Home Explore Help
Sign In
mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Return MethodNotAllowedException if Pw is not set

Don't accept pre-hashed (not-plaintext) passwords as the auth
provider no longer supports this due to sha1+salting the passwords
in the database.
Joshua Boniface 6 years ago
parent
250e0c75df
commit
e790f024c2
1 changed files with 5 additions and 0 deletions
Unified View Show Diff Stats
  1. 5 0
      MediaBrowser.Api/UserService.cs

+ 5 - 0
MediaBrowser.Api/UserService.cs
View File 

@@ -379,6 +379,11 @@ namespace MediaBrowser.Api
 
                 throw new ResourceNotFoundException("User not found");
 
                 throw new ResourceNotFoundException("User not found");
 
             }
 
             }
 
 
 
+            if (!request.Pw)
 
+            {
 
+                throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
 
+            }
 
+
 
             return Post(new AuthenticateUserByName
 
             return Post(new AuthenticateUserByName
 
             {
 
             {
 
                 Username = user.Name,
 
                 Username = user.Name,