jellyfin-server/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs

106 lines
3.7 KiB
C#
Raw Normal View History

2019-02-20 09:17:30 +00:00
using System;
using System.Threading.Tasks;
2020-05-20 17:07:53 +00:00
using Jellyfin.Data.Entities;
2019-02-20 09:17:30 +00:00
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Model.Cryptography;
2020-05-15 21:24:01 +00:00
namespace Jellyfin.Server.Implementations.Users
2019-02-20 09:17:30 +00:00
{
2019-11-01 17:38:54 +00:00
/// <summary>
/// The default authentication provider.
/// </summary>
2019-02-20 09:17:30 +00:00
public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
{
private readonly ICryptoProvider _cryptographyProvider;
2019-11-01 17:38:54 +00:00
/// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
/// </summary>
/// <param name="cryptographyProvider">The cryptography provider.</param>
2019-05-21 17:28:34 +00:00
public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)
2019-02-20 09:17:30 +00:00
{
2019-05-21 17:28:34 +00:00
_cryptographyProvider = cryptographyProvider;
2019-02-20 09:17:30 +00:00
}
/// <inheritdoc />
2019-02-20 09:17:30 +00:00
public string Name => "Default";
/// <inheritdoc />
2019-02-20 09:17:30 +00:00
public bool IsEnabled => true;
/// <inheritdoc />
2019-03-05 07:58:25 +00:00
// This is dumb and an artifact of the backwards way auth providers were designed.
// This version of authenticate was never meant to be called, but needs to be here for interface compat
// Only the providers that don't provide local user support use this
2019-02-20 09:17:30 +00:00
public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
{
throw new NotImplementedException();
}
/// <inheritdoc />
2019-05-21 17:28:34 +00:00
// This is the version that we need to use for local users. Because reasons.
2020-05-20 17:07:53 +00:00
public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)
2019-02-20 09:17:30 +00:00
{
if (resolvedUser == null)
{
2020-05-13 02:10:35 +00:00
throw new AuthenticationException("Specified user does not exist.");
}
2019-11-01 17:38:54 +00:00
bool success = false;
2020-11-18 13:46:14 +00:00
// As long as jellyfin supports password-less users, we need this little block here to accommodate
2020-05-23 18:53:24 +00:00
if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
{
return Task.FromResult(new ProviderAuthenticationResult
{
Username = username
});
}
2019-02-20 09:17:30 +00:00
// Handle the case when the stored password is null, but the user tried to login with a password
if (resolvedUser.Password == null)
2019-02-20 09:17:30 +00:00
{
throw new AuthenticationException("Invalid username or password");
2019-02-20 09:17:30 +00:00
}
PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
success = _cryptographyProvider.Verify(readyHash, password);
2019-02-20 09:17:30 +00:00
if (!success)
{
2019-05-21 17:28:34 +00:00
throw new AuthenticationException("Invalid username or password");
2019-02-20 09:17:30 +00:00
}
// Migrate old hashes to the new default
if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal))
{
ChangePassword(resolvedUser, password);
}
2019-02-20 09:17:30 +00:00
return Task.FromResult(new ProviderAuthenticationResult
{
Username = username
});
}
/// <inheritdoc />
2020-05-20 17:07:53 +00:00
public bool HasPassword(User user)
2020-05-30 04:19:36 +00:00
=> !string.IsNullOrEmpty(user?.Password);
2019-02-20 09:17:30 +00:00
/// <inheritdoc />
2020-05-20 17:07:53 +00:00
public Task ChangePassword(User user, string newPassword)
2019-02-20 09:17:30 +00:00
{
if (string.IsNullOrEmpty(newPassword))
{
user.Password = null;
return Task.CompletedTask;
}
PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);
user.Password = newPasswordHash.ToString();
2019-02-20 09:17:30 +00:00
return Task.CompletedTask;
}
}
}