Home Explore Help
Sign In
mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #2034 from Bond-009/easypass

Fix easy password

(cherry picked from commit 13dd63d631d63ad9e1818af88a3662cae7c88f52)
Signed-off-by: Joshua Boniface <joshua@boniface.me>
Vasily 5 years ago
parent
ffd7835ab5
commit
0f18482ba6
2 changed files with 27 additions and 15 deletions
Split View Show Diff Stats
  1. 13 2
      Emby.Server.Implementations/ApplicationHost.cs
  2. 14 13
      Emby.Server.Implementations/Library/UserManager.cs

+ 13 - 2
Emby.Server.Implementations/ApplicationHost.cs
View File 

@@ -746,7 +746,8 @@ namespace Emby.Server.Implementations
 
 
             serviceCollection.AddSingleton(typeof(IStreamHelper), typeof(StreamHelper));
 
 
-            serviceCollection.AddSingleton(typeof(ICryptoProvider), typeof(CryptographyProvider));
 
+            var cryptoProvider = new CryptographyProvider();
 
+            serviceCollection.AddSingleton<ICryptoProvider>(cryptoProvider);
 
 
             SocketFactory = new SocketFactory();
 
             serviceCollection.AddSingleton(SocketFactory);
 
@@ -786,7 +787,17 @@ namespace Emby.Server.Implementations
 
 
             _userRepository = GetUserRepository();
 
 
-            UserManager = new UserManager(LoggerFactory.CreateLogger<UserManager>(), _userRepository, XmlSerializer, NetworkManager, () => ImageProcessor, () => DtoService, this, JsonSerializer, FileSystemManager);
 
+            UserManager = new UserManager(
 
+                LoggerFactory.CreateLogger<UserManager>(),
 
+                _userRepository,
 
+                XmlSerializer,
 
+                NetworkManager,
 
+                () => ImageProcessor,
 
+                () => DtoService,
 
+                this,
 
+                JsonSerializer,
 
+                FileSystemManager,
 
+                cryptoProvider);
 
 
             serviceCollection.AddSingleton(UserManager);

+ 14 - 13
Emby.Server.Implementations/Library/UserManager.cs
View File 

@@ -24,6 +24,7 @@ using MediaBrowser.Controller.Providers;
 
 using MediaBrowser.Controller.Security;
 
 using MediaBrowser.Controller.Session;
 
 using MediaBrowser.Model.Configuration;
 
+using MediaBrowser.Model.Cryptography;
 
 using MediaBrowser.Model.Dto;
 
 using MediaBrowser.Model.Entities;
 
 using MediaBrowser.Model.Events;
 
@@ -60,6 +61,7 @@ namespace Emby.Server.Implementations.Library
 
         private readonly Func<IDtoService> _dtoServiceFactory;
 
         private readonly IServerApplicationHost _appHost;
 
         private readonly IFileSystem _fileSystem;
 
+        private readonly ICryptoProvider _cryptoProvider;
 
 
         private ConcurrentDictionary<Guid, User> _users;
 
 
@@ -80,7 +82,8 @@ namespace Emby.Server.Implementations.Library
 
             Func<IDtoService> dtoServiceFactory,
 
             IServerApplicationHost appHost,
 
             IJsonSerializer jsonSerializer,
 
-            IFileSystem fileSystem)
 
+            IFileSystem fileSystem,
 
+            ICryptoProvider cryptoProvider)
 
         {
 
             _logger = logger;
 
             _userRepository = userRepository;
 
@@ -91,6 +94,7 @@ namespace Emby.Server.Implementations.Library
 
             _appHost = appHost;
 
             _jsonSerializer = jsonSerializer;
 
             _fileSystem = fileSystem;
 
+            _cryptoProvider = cryptoProvider;
 
             _users = null;
 
         }
 
 
@@ -475,24 +479,21 @@ namespace Emby.Server.Implementations.Library
 
 
             if (!success
 
                 && _networkManager.IsInLocalNetwork(remoteEndPoint)
 
-                && user.Configuration.EnableLocalPassword)
 
+                && user.Configuration.EnableLocalPassword
 
+                && !string.IsNullOrEmpty(user.EasyPassword))
 
             {
 
-                success = string.Equals(
 
-                    GetLocalPasswordHash(user),
 
-                    _defaultAuthenticationProvider.GetHashedString(user, password),
 
-                    StringComparison.OrdinalIgnoreCase);
 
+                // Check easy password
 
+                var passwordHash = PasswordHash.Parse(user.EasyPassword);
 
+                var hash = _cryptoProvider.ComputeHash(
 
+                    passwordHash.Id,
 
+                    Encoding.UTF8.GetBytes(password),
 
+                    passwordHash.Salt);
 
+                success = passwordHash.Hash.SequenceEqual(hash);
 
             }
 
 
             return (authenticationProvider, username, success);
 
         }
 
 
-        private string GetLocalPasswordHash(User user)
 
-        {
 
-            return string.IsNullOrEmpty(user.EasyPassword)
 
-                ? null
 
-                : ToHexString(PasswordHash.Parse(user.EasyPassword).Hash);
 
-        }
 
-
 
         private void ResetInvalidLoginAttemptCount(User user)
 
         {
 
             user.Policy.InvalidLoginAttemptCount = 0;