예제 #1
0
        private void ValidateUserAccess(User user, IServiceRequest request,
            IAuthenticationAttributes authAttribtues,
            AuthorizationInfo auth)
        {
            if (user.Policy.IsDisabled)
            {
                throw new SecurityException("User account has been disabled.")
                {
                    SecurityExceptionType = SecurityExceptionType.Unauthenticated
                };
            }

            if (!user.Policy.IsAdministrator &&
                !authAttribtues.EscapeParentalControl &&
                !user.IsParentalScheduleAllowed())
            {
                request.AddResponseHeader("X-Application-Error-Code", "ParentalControl");

                throw new SecurityException("This user account is not allowed access at this time.")
                {
                    SecurityExceptionType = SecurityExceptionType.ParentalControl
                };
            }

            if (!string.IsNullOrWhiteSpace(auth.DeviceId))
            {
                if (!DeviceManager.CanAccessDevice(user.Id.ToString("N"), auth.DeviceId))
                {
                    throw new SecurityException("User is not allowed access from this device.")
                    {
                        SecurityExceptionType = SecurityExceptionType.ParentalControl
                    };
                }
            }
        }
예제 #2
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues, AuthenticationInfo tokenInfo)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            if (string.IsNullOrWhiteSpace(auth.Token))
            {
                return true;
            }

            if (tokenInfo != null && string.IsNullOrWhiteSpace(tokenInfo.UserId))
            {
                return true;
            }

            return false;
        }
예제 #3
0
        private bool IsExemptFromAuthenticationToken(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            return _config.Configuration.InsecureApps9.Contains(auth.Client ?? string.Empty,
                StringComparer.OrdinalIgnoreCase);
        }
예제 #4
0
        /// <summary>
        /// Gets the authorization.
        /// </summary>
        /// <param name="httpReq">The HTTP req.</param>
        /// <returns>Dictionary{System.StringSystem.String}.</returns>
        private AuthorizationInfo GetAuthorization(IServiceRequest httpReq)
        {
            var auth = GetAuthorizationDictionary(httpReq);

            string deviceId = null;
            string device = null;
            string client = null;
            string version = null;

            if (auth != null)
            {
                auth.TryGetValue("DeviceId", out deviceId);
                auth.TryGetValue("Device", out device);
                auth.TryGetValue("Client", out client);
                auth.TryGetValue("Version", out version);
            }

            var token = httpReq.Headers["X-Emby-Token"];

            if (string.IsNullOrWhiteSpace(token))
            {
                token = httpReq.Headers["X-MediaBrowser-Token"];
            }
            if (string.IsNullOrWhiteSpace(token))
            {
                token = httpReq.QueryString["api_key"];
            }

            var info = new AuthorizationInfo
            {
                Client = client,
                Device = device,
                DeviceId = deviceId,
                Version = version,
                Token = token
            };

            if (!string.IsNullOrWhiteSpace(token))
            {
                var result = _authRepo.Get(new AuthenticationInfoQuery
                {
                    AccessToken = token
                });

                var tokenInfo = result.Items.FirstOrDefault();

                if (tokenInfo != null)
                {
                    info.UserId = tokenInfo.UserId;

                    // TODO: Remove these checks for IsNullOrWhiteSpace
                    if (string.IsNullOrWhiteSpace(info.Client))
                    {
                        info.Client = tokenInfo.AppName;
                    }
                    if (string.IsNullOrWhiteSpace(info.Device))
                    {
                        info.Device = tokenInfo.DeviceName;
                    }
                    if (string.IsNullOrWhiteSpace(info.DeviceId))
                    {
                        info.DeviceId = tokenInfo.DeviceId;
                    }
                }
                else
                {
                    var user = _connectManager.GetUserFromExchangeToken(token);
                    if (user != null)
                    {
                        info.UserId = user.Id.ToString("N");
                    }
                }
                httpReq.Items["OriginalAuthenticationInfo"] = tokenInfo;
            }

            httpReq.Items["AuthorizationInfo"] = info;

            return info;
        }
예제 #5
0
        /// <summary>
        /// Gets the authorization.
        /// </summary>
        /// <param name="httpReq">The HTTP req.</param>
        /// <returns>Dictionary{System.StringSystem.String}.</returns>
        private AuthorizationInfo GetAuthorization(IServiceRequest httpReq)
        {
            var auth = GetAuthorizationDictionary(httpReq);

            string userId = null;
            string deviceId = null;
            string device = null;
            string client = null;
            string version = null;

            if (auth != null)
            {
                // TODO: Remove this 
                auth.TryGetValue("UserId", out userId);

                auth.TryGetValue("DeviceId", out deviceId);
                auth.TryGetValue("Device", out device);
                auth.TryGetValue("Client", out client);
                auth.TryGetValue("Version", out version);
            }

            var token = httpReq.Headers["X-MediaBrowser-Token"];

            if (string.IsNullOrWhiteSpace(token))
            {
                token = httpReq.QueryString["api_key"];
            }

            // Hack until iOS is updated
            // TODO: Remove
            if (string.IsNullOrWhiteSpace(client))
            {
                var userAgent = httpReq.Headers["User-Agent"] ?? string.Empty;

                if (userAgent.IndexOf("mediabrowserios", StringComparison.OrdinalIgnoreCase) != -1 ||
                    userAgent.IndexOf("iphone", StringComparison.OrdinalIgnoreCase) != -1 ||
                    userAgent.IndexOf("ipad", StringComparison.OrdinalIgnoreCase) != -1)
                {
                    client = "iOS";
                }

                else if (userAgent.IndexOf("crKey", StringComparison.OrdinalIgnoreCase) != -1)
                {
                    client = "Chromecast";
                }
            }

            // Hack until iOS is updated
            // TODO: Remove
            if (string.IsNullOrWhiteSpace(device))
            {
                var userAgent = httpReq.Headers["User-Agent"] ?? string.Empty;

                if (userAgent.IndexOf("iPhone", StringComparison.OrdinalIgnoreCase) != -1)
                {
                    device = "iPhone";
                }

                else if (userAgent.IndexOf("iPad", StringComparison.OrdinalIgnoreCase) != -1)
                {
                    device = "iPad";
                }

                else if (userAgent.IndexOf("crKey", StringComparison.OrdinalIgnoreCase) != -1)
                {
                    device = "Chromecast";
                }
            }

            var info = new AuthorizationInfo
            {
                Client = client,
                Device = device,
                DeviceId = deviceId,
                UserId = userId,
                Version = version,
                Token = token
            };

            if (!string.IsNullOrWhiteSpace(token))
            {
                var result = _authRepo.Get(new AuthenticationInfoQuery
                {
                    AccessToken = token
                });

                var tokenInfo = result.Items.FirstOrDefault();

                if (tokenInfo != null)
                {
                    info.UserId = tokenInfo.UserId;

                    // TODO: Remove these checks for IsNullOrWhiteSpace
                    if (string.IsNullOrWhiteSpace(info.Client))
                    {
                        info.Client = tokenInfo.AppName;
                    }
                    if (string.IsNullOrWhiteSpace(info.Device))
                    {
                        info.Device = tokenInfo.DeviceName;
                    }
                    if (string.IsNullOrWhiteSpace(info.DeviceId))
                    {
                        info.DeviceId = tokenInfo.DeviceId;
                    }
                }
                else
                {
                    var user = _connectManager.GetUserFromExchangeToken(token);
                    if (user != null)
                    {
                        info.UserId = user.Id.ToString("N");
                    }
                }
                httpReq.Items["OriginalAuthenticationInfo"] = tokenInfo;
            }

            httpReq.Items["AuthorizationInfo"] = info;

            return info;
        }
예제 #6
0
        private bool IsExemptFromRoles(AuthorizationInfo auth, IAuthenticationAttributes authAttribtues)
        {
            if (!_config.Configuration.IsStartupWizardCompleted &&
                authAttribtues.AllowBeforeStartupWizard)
            {
                return true;
            }

            return false;
        }