Skip to content

Commit

Permalink
Fix FirstTimeSetupHandler failing for users and update tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@thornbill
thornbill committed May 31, 2024
1 parent a71e2d9 commit 7221e7c
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 25 deletions.
13 changes: 12 additions & 1 deletion Jellyfin.Api/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandler.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,30 @@ public FirstTimeSetupHandler(IConfigurationManager configurationManager)
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, FirstTimeSetupRequirement requirement)
{
// Succeed if the startup wizard / first time setup is not complete
if (!_configurationManager.CommonConfiguration.IsStartupWizardCompleted)
{
context.Succeed(requirement);
}
else if (context.User.IsInRole(UserRoles.Administrator))

// Succeed if user is admin or api key
else if (context.User.GetIsApiKey() || context.User.IsInRole(UserRoles.Administrator))
{
context.Succeed(requirement);
}

// Fail if admin is required and user is not admin
else if (requirement.RequireAdmin && !context.User.IsInRole(UserRoles.Administrator))
{
context.Fail();
}

// Succeed if admin is not required and user is not guest
else if (!requirement.RequireAdmin && context.User.IsInRole(UserRoles.User))
{
context.Succeed(requirement);
}

// Any user-specific checks are handled in the DefaultAuthorizationHandler.
return Task.CompletedTask;
}
Expand Down
79 changes: 55 additions & 24 deletions tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupPolicy/FirstTimeSetupHandlerTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using AutoFixture;
using AutoFixture.AutoMoq;
using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
using Jellyfin.Api.Auth.FirstTimeSetupPolicy;
using Jellyfin.Api.Constants;
using Jellyfin.Data.Entities;
using Jellyfin.Data.Enums;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Controller.Library;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Moq;
using Xunit;

Expand All @@ -18,7 +23,9 @@ public class FirstTimeSetupHandlerTests
{
private readonly Mock<IConfigurationManager> _configurationManagerMock;
private readonly List<IAuthorizationRequirement> _requirements;
private readonly DefaultAuthorizationHandler _defaultAuthorizationHandler;
private readonly FirstTimeSetupHandler _firstTimeSetupHandler;
private readonly IAuthorizationService _authorizationService;
private readonly Mock<IUserManager> _userManagerMock;
private readonly Mock<IHttpContextAccessor> _httpContextAccessor;

Expand All @@ -31,6 +38,21 @@ public FirstTimeSetupHandlerTests()
_httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>();

_firstTimeSetupHandler = fixture.Create<FirstTimeSetupHandler>();
_defaultAuthorizationHandler = fixture.Create<DefaultAuthorizationHandler>();

var services = new ServiceCollection();
services.AddAuthorizationCore();
services.AddLogging();
services.AddOptions();
services.AddSingleton<IAuthorizationHandler>(_defaultAuthorizationHandler);
services.AddSingleton<IAuthorizationHandler>(_firstTimeSetupHandler);
services.AddAuthorization(options =>
{
options.AddPolicy("FirstTime", policy => policy.Requirements.Add(new FirstTimeSetupRequirement()));
options.AddPolicy("FirstTimeNoAdmin", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(false, false)));
options.AddPolicy("FirstTimeSchedule", policy => policy.Requirements.Add(new FirstTimeSetupRequirement(true, false)));
});
_authorizationService = services.BuildServiceProvider().GetRequiredService<IAuthorizationService>();
}

[Theory]
Expand All @@ -45,61 +67,70 @@ public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole)
_httpContextAccessor,
userRole);

var context = new AuthorizationHandlerContext(_requirements, claims, null);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");

await _firstTimeSetupHandler.HandleAsync(context);
Assert.True(context.HasSucceeded);
Assert.True(allowed.Succeeded);
}

[Theory]
[InlineData(UserRoles.Administrator, false)]
[InlineData(UserRoles.Guest, true)]
[InlineData(UserRoles.User, true)]
public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldFail)
[InlineData(UserRoles.Administrator, true)]
[InlineData(UserRoles.Guest, false)]
[InlineData(UserRoles.User, false)]
public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed)
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
userRole);

var context = new AuthorizationHandlerContext(_requirements, claims, null);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");

await _firstTimeSetupHandler.HandleAsync(context);
Assert.Equal(shouldFail, context.HasFailed);
Assert.Equal(shouldSucceed, allowed.Succeeded);
}

[Theory]
[InlineData(UserRoles.Administrator)]
[InlineData(UserRoles.Guest)]
[InlineData(UserRoles.User)]
public async Task ShouldDeferIfNotRequiresAdmin(string userRole)
[InlineData(UserRoles.Administrator, true)]
[InlineData(UserRoles.Guest, false)]
[InlineData(UserRoles.User, true)]
public async Task ShouldRequireUserIfNotAdministrator(string userRole, bool shouldSucceed)
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
userRole);

var context = new AuthorizationHandlerContext(
new List<IAuthorizationRequirement> { new FirstTimeSetupRequirement(false, false) },
claims,
null);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeNoAdmin");

await _firstTimeSetupHandler.HandleAsync(context);
Assert.False(context.HasSucceeded);
Assert.False(context.HasFailed);
Assert.Equal(shouldSucceed, allowed.Succeeded);
}

[Fact]
public async Task ShouldAllowAdminApiKeyIfStartupWizardComplete()
{
TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = new ClaimsPrincipal(new ClaimsIdentity([new Claim(InternalClaimTypes.IsApiKey, bool.TrueString)]));
var context = new AuthorizationHandlerContext(_requirements, claims, null);

await _firstTimeSetupHandler.HandleAsync(context);
Assert.True(context.HasSucceeded);
var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTime");
Assert.True(allowed.Succeeded);
}

[Fact]
public async Task ShouldDisallowUserIfOutsideSchedule()
{
AccessSchedule[] accessSchedules = { new AccessSchedule(DynamicDayOfWeek.Everyday, 0, 0, Guid.Empty) };

TestHelpers.SetupConfigurationManager(_configurationManagerMock, true);
var claims = TestHelpers.SetupUser(
_userManagerMock,
_httpContextAccessor,
UserRoles.User,
accessSchedules);

var allowed = await _authorizationService.AuthorizeAsync(claims, "FirstTimeSchedule");

Assert.False(allowed.Succeeded);
}
}
}

0 comments on commit 7221e7c

Please sign in to comment.