jellyfin-server/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs

178 lines
6.1 KiB
C#
Raw Normal View History

2019-02-20 09:17:30 +00:00
using System;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
2019-10-18 22:22:08 +00:00
using MediaBrowser.Common;
using MediaBrowser.Common.Cryptography;
2019-02-20 09:17:30 +00:00
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Model.Cryptography;
namespace Emby.Server.Implementations.Library
{
2019-11-01 17:38:54 +00:00
/// <summary>
/// The default authentication provider.
/// </summary>
2019-02-20 09:17:30 +00:00
public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
{
private readonly ICryptoProvider _cryptographyProvider;
2019-11-01 17:38:54 +00:00
/// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
/// </summary>
/// <param name="cryptographyProvider">The cryptography provider.</param>
2019-05-21 17:28:34 +00:00
public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)
2019-02-20 09:17:30 +00:00
{
2019-05-21 17:28:34 +00:00
_cryptographyProvider = cryptographyProvider;
2019-02-20 09:17:30 +00:00
}
/// <inheritdoc />
2019-02-20 09:17:30 +00:00
public string Name => "Default";
/// <inheritdoc />
2019-02-20 09:17:30 +00:00
public bool IsEnabled => true;
/// <inheritdoc />
2019-03-05 07:58:25 +00:00
// This is dumb and an artifact of the backwards way auth providers were designed.
// This version of authenticate was never meant to be called, but needs to be here for interface compat
// Only the providers that don't provide local user support use this
2019-02-20 09:17:30 +00:00
public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
{
throw new NotImplementedException();
}
/// <inheritdoc />
2019-05-21 17:28:34 +00:00
// This is the version that we need to use for local users. Because reasons.
2019-02-20 09:17:30 +00:00
public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)
{
if (resolvedUser == null)
{
2019-05-21 17:28:34 +00:00
throw new ArgumentNullException(nameof(resolvedUser));
}
2019-11-01 17:38:54 +00:00
bool success = false;
2019-08-28 12:45:46 +00:00
// As long as jellyfin supports passwordless users, we need this little block here to accommodate
2019-05-21 17:28:34 +00:00
if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
{
return Task.FromResult(new ProviderAuthenticationResult
{
Username = username
});
}
2019-02-20 09:17:30 +00:00
byte[] passwordbytes = Encoding.UTF8.GetBytes(password);
PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
2019-05-21 17:28:34 +00:00
if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
|| _cryptographyProvider.DefaultHashMethod == readyHash.Id)
2019-02-20 09:17:30 +00:00
{
byte[] calculatedHash = _cryptographyProvider.ComputeHash(
readyHash.Id,
passwordbytes,
2019-12-10 23:13:57 +00:00
readyHash.Salt.ToArray());
2019-02-20 09:17:30 +00:00
2019-12-10 23:13:57 +00:00
if (readyHash.Hash.SequenceEqual(calculatedHash))
2019-02-20 09:17:30 +00:00
{
success = true;
}
}
else
{
2019-05-21 17:28:34 +00:00
throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
2019-02-20 09:17:30 +00:00
}
if (!success)
{
2019-05-21 17:28:34 +00:00
throw new AuthenticationException("Invalid username or password");
2019-02-20 09:17:30 +00:00
}
return Task.FromResult(new ProviderAuthenticationResult
{
Username = username
});
}
/// <inheritdoc />
2019-05-21 17:28:34 +00:00
public bool HasPassword(User user)
=> !string.IsNullOrEmpty(user.Password);
2019-02-20 09:17:30 +00:00
/// <inheritdoc />
2019-02-20 09:17:30 +00:00
public Task ChangePassword(User user, string newPassword)
{
if (string.IsNullOrEmpty(newPassword))
{
user.Password = null;
return Task.CompletedTask;
}
PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);
user.Password = newPasswordHash.ToString();
2019-02-20 09:17:30 +00:00
return Task.CompletedTask;
}
/// <inheritdoc />
public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
{
if (newPassword != null)
{
newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword).ToString();
}
if (string.IsNullOrWhiteSpace(newPasswordHash))
{
throw new ArgumentNullException(nameof(newPasswordHash));
}
user.EasyPassword = newPasswordHash;
}
/// <inheritdoc />
public string GetEasyPasswordHash(User user)
{
return string.IsNullOrEmpty(user.EasyPassword)
? null
2019-10-18 22:22:08 +00:00
: Hex.Encode(PasswordHash.Parse(user.EasyPassword).Hash);
2019-02-20 09:17:30 +00:00
}
/// <summary>
/// Gets the hashed string.
/// </summary>
public string GetHashedString(User user, string str)
{
2019-03-05 07:58:25 +00:00
if (string.IsNullOrEmpty(user.Password))
2019-02-20 09:17:30 +00:00
{
return _cryptographyProvider.CreatePasswordHash(str).ToString();
2019-02-20 09:17:30 +00:00
}
// TODO: make use of iterations parameter?
PasswordHash passwordHash = PasswordHash.Parse(user.Password);
2019-12-10 23:13:57 +00:00
var salt = passwordHash.Salt.ToArray();
return new PasswordHash(
passwordHash.Id,
_cryptographyProvider.ComputeHash(
passwordHash.Id,
Encoding.UTF8.GetBytes(str),
2019-12-10 23:13:57 +00:00
salt),
salt,
passwordHash.Parameters.ToDictionary(x => x.Key, y => y.Value)).ToString();
2019-02-20 09:17:30 +00:00
}
2019-05-21 17:28:34 +00:00
2019-12-10 23:13:57 +00:00
public ReadOnlySpan<byte> GetHashed(User user, string str)
2019-05-21 17:28:34 +00:00
{
if (string.IsNullOrEmpty(user.Password))
{
return _cryptographyProvider.CreatePasswordHash(str).Hash;
2019-05-21 17:28:34 +00:00
}
// TODO: make use of iterations parameter?
PasswordHash passwordHash = PasswordHash.Parse(user.Password);
return _cryptographyProvider.ComputeHash(
passwordHash.Id,
Encoding.UTF8.GetBytes(str),
2019-12-10 23:13:57 +00:00
passwordHash.Salt.ToArray());
2019-05-21 17:28:34 +00:00
}
2019-02-20 09:17:30 +00:00
}
}