Don't accept pre-hashed (not-plaintext) passwords as the auth provider no longer supports this due to sha1+salting the passwords in the database.
@@ -379,6 +379,11 @@ namespace MediaBrowser.Api
throw new ResourceNotFoundException("User not found");
}
+ if (!request.Pw)
+ {
+ throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
+ }
+
return Post(new AuthenticateUserByName
{
Username = user.Name,
Joshua Boniface