Fixed issue where using the API to request a movie/tv show would throw an exception when only using the API Key #3091

2025-07-16 02:02:55 -07:00 · 2019-08-08 15:42:04 +01:00 · 2019-08-08 15:42:04 +01:00 · 769343a128
commit 769343a128
parent 25186ba149
7 changed files with 17 additions and 14 deletions
--- a/src/Ombi.Core/Rule/Rules/Request/AutoApproveRule.cs
+++ b/src/Ombi.Core/Rule/Rules/Request/AutoApproveRule.cs
@ -1,4 +1,5 @@
-using System.Security.Principal;
+using System;
 using System.Security.Principal;
 using System.Threading.Tasks;
 using Microsoft.EntityFrameworkCore;
 using Ombi.Core.Authentication;
@ -23,8 +24,8 @@ namespace Ombi.Core.Rule.Rules.Request
        public async Task<RuleResult> Execute(BaseRequest obj)
        {
-            var user = await _manager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+            var user = await _manager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
-            if (await _manager.IsInRoleAsync(user, OmbiRoles.Admin))
+            if (await _manager.IsInRoleAsync(user, OmbiRoles.Admin) || user.IsSystemUser)
            {
                obj.Approved = true;
                return Success();
--- a/src/Ombi.Core/Rule/Rules/Request/CanRequestRule.cs
+++ b/src/Ombi.Core/Rule/Rules/Request/CanRequestRule.cs
@ -1,3 +1,4 @@
 using System;
 using Ombi.Store.Entities;
 using System.IO;
 using System.Security.Claims;
@ -25,8 +26,8 @@ namespace Ombi.Core.Rule.Rules.Request
        public async Task<RuleResult> Execute(BaseRequest obj)
        {
-            var user = await _manager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+            var user = await _manager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
-            if (await _manager.IsInRoleAsync(user, OmbiRoles.Admin))
+            if (await _manager.IsInRoleAsync(user, OmbiRoles.Admin) || user.IsSystemUser)
                return Success();
            if (obj.RequestType == RequestType.Movie)
--- a/src/Ombi.Core/Rule/Rules/Specific/SendNotificationRule.cs
+++ b/src/Ombi.Core/Rule/Rules/Specific/SendNotificationRule.cs
@ -50,7 +50,7 @@ namespace Ombi.Core.Rule.Rules.Specific
                }
            }
-            if (await UserManager.IsInRoleAsync(requestedUser, OmbiRoles.Admin))
+            if (await UserManager.IsInRoleAsync(requestedUser, OmbiRoles.Admin) || requestedUser.IsSystemUser)
            {
                sendNotification = false; // Don't bother sending a notification if the user is an admin
            }
--- a/src/Ombi.Store/Context/OmbiContext.cs
+++ b/src/Ombi.Store/Context/OmbiContext.cs
@ -101,7 +101,6 @@ namespace Ombi.Store.Context
                        UserName = "Api",
                        UserType = UserType.SystemUser,
                        NormalizedUserName = "API",
                    });
                    SaveChanges();
                    tran.Commit();
--- a/src/Ombi/Controllers/IdentityController.cs
+++ b/src/Ombi/Controllers/IdentityController.cs
@ -233,6 +233,8 @@ namespace Ombi.Controllers
            await CreateRole(OmbiRoles.AutoApproveMovie);
            await CreateRole(OmbiRoles.Admin);
            await CreateRole(OmbiRoles.AutoApproveTv);
            await CreateRole(OmbiRoles.AutoApproveMusic);
            await CreateRole(OmbiRoles.RequestMusic);
            await CreateRole(OmbiRoles.PowerUser);
            await CreateRole(OmbiRoles.RequestMovie);
            await CreateRole(OmbiRoles.RequestTv);
@ -279,7 +281,7 @@ namespace Ombi.Controllers
        [Authorize]
        public async Task<UserViewModel> GetCurrentUser()
        {
-            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
            return await GetUserWithRoles(user);
        }
@ -873,7 +875,7 @@ namespace Ombi.Controllers
        [ApiExplorerSettings(IgnoreApi = true)]
        public async Task<string> GetUserAccessToken()
        {
-            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
            if (user == null)
            {
                return Guid.Empty.ToString("N");
@ -895,7 +897,7 @@ namespace Ombi.Controllers
        [HttpGet("notificationpreferences")]
        public async Task<List<UserNotificationPreferences>> GetUserPreferences()
        {
-            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+            var user = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
            return await GetPreferences(user);
        }
@ -948,7 +950,7 @@ namespace Ombi.Controllers
                    return NotFound();
                }
                // Check if we are editing a different user than ourself, if we are then we need to power user role
-                var me = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+                var me = await UserManager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
                if (!me.Id.Equals(user.Id, StringComparison.InvariantCultureIgnoreCase))
                {
                    var isPowerUser = await UserManager.IsInRoleAsync(me, OmbiRoles.PowerUser);
--- a/src/Ombi/Controllers/IssuesController.cs
+++ b/src/Ombi/Controllers/IssuesController.cs
@ -187,7 +187,7 @@ namespace Ombi.Controllers
                    Comment = c.Comment,
                    Date = c.Date,
                    Username = c.User.UserAlias,
-                    AdminComment = roles.Contains(OmbiRoles.PowerUser) || roles.Contains(OmbiRoles.Admin)
+                    AdminComment = roles.Contains(OmbiRoles.PowerUser) || roles.Contains(OmbiRoles.Admin) || c.User.IsSystemUser
                });
            }
            return vm;
@ -223,7 +223,7 @@ namespace Ombi.Controllers
                UserId = user.Id
            };
-            var isAdmin = await _userManager.IsInRoleAsync(user, OmbiRoles.Admin);
+            var isAdmin = await _userManager.IsInRoleAsync(user, OmbiRoles.Admin) || user.IsSystemUser;
            AddIssueNotificationSubstitutes(notificationModel, issue, issue.UserReported.UserAlias);
            notificationModel.Substitutes.Add("NewIssueComment", comment.Comment);
            notificationModel.Substitutes.Add("AdminComment", isAdmin.ToString());
--- a/src/Ombi/Controllers/MobileController.cs
+++ b/src/Ombi/Controllers/MobileController.cs
@ -40,7 +40,7 @@ namespace Ombi.Controllers
        {
            if (body?.PlayerId.HasValue() ?? false)
            {
-                var user = await _userManager.Users.FirstOrDefaultAsync(x => x.UserName == User.Identity.Name);
+                var user = await _userManager.Users.FirstOrDefaultAsync(x => x.UserName.Equals(User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
                // Check if we already have this notification id
                var alreadyExists = await _notification.GetAll().AnyAsync(x => x.PlayerId == body.PlayerId && x.UserId == user.Id);