Merge pull request #1244 from joshuaboniface/hotfix-authapi

Hotfix authapi

Emby.Server.Implementations/HttpServer/HttpListenerHost.cs

@@ -203,6 +203,7 @@ namespace Emby.Server.Implementations.HttpServer
                 case DirectoryNotFoundException _:
                 case FileNotFoundException _:
                 case ResourceNotFoundException _: return 404;
+                case MethodNotAllowedException _: return 405;
                 case RemoteServiceUnavailableException _: return 502;
                 default: return 500;
             }

MediaBrowser.Api/UserService.cs

@@ -379,10 +379,15 @@ namespace MediaBrowser.Api
                 throw new ResourceNotFoundException("User not found");
             }
 
+            if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
+            {
+                throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
+            }
+
             return Post(new AuthenticateUserByName
             {
                 Username = user.Name,
-                Password = request.Password,
+                Password = null, // This should always be null
                 Pw = request.Pw
             });
         }

MediaBrowser.Common/Extensions/ResourceNotFoundException.cs

@@ -26,6 +26,30 @@ namespace MediaBrowser.Common.Extensions
         }
     }
 
+    /// <summary>
+    /// Class MethodNotAllowedException
+    /// </summary>
+    public class MethodNotAllowedException : Exception
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MethodNotAllowedException" /> class.
+        /// </summary>
+        public MethodNotAllowedException()
+        {
+
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MethodNotAllowedException" /> class.
+        /// </summary>
+        /// <param name="message">The message.</param>
+        public MethodNotAllowedException(string message)
+            : base(message)
+        {
+
+        }
+    }
+
     public class RemoteServiceUnavailableException : Exception
     {
         public RemoteServiceUnavailableException()