2019-02-20 09:17:30 +00:00
|
|
|
using System;
|
|
|
|
using System.Linq;
|
|
|
|
using System.Text;
|
|
|
|
using System.Threading.Tasks;
|
2019-10-18 22:22:08 +00:00
|
|
|
using MediaBrowser.Common;
|
2019-09-17 16:07:15 +00:00
|
|
|
using MediaBrowser.Common.Cryptography;
|
2019-02-20 09:17:30 +00:00
|
|
|
using MediaBrowser.Controller.Authentication;
|
|
|
|
using MediaBrowser.Model.Cryptography;
|
|
|
|
|
2020-05-15 21:24:01 +00:00
|
|
|
namespace Jellyfin.Server.Implementations.Users
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <summary>
|
|
|
|
/// The default authentication provider.
|
|
|
|
/// </summary>
|
2019-02-20 09:17:30 +00:00
|
|
|
public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
|
|
|
|
{
|
|
|
|
private readonly ICryptoProvider _cryptographyProvider;
|
2019-09-17 16:07:15 +00:00
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
/// <summary>
|
|
|
|
/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
|
|
|
|
/// </summary>
|
|
|
|
/// <param name="cryptographyProvider">The cryptography provider.</param>
|
2019-05-21 17:28:34 +00:00
|
|
|
public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-05-21 17:28:34 +00:00
|
|
|
_cryptographyProvider = cryptographyProvider;
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2019-02-20 09:17:30 +00:00
|
|
|
public string Name => "Default";
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2019-02-20 09:17:30 +00:00
|
|
|
public bool IsEnabled => true;
|
2019-05-11 23:32:20 +00:00
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2019-03-05 07:58:25 +00:00
|
|
|
// This is dumb and an artifact of the backwards way auth providers were designed.
|
|
|
|
// This version of authenticate was never meant to be called, but needs to be here for interface compat
|
|
|
|
// Only the providers that don't provide local user support use this
|
2019-02-20 09:17:30 +00:00
|
|
|
public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
|
|
|
|
{
|
|
|
|
throw new NotImplementedException();
|
|
|
|
}
|
2019-05-11 23:32:20 +00:00
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2019-05-21 17:28:34 +00:00
|
|
|
// This is the version that we need to use for local users. Because reasons.
|
2020-05-13 02:10:35 +00:00
|
|
|
public Task<ProviderAuthenticationResult> Authenticate(string username, string password, Data.Entities.User resolvedUser)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
|
|
|
if (resolvedUser == null)
|
|
|
|
{
|
2020-05-13 02:10:35 +00:00
|
|
|
throw new AuthenticationException("Specified user does not exist.");
|
2019-02-18 09:26:01 +00:00
|
|
|
}
|
|
|
|
|
2019-11-01 17:38:54 +00:00
|
|
|
bool success = false;
|
|
|
|
|
2019-08-28 12:45:46 +00:00
|
|
|
// As long as jellyfin supports passwordless users, we need this little block here to accommodate
|
2020-05-13 02:10:35 +00:00
|
|
|
if (!HasPassword(resolvedUser))
|
2019-02-18 09:26:01 +00:00
|
|
|
{
|
|
|
|
return Task.FromResult(new ProviderAuthenticationResult
|
|
|
|
{
|
|
|
|
Username = username
|
|
|
|
});
|
|
|
|
}
|
2019-02-20 09:17:30 +00:00
|
|
|
|
2020-05-13 02:10:35 +00:00
|
|
|
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
|
2019-02-20 09:17:30 +00:00
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
|
2019-05-21 17:28:34 +00:00
|
|
|
if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
|
|
|
|
|| _cryptographyProvider.DefaultHashMethod == readyHash.Id)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-10-20 19:12:03 +00:00
|
|
|
byte[] calculatedHash = _cryptographyProvider.ComputeHash(
|
|
|
|
readyHash.Id,
|
2020-05-13 02:10:35 +00:00
|
|
|
passwordBytes,
|
2019-12-10 23:13:57 +00:00
|
|
|
readyHash.Salt.ToArray());
|
2019-02-20 09:17:30 +00:00
|
|
|
|
2019-12-10 23:13:57 +00:00
|
|
|
if (readyHash.Hash.SequenceEqual(calculatedHash))
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
|
|
|
success = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2019-05-21 17:28:34 +00:00
|
|
|
throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!success)
|
|
|
|
{
|
2019-05-21 17:28:34 +00:00
|
|
|
throw new AuthenticationException("Invalid username or password");
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return Task.FromResult(new ProviderAuthenticationResult
|
|
|
|
{
|
|
|
|
Username = username
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2020-05-13 02:10:35 +00:00
|
|
|
public bool HasPassword(Data.Entities.User user)
|
2019-05-21 17:28:34 +00:00
|
|
|
=> !string.IsNullOrEmpty(user.Password);
|
2019-02-20 09:17:30 +00:00
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2020-05-13 02:10:35 +00:00
|
|
|
public Task ChangePassword(Data.Entities.User user, string newPassword)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-09-17 16:07:15 +00:00
|
|
|
if (string.IsNullOrEmpty(newPassword))
|
2019-02-18 09:26:01 +00:00
|
|
|
{
|
2019-09-17 16:07:15 +00:00
|
|
|
user.Password = null;
|
2019-02-18 09:26:01 +00:00
|
|
|
return Task.CompletedTask;
|
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);
|
|
|
|
user.Password = newPasswordHash.ToString();
|
2019-02-20 09:17:30 +00:00
|
|
|
|
|
|
|
return Task.CompletedTask;
|
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2020-05-13 02:10:35 +00:00
|
|
|
public void ChangeEasyPassword(Data.Entities.User user, string newPassword, string newPasswordHash)
|
2019-05-25 17:46:55 +00:00
|
|
|
{
|
|
|
|
if (newPassword != null)
|
|
|
|
{
|
2019-09-17 16:07:15 +00:00
|
|
|
newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword).ToString();
|
2019-05-25 17:46:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (string.IsNullOrWhiteSpace(newPasswordHash))
|
|
|
|
{
|
|
|
|
throw new ArgumentNullException(nameof(newPasswordHash));
|
|
|
|
}
|
|
|
|
|
|
|
|
user.EasyPassword = newPasswordHash;
|
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
/// <inheritdoc />
|
2020-05-13 02:10:35 +00:00
|
|
|
public string GetEasyPasswordHash(Data.Entities.User user)
|
2019-05-25 17:46:55 +00:00
|
|
|
{
|
|
|
|
return string.IsNullOrEmpty(user.EasyPassword)
|
|
|
|
? null
|
2019-10-18 22:22:08 +00:00
|
|
|
: Hex.Encode(PasswordHash.Parse(user.EasyPassword).Hash);
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
2020-05-13 02:10:35 +00:00
|
|
|
/// Hashes the provided string.
|
2019-02-20 09:17:30 +00:00
|
|
|
/// </summary>
|
2020-05-13 02:10:35 +00:00
|
|
|
/// <param name="user">The user.</param>
|
|
|
|
/// <param name="str">The string to hash.</param>
|
|
|
|
/// <returns>The hashed string.</returns>
|
|
|
|
public string GetHashedString(Data.Entities.User user, string str)
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-03-05 07:58:25 +00:00
|
|
|
if (string.IsNullOrEmpty(user.Password))
|
2019-02-20 09:17:30 +00:00
|
|
|
{
|
2019-09-17 16:07:15 +00:00
|
|
|
return _cryptographyProvider.CreatePasswordHash(str).ToString();
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
// TODO: make use of iterations parameter?
|
|
|
|
PasswordHash passwordHash = PasswordHash.Parse(user.Password);
|
2019-12-10 23:13:57 +00:00
|
|
|
var salt = passwordHash.Salt.ToArray();
|
2019-09-17 16:07:15 +00:00
|
|
|
return new PasswordHash(
|
|
|
|
passwordHash.Id,
|
|
|
|
_cryptographyProvider.ComputeHash(
|
|
|
|
passwordHash.Id,
|
|
|
|
Encoding.UTF8.GetBytes(str),
|
2019-12-10 23:13:57 +00:00
|
|
|
salt),
|
|
|
|
salt,
|
2019-09-17 16:07:15 +00:00
|
|
|
passwordHash.Parameters.ToDictionary(x => x.Key, y => y.Value)).ToString();
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
2019-05-21 17:28:34 +00:00
|
|
|
|
2020-05-13 02:10:35 +00:00
|
|
|
/// <summary>
|
|
|
|
/// Hashes the provided string.
|
|
|
|
/// </summary>
|
|
|
|
/// <param name="user">The user.</param>
|
|
|
|
/// <param name="str">The string to hash.</param>
|
|
|
|
/// <returns>The hashed string.</returns>
|
|
|
|
public ReadOnlySpan<byte> GetHashed(Data.Entities.User user, string str)
|
2019-05-21 17:28:34 +00:00
|
|
|
{
|
|
|
|
if (string.IsNullOrEmpty(user.Password))
|
|
|
|
{
|
2019-09-17 16:07:15 +00:00
|
|
|
return _cryptographyProvider.CreatePasswordHash(str).Hash;
|
2019-05-21 17:28:34 +00:00
|
|
|
}
|
|
|
|
|
2019-09-17 16:07:15 +00:00
|
|
|
// TODO: make use of iterations parameter?
|
|
|
|
PasswordHash passwordHash = PasswordHash.Parse(user.Password);
|
|
|
|
return _cryptographyProvider.ComputeHash(
|
|
|
|
passwordHash.Id,
|
|
|
|
Encoding.UTF8.GetBytes(str),
|
2019-12-10 23:13:57 +00:00
|
|
|
passwordHash.Salt.ToArray());
|
2019-05-21 17:28:34 +00:00
|
|
|
}
|
2019-02-20 09:17:30 +00:00
|
|
|
}
|
|
|
|
}
|