From 2e8c19d63182b2c8c52ffeed729fe54e9aef4d9b Mon Sep 17 00:00:00 2001
From: Ersei Saggi <vcs@ersei.net>
Date: Mon, 13 May 2024 09:17:42 -0400
Subject: [PATCH] Update for Jellyfin 10.9

---
 SSO-Auth/Api/SSOController.cs                 |  25 ++--
 SSO-Auth/SSO-Auth.csproj                      |  14 +-
 SSO-Auth/{Api => Views}/SSOViewsController.cs |   8 +-
 build.yaml                                    |   7 +-
 flake.lock                                    |   6 +-
 flake.nix                                     |   2 +-
 jellyfin.ruleset                              | 129 +++++++++---------
 7 files changed, 100 insertions(+), 91 deletions(-)
 rename SSO-Auth/{Api => Views}/SSOViewsController.cs (93%)

diff --git a/SSO-Auth/Api/SSOController.cs b/SSO-Auth/Api/SSOController.cs
index f4f6ba9..5c055bc 100644
--- a/SSO-Auth/Api/SSOController.cs
+++ b/SSO-Auth/Api/SSOController.cs
@@ -10,6 +10,7 @@ using Jellyfin.Data.Entities;
 using Jellyfin.Data.Enums;
 using Jellyfin.Plugin.SSO_Auth.Config;
 using Jellyfin.Plugin.SSO_Auth.Helpers;
+using MediaBrowser.Common.Api;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Library;
 using MediaBrowser.Controller.Net;
@@ -327,7 +328,7 @@ public class SSOController : ControllerBase
     /// </summary>
     /// <param name="provider">The name of the provider to add.</param>
     /// <param name="config">The OID configuration (deserialized from a JSON post).</param>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpPost("OID/Add/{provider}")]
     public void OidAdd(string provider, [FromBody] OidConfig config)
     {
@@ -340,7 +341,7 @@ public class SSOController : ControllerBase
     /// Deletes an OpenID provider.
     /// </summary>
     /// <param name="provider">Name of provider to delete.</param>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpGet("OID/Del/{provider}")]
     public void OidDel(string provider)
     {
@@ -353,7 +354,7 @@ public class SSOController : ControllerBase
     /// Lists the OpenID providers configured. Requires administrator privileges.
     /// </summary>
     /// <returns>The list of OpenID configurations.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpGet("OID/Get")]
     public ActionResult OidProviders()
     {
@@ -384,7 +385,7 @@ public class SSOController : ControllerBase
     /// This is a debug endpoint to list all running OpenID flows. Requires administrator privileges.
     /// </summary>
     /// <returns>The list of OpenID flows in progress.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpGet("OID/States")]
     public ActionResult OidStates()
     {
@@ -557,7 +558,7 @@ public class SSOController : ControllerBase
     /// <param name="provider">The provider name to add.</param>
     /// <param name="newConfig">The SAML configuration object (deserialized) from JSON.</param>
     /// <returns>The success result.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpPost("SAML/Add/{provider}")]
     public OkResult SamlAdd(string provider, [FromBody] SamlConfig newConfig)
     {
@@ -572,7 +573,7 @@ public class SSOController : ControllerBase
     /// </summary>
     /// <param name="provider">The ID of the provider to delete.</param>
     /// <returns>The success result.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpGet("SAML/Del/{provider}")]
     public OkResult SamlDel(string provider)
     {
@@ -586,7 +587,7 @@ public class SSOController : ControllerBase
     /// Returns a list of all SAML providers configured. Requires administrator privileges.
     /// </summary>
     /// <returns>A list of all of the Saml providers available.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpGet("SAML/Get")]
     public ActionResult SamlProviders()
     {
@@ -699,7 +700,7 @@ public class SSOController : ControllerBase
     /// <param name="username">The username to switch to the new provider.</param>
     /// <param name="provider">The new provider to switch to.</param>
     /// <returns>Whether this API endpoint succeeded.</returns>
-    [Authorize(Policy = "RequiresElevation")]
+    [Authorize(Policy = Policies.RequiresElevation)]
     [HttpPost("Unregister/{username}")]
     public ActionResult Unregister(string username, [FromBody] string provider)
     {
@@ -791,7 +792,7 @@ public class SSOController : ControllerBase
     /// <param name="jellyfinUserId">The user ID within jellyfin to link to the provider.</param>
     /// <param name="authResponse">The client information to authenticate the user with.</param>
     /// <returns>Whether this API endpoint succeeded.</returns>
-    [Authorize(Policy = "DefaultAuthorization")]
+    [Authorize]
     [HttpPost("{mode}/Link/{provider}/{jellyfinUserId}")]
     [Consumes(MediaTypeNames.Application.Json)]
     [Produces(MediaTypeNames.Application.Json)]
@@ -821,7 +822,7 @@ public class SSOController : ControllerBase
     /// <param name="jellyfinUserId">The user ID within jellyfin to unlink from the provider.</param>
     /// <param name="canonicalName">The user ID within jellyfin to unlink.</param>
     /// <returns>Whether this API endpoint succeeded.</returns>
-    [Authorize(Policy = "DefaultAuthorization")]
+    [Authorize]
     [HttpDelete("{mode}/Link/{provider}/{jellyfinUserId}/{canonicalName}")]
     [Consumes(MediaTypeNames.Application.Json)]
     [Produces(MediaTypeNames.Application.Json)]
@@ -851,7 +852,7 @@ public class SSOController : ControllerBase
     /// </summary>
     /// <param name="jellyfinUserId">The user ID within jellyfin for which to return the links.</param>
     /// <returns>A dictionary of provider : link mappings.</returns>
-    [Authorize(Policy = "DefaultAuthorization")]
+    [Authorize]
     [HttpGet("saml/links/{jellyfinUserId}")]
     [Produces(MediaTypeNames.Application.Json)]
     public async Task<ActionResult<SerializableDictionary<string, IEnumerable<string>>>> GetSamlLinksByUser(Guid jellyfinUserId)
@@ -879,7 +880,7 @@ public class SSOController : ControllerBase
     /// </summary>
     /// <param name="jellyfinUserId">The user ID within jellyfin for which to return the links.</param>
     /// <returns>A dictionary of provider : link mappings.</returns>
-    [Authorize(Policy = "DefaultAuthorization")]
+    [Authorize]
     [HttpGet("oid/links/{jellyfinUserId}")]
     [Produces(MediaTypeNames.Application.Json)]
     public async Task<ActionResult<SerializableDictionary<string, IEnumerable<string>>>> GetOidLinksByUser(Guid jellyfinUserId)
diff --git a/SSO-Auth/SSO-Auth.csproj b/SSO-Auth/SSO-Auth.csproj
index 52dc141..bd49837 100644
--- a/SSO-Auth/SSO-Auth.csproj
+++ b/SSO-Auth/SSO-Auth.csproj
@@ -1,10 +1,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <RootNamespace>Jellyfin.Plugin.SSO_Auth</RootNamespace>
-    <AssemblyVersion>3.5.2.3</AssemblyVersion>
-    <FileVersion>3.5.2.3</FileVersion>
+    <AssemblyVersion>3.5.2.4</AssemblyVersion>
+    <FileVersion>3.5.2.4</FileVersion>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
   </PropertyGroup>
@@ -29,16 +29,16 @@
 
   <ItemGroup>
     <FrameworkReference Include="Microsoft.AspNetCore.App" />
-    <PackageReference Include="IdentityModel.OidcClient" Version="5.0.0" />
+    <PackageReference Include="IdentityModel.OidcClient" Version="5.2.1" />
     <PackageReference Include="Jellyfin.Controller" Version="10.*-*" />
     <PackageReference Include="Jellyfin.Model" Version="10.*-*" />
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-    <PackageReference Include="System.Security.Cryptography.Xml" Version="6.0.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="System.Security.Cryptography.Xml" Version="6.0.1" />
   </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="SerilogAnalyzer" Version="0.15.0" PrivateAssets="All" />
-    <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.376" PrivateAssets="All" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556" PrivateAssets="all" />
     <PackageReference Include="SmartAnalyzers.MultithreadingAnalyzer" Version="1.1.31" PrivateAssets="All" />
   </ItemGroup>
 
diff --git a/SSO-Auth/Api/SSOViewsController.cs b/SSO-Auth/Views/SSOViewsController.cs
similarity index 93%
rename from SSO-Auth/Api/SSOViewsController.cs
rename to SSO-Auth/Views/SSOViewsController.cs
index c710291..96b5e98 100644
--- a/SSO-Auth/Api/SSOViewsController.cs
+++ b/SSO-Auth/Views/SSOViewsController.cs
@@ -36,8 +36,8 @@ public class SSOViewsController : ControllerBase
         _sessionManager = sessionManager;
         _userManager = userManager;
         _authContext = authContext;
-        _logger = logger;
-        _logger.LogInformation("SSO Views Controller initialized");
+        // _logger = logger;
+        // _logger.LogInformation("SSO Views Controller initialized");
     }
 
     private ActionResult ServeView(string viewName)
@@ -66,7 +66,7 @@ public class SSOViewsController : ControllerBase
 
         if (stream == null)
         {
-            _logger.LogError("Failed to get resource {Resource}", view.EmbeddedResourcePath);
+            // _logger.LogError("Failed to get resource {Resource}", view.EmbeddedResourcePath);
             return NotFound();
         }
 #nullable disable
@@ -83,4 +83,4 @@ public class SSOViewsController : ControllerBase
     {
         return ServeView(viewName);
     }
-}
\ No newline at end of file
+}
diff --git a/build.yaml b/build.yaml
index 72fc0f4..c8f8a98 100644
--- a/build.yaml
+++ b/build.yaml
@@ -1,9 +1,9 @@
 name: "SSO Authentication"
 guid: "505ce9d1-d916-42fa-86ca-673ef241d7df"
 imageUrl: "https://raw.githubusercontent.com/9p4/jellyfin-plugin-sso/main/img/logo.png"
-version: "3.5.2.3"
-targetAbi: "10.8.0.0"
-framework: "net6.0"
+version: "3.5.2.4"
+targetAbi: "10.9.0.0"
+framework: "net8.0"
 owner: "9p4"
 overview: "Authenticate users against an SSO provider."
 description: |
@@ -15,6 +15,7 @@ artifacts:
   - "IdentityModel.OidcClient.dll"
   - "IdentityModel.dll"
 changelog: |
+  3.5.2.4: Updates for Jellyfin 10.9
   3.5.2.3: Improve OpenID discovery policy security rules, fix iOS login bugs related to cache
   3.5.2.2: Fix linking page when using new paths
   3.5.2.1: Hotfix for SAML null checks
diff --git a/flake.lock b/flake.lock
index c9418e7..b80c063 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1707205916,
-        "narHash": "sha256-fmRJilYGlB7VCt3XsdYxrA0u8e/K84O5xYucerUY0iM=",
+        "lastModified": 1715499532,
+        "narHash": "sha256-9UJLb8rdi2VokYcfOBQHUzP3iNxOPNWcbK++ENElpk0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8cc79aa39bbc6eaedaf286ae655b224c71e02907",
+        "rev": "af8b9db5c00f1a8e4b83578acc578ff7d823b786",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 8464d9d..97647ce 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,6 +5,6 @@
     let pkgs = nixpkgs.legacyPackages.x86_64-linux;
     in {
       devShell.x86_64-linux =
-        pkgs.mkShell { buildInputs = [ pkgs.nodePackages.prettier pkgs.dotnet-sdk ]; };
+        pkgs.mkShell { buildInputs = [ pkgs.nodePackages.prettier pkgs.dotnet-sdk_8 ]; };
    };
 }
diff --git a/jellyfin.ruleset b/jellyfin.ruleset
index 45ab725..5855711 100644
--- a/jellyfin.ruleset
+++ b/jellyfin.ruleset
@@ -1,68 +1,75 @@
 <?xml version="1.0" encoding="utf-8"?>
-<RuleSet Name="Rules for Jellyfin.Server" Description="Code analysis rules for Jellyfin.Server.csproj" ToolsVersion="14.0">
-  <Rules AnalyzerId="StyleCop.Analyzers" RuleNamespace="StyleCop.Analyzers">
-    <!-- disable warning SA1202: 'public' members must come before 'private' members -->
-    <Rule Id="SA1202" Action="Info" />
-    <!-- disable warning SA1204: Static members must appear before non-static members -->
-    <Rule Id="SA1204" Action="Info" />
-    <!-- disable warning SA1404: Code analysis suppression should have justification -->
-    <Rule Id="SA1404" Action="Info" />
+<RuleSet Name="Rules for Jellyfin.Server"
+	Description="Code analysis rules for Jellyfin.Server.csproj" ToolsVersion="14.0">
+	<Rules AnalyzerId="StyleCop.Analyzers" RuleNamespace="StyleCop.Analyzers">
+		<!-- disable warning SA1202: 'public' members must come before 'private' members -->
+		<Rule Id="SA1202" Action="Info" />
+		<!-- disable warning SA1204: Static members must appear before non-static members -->
+		<Rule Id="SA1204" Action="Info" />
+		<!-- disable warning SA1404: Code analysis suppression should have justification -->
+		<Rule Id="SA1404" Action="Info" />
 
-    <!-- disable warning SA1009: Closing parenthesis should be followed by a space. -->
-    <Rule Id="SA1009" Action="None" />
-    <!-- disable warning SA1101: Prefix local calls with 'this.' -->
-    <Rule Id="SA1101" Action="None" />
-    <!-- disable warning SA1108: Block statements should not contain embedded comments -->
-    <Rule Id="SA1108" Action="None" />
-    <!-- disable warning SA1128:: Put constructor initializers on their own line -->
-    <Rule Id="SA1128" Action="None" />
-    <!-- disable warning SA1130: Use lambda syntax -->
-    <Rule Id="SA1130" Action="None" />
-    <!-- disable warning SA1200: 'using' directive must appear within a namespace declaration -->
-    <Rule Id="SA1200" Action="None" />
-    <!-- disable warning SA1309: Fields must not begin with an underscore -->
-    <Rule Id="SA1309" Action="None" />
-    <!-- disable warning SA1413: Use trailing comma in multi-line initializers -->
-    <Rule Id="SA1413" Action="None" />
-    <!-- disable warning SA1512: Single-line comments must not be followed by blank line -->
-    <Rule Id="SA1512" Action="None" />
-    <!-- disable warning SA1515: Single-line comment should be preceded by blank line -->
-    <Rule Id="SA1515" Action="None" />
-    <!-- disable warning SA1600: Elements should be documented -->
-    <Rule Id="SA1600" Action="None" />
-    <!-- disable warning SA1633: The file header is missing or not located at the top of the file -->
-    <Rule Id="SA1633" Action="None" />
-  </Rules>
+		<!-- disable warning SA1009: Closing parenthesis should be followed by a space. -->
+		<Rule Id="SA1009" Action="None" />
+		<!-- disable warning SA1101: Prefix local calls with 'this.' -->
+		<Rule Id="SA1101" Action="None" />
+		<!-- disable warning SA1108: Block statements should not contain embedded comments -->
+		<Rule Id="SA1108" Action="None" />
+		<!-- disable warning SA1128:: Put constructor initializers on their own line -->
+		<Rule Id="SA1128" Action="None" />
+		<!-- disable warning SA1130: Use lambda syntax -->
+		<Rule Id="SA1130" Action="None" />
+		<!-- disable warning SA1200: 'using' directive must appear within a namespace declaration -->
+		<Rule Id="SA1200" Action="None" />
+		<!-- disable warning SA1309: Fields must not begin with an underscore -->
+		<Rule Id="SA1309" Action="None" />
+		<!-- disable warning SA1402: File may only contain a single type  -->
+		<Rule Id="SA1402" Action="None" />
+		<!-- disable warning SA1413: Use trailing comma in multi-line initializers -->
+		<Rule Id="SA1413" Action="None" />
+		<!-- disable warning SA1512: Single-line comments must not be followed by blank line -->
+		<Rule Id="SA1512" Action="None" />
+		<!-- disable warning SA1515: Single-line comment should be preceded by blank line -->
+		<Rule Id="SA1515" Action="None" />
+		<!-- disable warning SA1600: Elements should be documented -->
+		<Rule Id="SA1600" Action="None" />
+		<!-- disable warning SA1633: The file header is missing or not located at the top of the
+		file -->
+		<Rule Id="SA1633" Action="None" />
+		<!-- disable warning SA1649: File name should match first type name -->
+		<Rule Id="SA1649" Action="None" />
+	</Rules>
 
-  <Rules AnalyzerId="Microsoft.CodeAnalysis.FxCopAnalyzers" RuleNamespace="Microsoft.Design">
-    <!-- disable warning CA1031: Do not catch general exception types -->
-    <Rule Id="CA1031" Action="Info" />
-    <!-- disable warning CA1032: Implement standard exception constructors -->
-    <Rule Id="CA1032" Action="Info" />
-    <!-- disable warning CA1062: Validate arguments of public methods -->
-    <Rule Id="CA1062" Action="Info" />
-    <!-- disable warning CA1716: Identifiers should not match keywords -->
-    <Rule Id="CA1716" Action="Info" />
-    <!-- disable warning CA1720: Identifiers should not contain type names -->
-    <Rule Id="CA1720" Action="Info" />
-    <!-- disable warning CA1812: internal class that is apparently never instantiated.
+	<Rules AnalyzerId="Microsoft.CodeAnalysis.FxCopAnalyzers" RuleNamespace="Microsoft.Design">
+		<!-- disable warning CA1031: Do not catch general exception types -->
+		<Rule Id="CA1031" Action="Info" />
+		<!-- disable warning CA1032: Implement standard exception constructors -->
+		<Rule Id="CA1032" Action="Info" />
+		<!-- disable warning CA1062: Validate arguments of public methods -->
+		<Rule Id="CA1062" Action="Info" />
+		<!-- disable warning CA1716: Identifiers should not match keywords -->
+		<Rule Id="CA1716" Action="Info" />
+		<!-- disable warning CA1720: Identifiers should not contain type names -->
+		<Rule Id="CA1720" Action="Info" />
+		<!-- disable warning CA1812: internal class that is apparently never instantiated.
         If so, remove the code from the assembly.
         If this class is intended to contain only static members, make it static -->
-    <Rule Id="CA1812" Action="Info" />
-    <!-- disable warning CA1822: Member does not access instance data and can be marked as static -->
-    <Rule Id="CA1822" Action="Info" />
-    <!-- disable warning CA2000: Dispose objects before losing scope -->
-    <Rule Id="CA2000" Action="Info" />
+		<Rule Id="CA1812" Action="Info" />
+		<!-- disable warning CA1822: Member does not access instance data and can be marked as
+		static -->
+		<Rule Id="CA1822" Action="Info" />
+		<!-- disable warning CA2000: Dispose objects before losing scope -->
+		<Rule Id="CA2000" Action="Info" />
 
-    <!-- disable warning CA1054: Change the type of parameter url from string to System.Uri -->
-    <Rule Id="CA1054" Action="None" />
-    <!-- disable warning CA1055: URI return values should not be strings -->
-    <Rule Id="CA1055" Action="None" />
-    <!-- disable warning CA1056: URI properties should not be strings -->
-    <Rule Id="CA1056" Action="None" />
-    <!-- disable warning CA1303: Do not pass literals as localized parameters -->
-    <Rule Id="CA1303" Action="None" />
-    <!-- disable warning CA1308: Normalize strings to uppercase -->
-    <Rule Id="CA1308" Action="None" />
-  </Rules>
+		<!-- disable warning CA1054: Change the type of parameter url from string to System.Uri -->
+		<Rule Id="CA1054" Action="None" />
+		<!-- disable warning CA1055: URI return values should not be strings -->
+		<Rule Id="CA1055" Action="None" />
+		<!-- disable warning CA1056: URI properties should not be strings -->
+		<Rule Id="CA1056" Action="None" />
+		<!-- disable warning CA1303: Do not pass literals as localized parameters -->
+		<Rule Id="CA1303" Action="None" />
+		<!-- disable warning CA1308: Normalize strings to uppercase -->
+		<Rule Id="CA1308" Action="None" />
+	</Rules>
 </RuleSet>