2019-05-21 17:28:34 +00:00
|
|
|
using System;
|
|
|
|
using System.Collections.Generic;
|
|
|
|
using System.IO;
|
2019-06-09 20:08:01 +00:00
|
|
|
using System.Security.Cryptography;
|
2019-05-21 17:28:34 +00:00
|
|
|
using System.Threading.Tasks;
|
|
|
|
using MediaBrowser.Common.Extensions;
|
|
|
|
using MediaBrowser.Controller.Authentication;
|
|
|
|
using MediaBrowser.Controller.Configuration;
|
|
|
|
using MediaBrowser.Controller.Library;
|
|
|
|
using MediaBrowser.Model.Serialization;
|
|
|
|
using MediaBrowser.Model.Users;
|
|
|
|
|
|
|
|
namespace Emby.Server.Implementations.Library
|
|
|
|
{
|
|
|
|
public class DefaultPasswordResetProvider : IPasswordResetProvider
|
|
|
|
{
|
2019-06-09 20:08:01 +00:00
|
|
|
private const string BaseResetFileName = "passwordreset";
|
2019-05-21 17:28:34 +00:00
|
|
|
|
2019-06-09 20:08:01 +00:00
|
|
|
private readonly IJsonSerializer _jsonSerializer;
|
|
|
|
private readonly IUserManager _userManager;
|
2019-05-21 17:28:34 +00:00
|
|
|
|
|
|
|
private readonly string _passwordResetFileBase;
|
|
|
|
private readonly string _passwordResetFileBaseDir;
|
|
|
|
|
2019-06-09 20:08:01 +00:00
|
|
|
public DefaultPasswordResetProvider(
|
|
|
|
IServerConfigurationManager configurationManager,
|
|
|
|
IJsonSerializer jsonSerializer,
|
|
|
|
IUserManager userManager)
|
2019-05-21 17:28:34 +00:00
|
|
|
{
|
|
|
|
_passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
|
2019-06-09 20:08:01 +00:00
|
|
|
_passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, BaseResetFileName);
|
2019-05-21 17:28:34 +00:00
|
|
|
_jsonSerializer = jsonSerializer;
|
|
|
|
_userManager = userManager;
|
|
|
|
}
|
|
|
|
|
2019-06-09 20:08:01 +00:00
|
|
|
/// <inheritdoc />
|
|
|
|
public string Name => "Default Password Reset Provider";
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
|
|
|
public bool IsEnabled => true;
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
2019-05-21 17:28:34 +00:00
|
|
|
public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
|
|
|
|
{
|
|
|
|
SerializablePasswordReset spr;
|
2019-06-09 20:08:01 +00:00
|
|
|
List<string> usersreset = new List<string>();
|
|
|
|
foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{BaseResetFileName}*"))
|
2019-05-21 17:28:34 +00:00
|
|
|
{
|
|
|
|
using (var str = File.OpenRead(resetfile))
|
|
|
|
{
|
|
|
|
spr = await _jsonSerializer.DeserializeFromStreamAsync<SerializablePasswordReset>(str).ConfigureAwait(false);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (spr.ExpirationDate < DateTime.Now)
|
|
|
|
{
|
|
|
|
File.Delete(resetfile);
|
|
|
|
}
|
2019-06-09 20:08:01 +00:00
|
|
|
else if (string.Equals(
|
|
|
|
spr.Pin.Replace("-", string.Empty),
|
|
|
|
pin.Replace("-", string.Empty),
|
|
|
|
StringComparison.InvariantCultureIgnoreCase))
|
2019-05-21 17:28:34 +00:00
|
|
|
{
|
|
|
|
var resetUser = _userManager.GetUserByName(spr.UserName);
|
|
|
|
if (resetUser == null)
|
|
|
|
{
|
2019-06-09 20:08:01 +00:00
|
|
|
throw new ResourceNotFoundException($"User with a username of {spr.UserName} not found");
|
2019-05-21 17:28:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
|
|
|
|
usersreset.Add(resetUser.Name);
|
|
|
|
File.Delete(resetfile);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (usersreset.Count < 1)
|
|
|
|
{
|
|
|
|
throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
return new PinRedeemResult
|
|
|
|
{
|
|
|
|
Success = true,
|
|
|
|
UsersReset = usersreset.ToArray()
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-09 20:08:01 +00:00
|
|
|
/// <inheritdoc />
|
2019-05-21 17:28:34 +00:00
|
|
|
public async Task<ForgotPasswordResult> StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork)
|
|
|
|
{
|
|
|
|
string pin = string.Empty;
|
2019-06-09 20:08:01 +00:00
|
|
|
using (var cryptoRandom = RandomNumberGenerator.Create())
|
2019-05-21 17:28:34 +00:00
|
|
|
{
|
|
|
|
byte[] bytes = new byte[4];
|
|
|
|
cryptoRandom.GetBytes(bytes);
|
|
|
|
pin = BitConverter.ToString(bytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
DateTime expireTime = DateTime.Now.AddMinutes(30);
|
|
|
|
string filePath = _passwordResetFileBase + user.InternalId + ".json";
|
|
|
|
SerializablePasswordReset spr = new SerializablePasswordReset
|
|
|
|
{
|
|
|
|
ExpirationDate = expireTime,
|
|
|
|
Pin = pin,
|
|
|
|
PinFile = filePath,
|
|
|
|
UserName = user.Name
|
|
|
|
};
|
|
|
|
|
|
|
|
using (FileStream fileStream = File.OpenWrite(filePath))
|
|
|
|
{
|
|
|
|
_jsonSerializer.SerializeToStream(spr, fileStream);
|
|
|
|
await fileStream.FlushAsync().ConfigureAwait(false);
|
|
|
|
}
|
|
|
|
|
|
|
|
return new ForgotPasswordResult
|
|
|
|
{
|
|
|
|
Action = ForgotPasswordAction.PinCode,
|
|
|
|
PinExpirationDate = expireTime,
|
|
|
|
PinFile = filePath
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
private class SerializablePasswordReset : PasswordPinCreationResult
|
|
|
|
{
|
|
|
|
public string Pin { get; set; }
|
|
|
|
|
|
|
|
public string UserName { get; set; }
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|