Ombi-app · tidusjar · May 27, 2023 · May 24, 2023
diff --git a/src/Ombi.Api.Emby/EmbyApi.cs b/src/Ombi.Api.Emby/EmbyApi.cs
@@ -56,7 +56,7 @@ public async Task<PublicInfo> GetPublicInformation(string baseUrl)
             return obj;
         }
 
-        public async Task<EmbyUser> LogIn(string username, string password, string apiKey, string baseUri)
+        public async Task<EmbyUser> LogIn(string username, string password, string apiKey, string baseUri, string clientIpAddress)
         {
             var request = new Request("emby/users/authenticatebyname", baseUri, HttpMethod.Post);
             var body = new
@@ -71,6 +71,11 @@ public async Task<EmbyUser> LogIn(string username, string password, string apiKe
                 $"MediaBrowser Client=\"Ombi\", Device=\"Ombi\", DeviceId=\"v3\", Version=\"v3\"");
             AddHeaders(request, apiKey);
 
+            if (!string.IsNullOrEmpty(clientIpAddress))
+            {
+                request.AddHeader("X-Forwarded-For", clientIpAddress);
+            }
+
             var obj = await Api.Request<EmbyUser>(request);
             return obj;
         }

diff --git a/src/Ombi.Api.Emby/IBaseEmbyApi.cs b/src/Ombi.Api.Emby/IBaseEmbyApi.cs
@@ -11,7 +11,7 @@ public interface IBaseEmbyApi
     {
         Task<EmbySystemInfo> GetSystemInformation(string apiKey, string baseUrl);
         Task<List<EmbyUser>> GetUsers(string baseUri, string apiKey);
-        Task<EmbyUser> LogIn(string username, string password, string apiKey, string baseUri);
+        Task<EmbyUser> LogIn(string username, string password, string apiKey, string baseUri, string clientIpAddress);
 
         Task<EmbyItemContainer<EmbyMovie>> GetAllMovies(string apiKey, string parentIdFilder, int startIndex, int count, string userId,
             string baseUri);

diff --git a/src/Ombi.Core/Authentication/OmbiUserManager.cs b/src/Ombi.Core/Authentication/OmbiUserManager.cs
@@ -69,6 +69,8 @@ public OmbiUserManager(IUserStore<OmbiUser> store, IOptions<IdentityOptions> opt
         private readonly ISettingsService<EmbySettings> _embySettings;
         private readonly ISettingsService<JellyfinSettings> _jellyfinSettings;
         private readonly ISettingsService<AuthenticationSettings> _authSettings;
+        private string _clientIpAddress;
+        public string ClientIpAddress { get => _clientIpAddress; set => _clientIpAddress = value; }
 
         public override async Task<bool> CheckPasswordAsync(OmbiUser user, string password)
         {
@@ -88,7 +90,7 @@ public override async Task<bool> CheckPasswordAsync(OmbiUser user, string passwo
             }
             if (user.UserType == UserType.EmbyUser || user.UserType == UserType.EmbyConnectUser)
             {
-                return await CheckEmbyPasswordAsync(user, password);
+                return await CheckEmbyPasswordAsync(user, password, ClientIpAddress);
             }
             if (user.UserType == UserType.JellyfinUser)
             {
@@ -168,7 +170,7 @@ private async Task<bool> CheckPlexPasswordAsync(OmbiUser user, string password)
         /// <param name="user"></param>
         /// <param name="password"></param>
         /// <returns></returns>
-        private async Task<bool> CheckEmbyPasswordAsync(OmbiUser user, string password)
+        private async Task<bool> CheckEmbyPasswordAsync(OmbiUser user, string password, string clientIpAddress="")
         {
             var embySettings = await _embySettings.GetSettingsAsync();
             var client = _embyApi.CreateClient(embySettings);
@@ -196,7 +198,7 @@ private async Task<bool> CheckEmbyPasswordAsync(OmbiUser user, string password)
             {
                 try
                 {
-                    var result = await client.LogIn(user.UserName, password, server.ApiKey, server.FullUri);
+                    var result = await client.LogIn(user.UserName, password, server.ApiKey, server.FullUri, clientIpAddress);
                     if (result != null)
                     {
                         return true;

diff --git a/src/Ombi/Controllers/BaseController.cs b/src/Ombi/Controllers/BaseController.cs
@@ -0,0 +1,28 @@
+
+using System.Linq;
+using Microsoft.AspNetCore.Mvc;
+
+public class BaseController : Controller
+{
+    protected string GetRequestIP()
+    {
+        string ip = null;
+
+        if (Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("X-Forwarded-For"))
+        {
+            var forwardedip = Request.HttpContext.Request.Headers["X-Forwarded-For"].ToString();
+            ip = forwardedip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault();
+        }
+
+        if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Connection?.RemoteIpAddress != null)
+            ip = Request.HttpContext.Connection.RemoteIpAddress.ToString();
+
+        if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("REMOTE_ADDR"))
+        {
+            var remoteip = Request.HttpContext.Request.Headers["REMOTE_ADDR"].ToString();
+            ip = remoteip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault();
+        }
+
+        return ip;
+    }
+}
diff --git a/src/Ombi/Controllers/V1/IdentityController.cs b/src/Ombi/Controllers/V1/IdentityController.cs
@@ -44,7 +44,7 @@ namespace Ombi.Controllers.V1
     [ApiV1]
     [Produces("application/json")]
     [ApiController]
-    public class IdentityController : Controller
+    public class IdentityController : BaseController
     {
         public IdentityController(OmbiUserManager user,
             RoleManager<IdentityRole> rm,
@@ -555,6 +555,7 @@ public async Task<OmbiIdentityResult> UpdateLocalUser([FromBody] UpdateLocalUser
             }
 
             // Make sure the pass is ok
+            UserManager.ClientIpAddress = GetRequestIP();
             var passwordCheck = await UserManager.CheckPasswordAsync(user, ui.CurrentPassword);
             if (!passwordCheck)
             {

diff --git a/src/Ombi/Controllers/V1/TokenController.cs b/src/Ombi/Controllers/V1/TokenController.cs
@@ -33,7 +33,7 @@ public class Token
     [ApiV1]
     [Produces("application/json")]
     [ApiController]
-    public class TokenController : ControllerBase
+    public class TokenController : BaseController
     {
         public TokenController(OmbiUserManager um, ITokenRepository token,
             IPlexOAuthManager oAuthManager, ILogger<TokenController> logger, ISettingsService<AuthenticationSettings> auth,
@@ -82,7 +82,7 @@ public async Task<IActionResult> GetToken([FromBody] UserAuthModel model)
                     user.EmailLogin = true;
                 }
 
-
+                _userManager.ClientIpAddress = GetRequestIP();
                 // Verify Password
                 if (await _userManager.CheckPasswordAsync(user, model.Password))
                 {
@@ -269,27 +269,6 @@ public class TokenRefresh
             public string Userename { get; set; }
         }
 
-        private string GetRequestIP()
-        {
-            string ip = null;
-
-            if (Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("X-Forwarded-For"))
-            {
-                var forwardedip = Request.HttpContext.Request.Headers["X-Forwarded-For"].ToString();
-                ip = forwardedip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault();
-            }
-
-            if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Connection?.RemoteIpAddress != null)
-                ip = Request.HttpContext.Connection.RemoteIpAddress.ToString();
-
-            if (string.IsNullOrWhiteSpace(ip) && Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey("REMOTE_ADDR"))
-            {
-                var remoteip = Request.HttpContext.Request.Headers["REMOTE_ADDR"].ToString();
-                ip = remoteip.TrimEnd(',').Split(",").Select(s => s.Trim()).FirstOrDefault();
-            }
-
-            return ip;
-        }
 
         [HttpPost("header_auth")]
         [ProducesResponseType(401)]