alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-06-05 07:18:47 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Don't remove all tokens if invalid header (#10490)

Browse Source
This commit is contained in:
Cody Robibero
2023-10-30 15:31:13 -06:00
committed by GitHub
parent b26eb7dd6b
commit 8c5fc80282
2 changed files with 121 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Emby.Server.Implementations/Session/SessionManager.cs
View File

@@ -1453,10 +1453,15 @@ namespace Emby.Server.Implementations.Session
return AuthenticateNewSessionInternal(request, false);
}
private async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
internal async Task<AuthenticationResult> AuthenticateNewSessionInternal(AuthenticationRequest request, bool enforcePassword)
{
CheckDisposed();
ArgumentException.ThrowIfNullOrEmpty(request.App);
ArgumentException.ThrowIfNullOrEmpty(request.DeviceId);
ArgumentException.ThrowIfNullOrEmpty(request.DeviceName);
ArgumentException.ThrowIfNullOrEmpty(request.AppVersion);
User user = null;
if (!request.UserId.Equals(default))
{
@@ -1517,8 +1522,11 @@ namespace Emby.Server.Implementations.Session
return returnResult;
}
private async Task<string> GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
internal async Task<string> GetAuthorizationToken(User user, string deviceId, string app, string appVersion, string deviceName)
{
// This should be validated above, but if it isn't don't delete all tokens.
ArgumentException.ThrowIfNullOrEmpty(deviceId);
var existing = (await _deviceManager.GetDevices(
new DeviceQuery
{