fix(#4847): Invalid Discord request fixed, also fixed an issue where App Only users would not show as logged in on the user management page (#4848)

2025-08-14 02:26:55 -07:00 · 2023-01-13 20:47:07 +00:00 · 2023-01-13 20:47:07 +00:00 · f229d88bd7
commit f229d88bd7
parent fed035ab54
4 changed files with 108 additions and 3 deletions
--- a/src/Ombi.Notifications/Agents/DiscordNotification.cs
+++ b/src/Ombi.Notifications/Agents/DiscordNotification.cs
@ -107,7 +107,7 @@ namespace Ombi.Notifications.Agents
                var discordBody = new DiscordWebhookBody
                {
                    content = model.Message,
-                    username = settings.Username,
+                    username = settings.Username ?? "Ombi",
                };

                var fields = new List<DiscordField>();
--- a/src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs
+++ b/src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs
@ -0,0 +1,101 @@
+using Microsoft.AspNetCore.Http;
+using Moq;
+using Moq.AutoMock;
+using NUnit.Framework;
+using NUnit.Framework.Constraints;
+using Ombi.Core.Authentication;
+using Ombi.Test.Common;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Ombi.Tests.Middlewear
+{
+    [TestFixture]
+    public class ApiKeyMiddlewearTests
+    {
+        private AutoMocker _mocker;
+        private ApiKeyMiddlewear _subject;
+        private Mock<IServiceProvider> _serviceProviderMock;
+
+        [SetUp]
+        public void Setup()
+        {
+            _mocker = new AutoMocker();
+            _serviceProviderMock = new Mock<IServiceProvider>();
+            _mocker.Use(_serviceProviderMock);
+            _subject = _mocker.CreateInstance<ApiKeyMiddlewear>();
+        }
+
+        [Test]
+        public async Task NonApiAccess()
+        {
+            var context = GetContext();
+            context.Request.Path = "/notanapi";
+            await _subject.Invoke(context);
+
+            _mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Never);
+        }
+
+        [Test]
+        public async Task ValidateUserAccessToken()
+        {
+            var context = GetContext();
+            context.Request.Path = "/api";
+            context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("test"));
+            var user = new Store.Entities.OmbiUser
+            {
+                UserAccessToken = "test",
+                UserName = "unit test"
+            };
+            var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
+            {
+               user
+            });
+            umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
+            _mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
+                .Returns(umMock.Object);
+
+
+            await _subject.Invoke(context);
+
+            _mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Once);
+            umMock.Verify(x => x.UpdateAsync(user), Times.Once);
+        }
+
+        [Test]
+        public async Task ValidateUserAccessToken_Token_Invalid()
+        {
+            var context = GetContext();
+            context.Request.Path = "/api";
+            context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("invalid"));
+            var user = new Store.Entities.OmbiUser
+            {
+                UserAccessToken = "test",
+                UserName = "unit test"
+            };
+            var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
+            {
+               user
+            });
+            umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
+            _mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
+                .Returns(umMock.Object);
+
+
+            await _subject.Invoke(context);
+
+            Assert.That(context.Response.StatusCode, Is.EqualTo(401));
+            umMock.Verify(x => x.UpdateAsync(user), Times.Never);
+        }
+
+        private HttpContext GetContext()
+        {
+            var context = new DefaultHttpContext();
+            context.RequestServices = _serviceProviderMock.Object;
+            return context;
+        }
+    }
+}
--- a/src/Ombi.Tests/Ombi.Tests.csproj
+++ b/src/Ombi.Tests/Ombi.Tests.csproj
@ -9,6 +9,7 @@
  <ItemGroup>
    <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="6.0.9" />
    <PackageReference Include="Moq" Version="4.18.2" />
+    <PackageReference Include="Moq.AutoMock" Version="3.4.0" />
    <PackageReference Include="Nunit" Version="3.13.3" />
    <PackageReference Include="Hangfire" Version="1.7.31" />
    <PackageReference Include="NUnit.ConsoleRunner" Version="3.15.2" />
@ -18,6 +19,7 @@
  </ItemGroup>

  <ItemGroup>
+    <ProjectReference Include="..\Ombi.Test.Common\Ombi.Test.Common.csproj" />
    <ProjectReference Include="..\Ombi\Ombi.csproj" />
  </ItemGroup>

--- a/src/Ombi/Middleware/ApiKeyMiddlewear.cs
+++ b/src/Ombi/Middleware/ApiKeyMiddlewear.cs
@ -57,7 +57,7 @@ namespace Ombi
            }
        }

-        private async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
+        private static async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
        {
            if (string.IsNullOrEmpty(key))
            {
@ -74,11 +74,13 @@ namespace Ombi
            }
            else
            {
-
                var identity = new GenericIdentity(user.UserName);
                var roles = await um.GetRolesAsync(user);
                var principal = new GenericPrincipal(identity, roles.ToArray());
                context.User = principal;
+                user.LastLoggedIn = DateTime.UtcNow;
+                await um.UpdateAsync(user);
+
                await next.Invoke(context);
            }
        }