin user for authorized Uid: {username}"); } } else { await UpdateUserInfo(keycloakUser, user); } if (user.HasPermission(PermissionKind.IsDisabled)) { // If the user no longer has permission to access revoke all sessions for this user _logger.LogInformation($"{username} is disabled, revoking all sessions"); var sessionHandler = _applicationHost.Resolve <ISessionManager>(); sessionHandler.RevokeUserTokens(user.Id, null); } return(new ProviderAuthenticationResult { Username = username }); }