chrisryn/requestarr
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

feat: check if first jellyfin user is admin (#635)

Browse Source 
* feat: merge check if first jellyfin user is admin

re #610

* refactor(i18n): extract admin error message into en locale

---------

Co-authored-by: fallenbagel <98979876+Fallenbagel@users.noreply.github.com>
This commit is contained in:
Danish Humair
2024-03-30 05:53:14 +05:00
committed by GitHub
parent 530be4272c
commit 010df62776
4 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/api/jellyfin.ts
View File

@@ -9,6 +9,9 @@ export interface JellyfinUserResponse {
ServerId: string; ServerId: string;
ServerName: string; ServerName: string;
Id: string; Id: string;
Policy: {
IsAdministrator: boolean;
};
PrimaryImageTag?: string; PrimaryImageTag?: string;
} }

10
server/routes/auth.ts
View File

@@ -276,6 +276,11 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
}); });
if (!user && !(await userRepository.count())) { if (!user && !(await userRepository.count())) {
// Check if user is admin on jellyfin
if (account.User.Policy.IsAdministrator === false) {
throw new Error('not_admin');
}
logger.info( logger.info(
'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr', 'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr',
{ {
@@ -423,6 +428,11 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
status: 401, status: 401,
message: 'Unauthorized', message: 'Unauthorized',
}); });
} else if (e.message === 'not_admin') {
return next({
status: 403,
message: 'CREDENTIAL_ERROR_NOT_ADMIN',
});
} else if (e.message === 'add_email') { } else if (e.message === 'add_email') {
return next({ return next({
status: 406, status: 406,

3
src/components/Login/JellyfinLogin.tsx
View File

@@ -24,6 +24,7 @@ const messages = defineMessages({
validationusernamerequired: 'Username required', validationusernamerequired: 'Username required',
validationpasswordrequired: 'Password required', validationpasswordrequired: 'Password required',
loginerror: 'Something went wrong while trying to sign in.', loginerror: 'Something went wrong while trying to sign in.',
adminerror: 'You must use an admin account to sign in.',
credentialerror: 'The username or password is incorrect.', credentialerror: 'The username or password is incorrect.',
signingin: 'Signing in…', signingin: 'Signing in…',
signin: 'Sign In', signin: 'Sign In',
@@ -94,6 +95,8 @@ const JellyfinLogin: React.FC<JellyfinLoginProps> = ({
intl.formatMessage( intl.formatMessage(
e.message == 'Request failed with status code 401' e.message == 'Request failed with status code 401'
? messages.credentialerror ? messages.credentialerror
: e.message == 'Request failed with status code 403'
? messages.adminerror
: messages.loginerror : messages.loginerror
), ),
{ {

1
src/i18n/locale/en.json
View File

@@ -220,6 +220,7 @@
"components.Layout.VersionStatus.streamdevelop": "Overseerr Develop", "components.Layout.VersionStatus.streamdevelop": "Overseerr Develop",
"components.Layout.VersionStatus.streamstable": "Overseerr Stable", "components.Layout.VersionStatus.streamstable": "Overseerr Stable",
"components.Login.credentialerror": "The username or password is incorrect.", "components.Login.credentialerror": "The username or password is incorrect.",
"components.Login.adminerror": "You must use an admin account to sign in.",
"components.Login.description": "Since this is your first time logging into {applicationName}, you are required to add a valid email address.", "components.Login.description": "Since this is your first time logging into {applicationName}, you are required to add a valid email address.",
"components.Login.email": "Email Address", "components.Login.email": "Email Address",
"components.Login.emailtooltip": "Address does not need to be associated with your {mediaServerName} instance.", "components.Login.emailtooltip": "Address does not need to be associated with your {mediaServerName} instance.",