667c3768a9
- Add detailed debug/warning logs to authentication flows (AuthService, AuthorizationContext, WebSocketManager) for better traceability of auth attempts and failures. - Log WebSocket authentication attempts, including IP, path, and token preview. - Introduce PostgresVersionMismatchException for pg_dump/pg_restore version mismatches; parse and log server/client versions, clean up failed backups, and provide upgrade guidance. - Add helper for parsing version mismatch errors. - Update using directives and minor code cleanups. - Update .csproj.user with new publish profile path.
78 lines
2.8 KiB
C#
78 lines
2.8 KiB
C#
// <copyright file="AuthService.cs" company="PlaceholderCompany">
|
|
// Copyright (c) PlaceholderCompany. All rights reserved.
|
|
// </copyright>
|
|
|
|
#pragma warning disable CS1591
|
|
|
|
using System;
|
|
using System.Threading.Tasks;
|
|
using Jellyfin.Data;
|
|
using Jellyfin.Database.Implementations.Enums;
|
|
using MediaBrowser.Controller.Net;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace Emby.Server.Implementations.HttpServer.Security
|
|
{
|
|
public class AuthService : IAuthService
|
|
{
|
|
private readonly IAuthorizationContext _authorizationContext;
|
|
private readonly ILogger<AuthService> _logger;
|
|
|
|
public AuthService(
|
|
IAuthorizationContext authorizationContext,
|
|
ILogger<AuthService> logger)
|
|
{
|
|
_authorizationContext = authorizationContext;
|
|
_logger = logger;
|
|
}
|
|
|
|
public async Task<AuthorizationInfo> Authenticate(HttpRequest request)
|
|
{
|
|
var auth = await _authorizationContext.GetAuthorizationInfo(request).ConfigureAwait(false);
|
|
|
|
if (!auth.HasToken)
|
|
{
|
|
_logger.LogDebug(
|
|
"Authentication failed: No token provided. Path: {Path}, Client: {Client}, Device: {Device}, DeviceId: {DeviceId}",
|
|
request.Path,
|
|
auth.Client ?? "unknown",
|
|
auth.Device ?? "unknown",
|
|
auth.DeviceId ?? "unknown");
|
|
return auth;
|
|
}
|
|
|
|
if (!auth.IsAuthenticated)
|
|
{
|
|
var tokenPreview = auth.Token?.Length > 8 ? auth.Token.Substring(0, 8) + "..." : auth.Token ?? "null";
|
|
_logger.LogDebug(
|
|
"Authentication failed: Invalid token. Path: {Path}, Client: {Client}, Device: {Device}, DeviceId: {DeviceId}, Token: {Token}",
|
|
request.Path,
|
|
auth.Client ?? "unknown",
|
|
auth.Device ?? "unknown",
|
|
auth.DeviceId ?? "unknown",
|
|
tokenPreview);
|
|
throw new SecurityException("Invalid token.");
|
|
}
|
|
|
|
if (auth.User?.HasPermission(PermissionKind.IsDisabled) ?? false)
|
|
{
|
|
_logger.LogWarning(
|
|
"Authentication failed: User account disabled. User: {User}, Path: {Path}",
|
|
auth.User.Username,
|
|
request.Path);
|
|
throw new SecurityException("User account has been disabled.");
|
|
}
|
|
|
|
_logger.LogDebug(
|
|
"Authentication successful. User: {User}, Client: {Client}, Device: {Device}, Path: {Path}",
|
|
auth.User?.Username ?? "ApiKey",
|
|
auth.Client ?? "unknown",
|
|
auth.Device ?? "unknown",
|
|
request.Path);
|
|
|
|
return auth;
|
|
}
|
|
}
|
|
}
|