core webUI: Fix Infinite redirect with disabled cookies (#15159) resolves #15134

2025-03-09 13:52:03 +00:00 · 2024-03-19 03:22:19 +01:00 · 2024-03-19 03:22:19 +01:00 · 491d0519cf
commit 491d0519cf
parent 466122c339
1 changed files with 27 additions and 19 deletions
--- a/src/Jackett.Server/Controllers/UIController.cs
+++ b/src/Jackett.Server/Controllers/UIController.cs
@ -3,13 +3,11 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
-using Jackett.Common.Models.Config;
 using Jackett.Common.Services.Interfaces;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using NLog;

 namespace Jackett.Server.Controllers
 {
@ -17,35 +15,45 @@ namespace Jackett.Server.Controllers
    [ResponseCache(Location = ResponseCacheLocation.None, NoStore = true)]
    public class WebUIController : Controller
    {
-        private readonly IConfigurationService config;
-        private readonly ServerConfig serverConfig;
-        private readonly ISecurityService securityService;
-        private readonly Logger logger;
+        private readonly IConfigurationService _config;
+        private readonly ISecurityService _securityService;

-        public WebUIController(IConfigurationService config, ISecurityService ss, ServerConfig s, Logger l)
+        public WebUIController(IConfigurationService config, ISecurityService ss)
        {
-            this.config = config;
-            serverConfig = s;
-            securityService = ss;
-            logger = l;
+            _config = config;
+            _securityService = ss;
        }

        [HttpGet]
        [AllowAnonymous]
-        public async Task<IActionResult> Login()
+        public async Task<IActionResult> Login([FromQuery] string cookiesChecked)
        {
-            if (string.IsNullOrEmpty(serverConfig.AdminPassword))
+            if (string.IsNullOrEmpty(cookiesChecked))
            {
-                await MakeUserAuthenticated();
+                HttpContext.Response.Cookies.Append("TestCookie", "1");
+                return Redirect("TestCookie");
            }

-            if (User.Identity.IsAuthenticated)
+            if (_securityService.CheckAuthorised(string.Empty))
            {
+                await MakeUserAuthenticated();
                return Redirect("Dashboard");
            }

-            return new PhysicalFileResult(config.GetContentFolder() + "/login.html", "text/html");
-            ;
+            return User.Identity.IsAuthenticated
+                ? Redirect("Dashboard")
+                : (IActionResult)new PhysicalFileResult(_config.GetContentFolder() + "/login.html", "text/html");
+        }
+
+        [HttpGet]
+        [AllowAnonymous]
+        public IActionResult TestCookie()
+        {
+            if (HttpContext.Request.Cookies.Any(x => x.Key == "TestCookie"))
+            {
+                return Redirect("Login?cookiesChecked=1");
+            }
+            return BadRequest("Cookies required");
        }

        [HttpGet]
@ -60,7 +68,7 @@ namespace Jackett.Server.Controllers
        [AllowAnonymous]
        public async Task<IActionResult> Dashboard([FromForm] string password)
        {
-            if (securityService.CheckAuthorised(password))
+            if (_securityService.CheckAuthorised(password))
                await MakeUserAuthenticated();

            return Redirect("Dashboard");
@ -77,7 +85,7 @@ namespace Jackett.Server.Controllers
                return Redirect("Logout");
            }

-            return new PhysicalFileResult(config.GetContentFolder() + "/index.html", "text/html");
+            return new PhysicalFileResult(_config.GetContentFolder() + "/index.html", "text/html");
        }

        //TODO: Move this to security service once off Mono