jellyfin/Emby.Server.Implementations/Library/UserManager.cs

1247 lines
42 KiB
C#
Raw Normal View History

using System;
using System.Collections.Generic;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using MediaBrowser.Common.Events;
2014-08-15 16:35:41 +00:00
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Authentication;
2013-03-04 05:43:06 +00:00
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Devices;
2014-08-15 16:35:41 +00:00
using MediaBrowser.Controller.Drawing;
using MediaBrowser.Controller.Dto;
2013-02-21 01:33:05 +00:00
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
2014-11-15 02:31:03 +00:00
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Controller.Plugins;
using MediaBrowser.Controller.Providers;
using MediaBrowser.Controller.Security;
using MediaBrowser.Controller.Session;
2014-06-22 05:52:31 +00:00
using MediaBrowser.Model.Configuration;
2014-10-16 03:26:39 +00:00
using MediaBrowser.Model.Connect;
using MediaBrowser.Model.Cryptography;
2014-08-15 16:35:41 +00:00
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Entities;
2014-05-08 20:09:53 +00:00
using MediaBrowser.Model.Events;
using MediaBrowser.Model.IO;
2014-06-22 05:52:31 +00:00
using MediaBrowser.Model.Serialization;
using MediaBrowser.Model.Users;
using Microsoft.Extensions.Logging;
2013-02-21 01:33:05 +00:00
2016-11-03 07:14:14 +00:00
namespace Emby.Server.Implementations.Library
2013-02-21 01:33:05 +00:00
{
/// <summary>
/// Class UserManager
/// </summary>
public class UserManager : IUserManager
2013-02-21 01:33:05 +00:00
{
/// <summary>
/// Gets the users.
/// </summary>
/// <value>The users.</value>
public IEnumerable<User> Users => _users;
2018-09-12 17:26:21 +00:00
private User[] _users;
2013-03-16 05:52:33 +00:00
2013-02-21 21:39:53 +00:00
/// <summary>
/// The _logger
/// </summary>
private readonly ILogger _logger;
2013-03-04 05:43:06 +00:00
/// <summary>
/// Gets or sets the configuration manager.
/// </summary>
/// <value>The configuration manager.</value>
private IServerConfigurationManager ConfigurationManager { get; set; }
/// <summary>
/// Gets the active user repository
/// </summary>
/// <value>The user repository.</value>
private IUserRepository UserRepository { get; set; }
2014-08-10 22:13:17 +00:00
public event EventHandler<GenericEventArgs<User>> UserPasswordChanged;
2014-06-22 05:52:31 +00:00
private readonly IXmlSerializer _xmlSerializer;
2014-12-20 06:06:27 +00:00
private readonly IJsonSerializer _jsonSerializer;
2014-06-22 05:52:31 +00:00
2014-08-15 16:35:41 +00:00
private readonly INetworkManager _networkManager;
private readonly Func<IImageProcessor> _imageProcessorFactory;
private readonly Func<IDtoService> _dtoServiceFactory;
private readonly IServerApplicationHost _appHost;
private readonly IFileSystem _fileSystem;
2016-11-08 18:44:23 +00:00
private readonly ICryptoProvider _cryptographyProvider;
2014-08-15 16:35:41 +00:00
2018-09-12 17:26:21 +00:00
private IAuthenticationProvider[] _authenticationProviders;
private DefaultAuthenticationProvider _defaultAuthenticationProvider;
public UserManager(
ILoggerFactory loggerFactory,
IServerConfigurationManager configurationManager,
IUserRepository userRepository,
IXmlSerializer xmlSerializer,
INetworkManager networkManager,
Func<IImageProcessor> imageProcessorFactory,
Func<IDtoService> dtoServiceFactory,
IServerApplicationHost appHost,
IJsonSerializer jsonSerializer,
IFileSystem fileSystem,
ICryptoProvider cryptographyProvider)
2013-02-21 01:33:05 +00:00
{
_logger = loggerFactory.CreateLogger(nameof(UserManager));
UserRepository = userRepository;
2014-06-22 05:52:31 +00:00
_xmlSerializer = xmlSerializer;
2014-08-15 16:35:41 +00:00
_networkManager = networkManager;
_imageProcessorFactory = imageProcessorFactory;
_dtoServiceFactory = dtoServiceFactory;
2014-10-24 04:54:35 +00:00
_appHost = appHost;
2014-12-20 06:06:27 +00:00
_jsonSerializer = jsonSerializer;
_fileSystem = fileSystem;
2016-11-03 07:14:14 +00:00
_cryptographyProvider = cryptographyProvider;
2013-03-04 05:43:06 +00:00
ConfigurationManager = configurationManager;
2018-09-12 17:26:21 +00:00
_users = Array.Empty<User>();
DeletePinFile();
2013-02-21 01:33:05 +00:00
}
2018-09-12 17:26:21 +00:00
public NameIdPair[] GetAuthenticationProviders()
{
return _authenticationProviders
.Where(i => i.IsEnabled)
.OrderBy(i => i is DefaultAuthenticationProvider ? 0 : 1)
.ThenBy(i => i.Name)
.Select(i => new NameIdPair
{
Name = i.Name,
Id = GetAuthenticationProviderId(i)
})
.ToArray();
}
public void AddParts(IEnumerable<IAuthenticationProvider> authenticationProviders)
{
_authenticationProviders = authenticationProviders.ToArray();
_defaultAuthenticationProvider = _authenticationProviders.OfType<DefaultAuthenticationProvider>().First();
}
2013-02-21 01:33:05 +00:00
#region UserUpdated Event
/// <summary>
/// Occurs when [user updated].
/// </summary>
public event EventHandler<GenericEventArgs<User>> UserUpdated;
2018-09-12 17:26:21 +00:00
public event EventHandler<GenericEventArgs<User>> UserPolicyUpdated;
2014-06-22 05:52:31 +00:00
public event EventHandler<GenericEventArgs<User>> UserConfigurationUpdated;
2015-03-02 05:16:29 +00:00
public event EventHandler<GenericEventArgs<User>> UserLockedOut;
2014-09-14 18:47:48 +00:00
2013-02-21 01:33:05 +00:00
/// <summary>
/// Called when [user updated].
/// </summary>
/// <param name="user">The user.</param>
private void OnUserUpdated(User user)
2013-02-21 01:33:05 +00:00
{
UserUpdated?.Invoke(this, new GenericEventArgs<User> { Argument = user });
2013-02-21 01:33:05 +00:00
}
#endregion
#region UserDeleted Event
/// <summary>
/// Occurs when [user deleted].
/// </summary>
public event EventHandler<GenericEventArgs<User>> UserDeleted;
/// <summary>
/// Called when [user deleted].
/// </summary>
/// <param name="user">The user.</param>
private void OnUserDeleted(User user)
2013-02-21 01:33:05 +00:00
{
UserDeleted?.Invoke(this, new GenericEventArgs<User> { Argument = user });
2013-02-21 01:33:05 +00:00
}
#endregion
/// <summary>
/// Gets a User by Id
/// </summary>
/// <param name="id">The id.</param>
/// <returns>User.</returns>
2019-01-13 20:37:13 +00:00
/// <exception cref="ArgumentNullException"></exception>
public User GetUserById(Guid id)
{
2018-09-12 17:26:21 +00:00
if (id.Equals(Guid.Empty))
{
throw new ArgumentNullException(nameof(id));
}
return Users.FirstOrDefault(u => u.Id == id);
}
2013-03-16 05:52:33 +00:00
2014-09-14 15:10:51 +00:00
/// <summary>
/// Gets the user by identifier.
/// </summary>
/// <param name="id">The identifier.</param>
/// <returns>User.</returns>
public User GetUserById(string id)
{
return GetUserById(new Guid(id));
}
2014-09-14 18:47:48 +00:00
public User GetUserByName(string name)
{
if (string.IsNullOrWhiteSpace(name))
{
throw new ArgumentNullException(nameof(name));
}
return Users.FirstOrDefault(u => string.Equals(u.Name, name, StringComparison.OrdinalIgnoreCase));
}
public void Initialize()
2013-12-26 14:20:30 +00:00
{
2018-09-12 17:26:21 +00:00
_users = LoadUsers();
2014-12-20 06:06:27 +00:00
2015-01-05 00:49:22 +00:00
var users = Users.ToList();
// If there are no local users with admin rights, make them all admins
if (!users.Any(i => i.Policy.IsAdministrator))
{
foreach (var user in users)
{
if (!user.ConnectLinkType.HasValue || user.ConnectLinkType.Value == UserLinkType.LinkedUser)
{
user.Policy.IsAdministrator = true;
UpdateUserPolicy(user, user.Policy, false);
2015-01-05 00:49:22 +00:00
}
}
}
2013-12-26 14:20:30 +00:00
}
2014-12-23 03:58:14 +00:00
public bool IsValidUsername(string username)
{
// Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
2016-11-03 07:14:14 +00:00
foreach (var currentChar in username)
{
if (!IsValidUsernameCharacter(currentChar))
{
return false;
}
}
return true;
2014-12-23 03:58:14 +00:00
}
private static bool IsValidUsernameCharacter(char i)
2014-12-23 03:58:14 +00:00
{
2017-06-04 18:31:40 +00:00
return !char.Equals(i, '<') && !char.Equals(i, '>');
2014-12-23 03:58:14 +00:00
}
public string MakeValidUsername(string username)
{
if (IsValidUsername(username))
{
return username;
}
2014-12-23 03:58:14 +00:00
// Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
var builder = new StringBuilder();
foreach (var c in username)
{
2015-02-23 18:55:38 +00:00
if (IsValidUsernameCharacter(c))
2014-12-23 03:58:14 +00:00
{
builder.Append(c);
}
}
return builder.ToString();
}
2018-09-12 17:26:21 +00:00
public async Task<User> AuthenticateUser(string username, string password, string hashedPassword, string remoteEndPoint, bool isUserSession)
2013-02-21 01:33:05 +00:00
{
2014-07-02 18:34:08 +00:00
if (string.IsNullOrWhiteSpace(username))
2013-02-21 01:33:05 +00:00
{
throw new ArgumentNullException(nameof(username));
2013-02-21 01:33:05 +00:00
}
2014-12-23 03:58:14 +00:00
var user = Users
.FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
2014-10-20 03:04:45 +00:00
var success = false;
2018-09-12 17:26:21 +00:00
IAuthenticationProvider authenticationProvider = null;
2014-07-02 18:34:08 +00:00
if (user != null)
2013-07-08 16:13:21 +00:00
{
// Authenticate using local credentials if not a guest
if (!user.ConnectLinkType.HasValue || user.ConnectLinkType.Value != UserLinkType.Guest)
{
2018-09-12 17:26:21 +00:00
var authResult = await AuthenticateLocalUser(username, password, hashedPassword, user, remoteEndPoint).ConfigureAwait(false);
authenticationProvider = authResult.Item1;
success = authResult.Item2;
}
}
2018-09-12 17:26:21 +00:00
else
{
// user is null
var authResult = await AuthenticateLocalUser(username, password, hashedPassword, null, remoteEndPoint).ConfigureAwait(false);
authenticationProvider = authResult.Item1;
success = authResult.Item2;
if (success && authenticationProvider != null && !(authenticationProvider is DefaultAuthenticationProvider))
{
user = await CreateUser(username).ConfigureAwait(false);
var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
if (hasNewUserPolicy != null)
{
var policy = hasNewUserPolicy.GetNewUserPolicy();
UpdateUserPolicy(user, policy, true);
}
}
}
if (success && user != null && authenticationProvider != null)
{
var providerId = GetAuthenticationProviderId(authenticationProvider);
if (!string.Equals(providerId, user.Policy.AuthenticationProviderId, StringComparison.OrdinalIgnoreCase))
{
user.Policy.AuthenticationProviderId = providerId;
UpdateUserPolicy(user, user.Policy, true);
}
}
if (user == null)
{
throw new SecurityException("Invalid username or password entered.");
}
if (user.Policy.IsDisabled)
{
throw new SecurityException(string.Format("The {0} account is currently disabled. Please consult with your administrator.", user.Name));
}
2018-09-12 17:26:21 +00:00
if (user != null)
{
if (!user.Policy.EnableRemoteAccess && !_networkManager.IsInLocalNetwork(remoteEndPoint))
{
throw new SecurityException("Forbidden.");
}
if (!user.IsParentalScheduleAllowed())
{
throw new SecurityException("User is not allowed access at this time.");
}
}
2013-02-21 01:33:05 +00:00
// Update LastActivityDate and LastLoginDate, then save
if (success)
{
2017-11-21 22:14:56 +00:00
if (isUserSession)
{
user.LastActivityDate = user.LastLoginDate = DateTime.UtcNow;
UpdateUser(user);
}
UpdateInvalidLoginAttemptCount(user, 0);
}
else
{
UpdateInvalidLoginAttemptCount(user, user.Policy.InvalidLoginAttemptCount + 1);
2013-02-21 01:33:05 +00:00
}
_logger.LogInformation("Authentication request for {0} {1}.", user.Name, success ? "has succeeded" : "has been denied");
2013-02-21 01:33:05 +00:00
2017-04-06 20:07:25 +00:00
return success ? user : null;
2013-02-21 01:33:05 +00:00
}
private static string GetAuthenticationProviderId(IAuthenticationProvider provider)
2017-09-17 16:45:23 +00:00
{
2018-09-12 17:26:21 +00:00
return provider.GetType().FullName;
}
2017-09-17 16:45:23 +00:00
2018-09-12 17:26:21 +00:00
private IAuthenticationProvider GetAuthenticationProvider(User user)
{
return GetAuthenticationProviders(user).First();
}
private IAuthenticationProvider[] GetAuthenticationProviders(User user)
{
var authenticationProviderId = user == null ? null : user.Policy.AuthenticationProviderId;
var providers = _authenticationProviders.Where(i => i.IsEnabled).ToArray();
if (!string.IsNullOrEmpty(authenticationProviderId))
2017-09-17 16:45:23 +00:00
{
2018-09-12 17:26:21 +00:00
providers = providers.Where(i => string.Equals(authenticationProviderId, GetAuthenticationProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
2017-09-17 16:45:23 +00:00
}
2018-09-12 17:26:21 +00:00
if (providers.Length == 0)
2017-09-17 16:45:23 +00:00
{
2018-09-12 17:26:21 +00:00
providers = new IAuthenticationProvider[] { _defaultAuthenticationProvider };
2017-09-17 16:45:23 +00:00
}
2018-09-12 17:26:21 +00:00
return providers;
}
private async Task<bool> AuthenticateWithProvider(IAuthenticationProvider provider, string username, string password, User resolvedUser)
{
try
2017-09-17 16:45:23 +00:00
{
2018-09-12 17:26:21 +00:00
var requiresResolvedUser = provider as IRequiresResolvedUser;
if (requiresResolvedUser != null)
2017-09-17 16:45:23 +00:00
{
2018-09-12 17:26:21 +00:00
await requiresResolvedUser.Authenticate(username, password, resolvedUser).ConfigureAwait(false);
2017-09-17 16:45:23 +00:00
}
else
{
2018-09-12 17:26:21 +00:00
await provider.Authenticate(username, password).ConfigureAwait(false);
}
return true;
}
catch (Exception ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error authenticating with provider {provider}", provider.Name);
2018-09-12 17:26:21 +00:00
return false;
}
}
private async Task<Tuple<IAuthenticationProvider, bool>> AuthenticateLocalUser(string username, string password, string hashedPassword, User user, string remoteEndPoint)
{
bool success = false;
IAuthenticationProvider authenticationProvider = null;
if (password != null && user != null)
{
// Doesn't look like this is even possible to be used, because of password == null checks below
hashedPassword = _defaultAuthenticationProvider.GetHashedString(user, password);
}
if (password == null)
{
// legacy
success = string.Equals(_defaultAuthenticationProvider.GetPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
}
else
{
foreach (var provider in GetAuthenticationProviders(user))
{
success = await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false);
if (success)
{
authenticationProvider = provider;
break;
}
2017-09-17 16:45:23 +00:00
}
}
2018-09-12 17:26:21 +00:00
if (user != null)
{
if (!success && _networkManager.IsInLocalNetwork(remoteEndPoint) && user.Configuration.EnableLocalPassword)
{
if (password == null)
{
// legacy
success = string.Equals(GetLocalPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
}
else
{
success = string.Equals(GetLocalPasswordHash(user), _defaultAuthenticationProvider.GetHashedString(user, password), StringComparison.OrdinalIgnoreCase);
}
}
}
return new Tuple<IAuthenticationProvider, bool>(authenticationProvider, success);
2017-09-17 16:45:23 +00:00
}
private void UpdateInvalidLoginAttemptCount(User user, int newValue)
{
if (user.Policy.InvalidLoginAttemptCount != newValue || newValue > 0)
{
user.Policy.InvalidLoginAttemptCount = newValue;
2016-11-03 07:14:14 +00:00
var maxCount = user.Policy.IsAdministrator ?
3 :
2015-02-28 18:47:05 +00:00
5;
2015-03-02 05:16:29 +00:00
var fireLockout = false;
2015-02-28 18:47:05 +00:00
if (newValue >= maxCount)
{
//_logger.LogDebug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue.ToString(CultureInfo.InvariantCulture));
2015-05-05 23:15:47 +00:00
//user.Policy.IsDisabled = true;
2015-03-02 05:16:29 +00:00
2015-05-05 23:15:47 +00:00
//fireLockout = true;
}
UpdateUserPolicy(user, user.Policy, false);
2015-03-02 05:16:29 +00:00
if (fireLockout)
{
UserLockedOut?.Invoke(this, new GenericEventArgs<User>(user));
2015-03-02 05:16:29 +00:00
}
}
}
2014-08-15 16:35:41 +00:00
private string GetLocalPasswordHash(User user)
{
2015-01-29 06:06:24 +00:00
return string.IsNullOrEmpty(user.EasyPassword)
2018-09-12 17:26:21 +00:00
? _defaultAuthenticationProvider.GetEmptyHashedString(user)
2015-01-29 06:06:24 +00:00
: user.EasyPassword;
2014-08-15 16:35:41 +00:00
}
2017-09-17 16:45:23 +00:00
private bool IsPasswordEmpty(User user, string passwordHash)
2014-08-15 16:35:41 +00:00
{
2018-09-12 17:26:21 +00:00
return string.Equals(passwordHash, _defaultAuthenticationProvider.GetEmptyHashedString(user), StringComparison.OrdinalIgnoreCase);
2013-03-13 05:19:03 +00:00
}
2013-02-21 01:33:05 +00:00
/// <summary>
/// Loads the users from the repository
/// </summary>
/// <returns>IEnumerable{User}.</returns>
2018-09-12 17:26:21 +00:00
private User[] LoadUsers()
2013-02-21 01:33:05 +00:00
{
2018-09-12 17:26:21 +00:00
var users = UserRepository.RetrieveAllUsers();
2013-02-21 01:33:05 +00:00
// There always has to be at least one user.
if (users.Count == 0)
{
2018-09-12 17:26:21 +00:00
var defaultName = Environment.UserName;
if (string.IsNullOrWhiteSpace(defaultName))
{
2018-12-11 04:40:55 +00:00
defaultName = "MyJellyfinUser";
2018-09-12 17:26:21 +00:00
}
var name = MakeValidUsername(defaultName);
2013-02-21 01:33:05 +00:00
var user = InstantiateNewUser(name);
2013-02-21 01:33:05 +00:00
2013-12-06 20:07:34 +00:00
user.DateLastSaved = DateTime.UtcNow;
2018-09-12 17:26:21 +00:00
UserRepository.CreateUser(user);
2013-02-21 01:33:05 +00:00
users.Add(user);
2014-09-14 15:10:51 +00:00
2014-12-20 06:06:27 +00:00
user.Policy.IsAdministrator = true;
2016-04-05 19:34:27 +00:00
user.Policy.EnableContentDeletion = true;
2014-12-20 06:06:27 +00:00
user.Policy.EnableRemoteControlOfOtherUsers = true;
UpdateUserPolicy(user, user.Policy, false);
2013-02-21 01:33:05 +00:00
}
2018-09-12 17:26:21 +00:00
return users.ToArray();
2013-02-21 01:33:05 +00:00
}
2014-08-15 16:35:41 +00:00
public UserDto GetUserDto(User user, string remoteEndPoint = null)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2014-08-15 16:35:41 +00:00
}
2018-09-12 17:26:21 +00:00
var hasConfiguredPassword = GetAuthenticationProvider(user).HasPassword(user).Result;
2017-09-17 16:45:23 +00:00
var hasConfiguredEasyPassword = !IsPasswordEmpty(user, GetLocalPasswordHash(user));
2014-08-15 16:35:41 +00:00
var hasPassword = user.Configuration.EnableLocalPassword && !string.IsNullOrEmpty(remoteEndPoint) && _networkManager.IsInLocalNetwork(remoteEndPoint) ?
2015-01-29 06:06:24 +00:00
hasConfiguredEasyPassword :
hasConfiguredPassword;
2014-08-15 16:35:41 +00:00
var dto = new UserDto
{
2018-09-12 17:26:21 +00:00
Id = user.Id,
2014-08-15 16:35:41 +00:00
Name = user.Name,
HasPassword = hasPassword,
2015-01-29 06:06:24 +00:00
HasConfiguredPassword = hasConfiguredPassword,
HasConfiguredEasyPassword = hasConfiguredEasyPassword,
2014-08-15 16:35:41 +00:00
LastActivityDate = user.LastActivityDate,
LastLoginDate = user.LastLoginDate,
2014-09-14 18:47:48 +00:00
Configuration = user.Configuration,
ConnectLinkType = user.ConnectLinkType,
ConnectUserId = user.ConnectUserId,
2014-10-24 04:54:35 +00:00
ConnectUserName = user.ConnectUserName,
2014-12-16 05:01:57 +00:00
ServerId = _appHost.SystemId,
Policy = user.Policy
2014-08-15 16:35:41 +00:00
};
2017-03-07 18:27:56 +00:00
if (!hasPassword && Users.Count() == 1)
{
dto.EnableAutoLogin = true;
}
2014-08-15 16:35:41 +00:00
var image = user.GetImageInfo(ImageType.Primary, 0);
if (image != null)
{
dto.PrimaryImageTag = GetImageCacheTag(user, image);
try
{
2016-01-16 05:01:57 +00:00
_dtoServiceFactory().AttachPrimaryImageAspectRatio(dto, user);
2014-08-15 16:35:41 +00:00
}
catch (Exception ex)
{
// Have to use a catch-all unfortunately because some .net image methods throw plain Exceptions
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error generating PrimaryImageAspectRatio for {user}", user.Name);
2014-08-15 16:35:41 +00:00
}
}
return dto;
}
2015-02-14 19:36:40 +00:00
public UserDto GetOfflineUserDto(User user)
2015-01-30 05:18:32 +00:00
{
var dto = GetUserDto(user);
dto.ServerName = _appHost.FriendlyName;
2015-01-30 05:18:32 +00:00
return dto;
}
2014-08-15 16:35:41 +00:00
private string GetImageCacheTag(BaseItem item, ItemImageInfo image)
{
try
{
return _imageProcessorFactory().GetImageCacheTag(item, image);
}
catch (Exception ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error getting {imageType} image info for {imagePath}", image.Type, image.Path);
2014-08-15 16:35:41 +00:00
return null;
}
}
2013-02-21 01:33:05 +00:00
/// <summary>
/// Refreshes metadata for each user
/// </summary>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>Task.</returns>
2017-09-18 16:52:22 +00:00
public async Task RefreshUsersMetadata(CancellationToken cancellationToken)
2013-02-21 01:33:05 +00:00
{
2017-09-18 16:52:22 +00:00
foreach (var user in Users)
{
2018-12-14 19:17:29 +00:00
await user.RefreshMetadata(new MetadataRefreshOptions(new DirectoryService(_logger, _fileSystem)), cancellationToken).ConfigureAwait(false);
2017-09-18 16:52:22 +00:00
}
2013-02-21 01:33:05 +00:00
}
/// <summary>
/// Renames the user.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="newName">The new name.</param>
/// <returns>Task.</returns>
2019-01-13 20:37:13 +00:00
/// <exception cref="ArgumentNullException">user</exception>
/// <exception cref="ArgumentException"></exception>
2013-02-21 01:33:05 +00:00
public async Task RenameUser(User user, string newName)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2013-02-21 01:33:05 +00:00
}
if (string.IsNullOrEmpty(newName))
{
throw new ArgumentNullException(nameof(newName));
2013-02-21 01:33:05 +00:00
}
if (Users.Any(u => u.Id != user.Id && u.Name.Equals(newName, StringComparison.OrdinalIgnoreCase)))
2013-02-21 01:33:05 +00:00
{
throw new ArgumentException(string.Format("A user with the name '{0}' already exists.", newName));
}
if (user.Name.Equals(newName, StringComparison.Ordinal))
{
throw new ArgumentException("The new and old names must be different.");
}
await user.Rename(newName);
OnUserUpdated(user);
}
/// <summary>
/// Updates the user.
/// </summary>
/// <param name="user">The user.</param>
2019-01-13 20:37:13 +00:00
/// <exception cref="ArgumentNullException">user</exception>
/// <exception cref="ArgumentException"></exception>
public void UpdateUser(User user)
2013-02-21 01:33:05 +00:00
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2013-02-21 01:33:05 +00:00
}
2018-09-12 17:26:21 +00:00
if (user.Id.Equals(Guid.Empty) || !Users.Any(u => u.Id.Equals(user.Id)))
2013-02-21 01:33:05 +00:00
{
throw new ArgumentException(string.Format("User with name '{0}' and Id {1} does not exist.", user.Name, user.Id));
}
user.DateModified = DateTime.UtcNow;
2013-12-06 20:07:34 +00:00
user.DateLastSaved = DateTime.UtcNow;
2013-02-21 01:33:05 +00:00
2018-09-12 17:26:21 +00:00
UserRepository.UpdateUser(user);
2013-02-21 01:33:05 +00:00
OnUserUpdated(user);
}
2013-07-07 02:01:14 +00:00
public event EventHandler<GenericEventArgs<User>> UserCreated;
2013-12-26 14:20:30 +00:00
2014-03-25 21:13:55 +00:00
private readonly SemaphoreSlim _userListLock = new SemaphoreSlim(1, 1);
2013-02-21 01:33:05 +00:00
/// <summary>
/// Creates the user.
/// </summary>
/// <param name="name">The name.</param>
/// <returns>User.</returns>
2019-01-13 20:37:13 +00:00
/// <exception cref="ArgumentNullException">name</exception>
/// <exception cref="ArgumentException"></exception>
2013-02-21 01:33:05 +00:00
public async Task<User> CreateUser(string name)
{
2014-07-26 17:30:15 +00:00
if (string.IsNullOrWhiteSpace(name))
2013-02-21 01:33:05 +00:00
{
throw new ArgumentNullException(nameof(name));
2013-02-21 01:33:05 +00:00
}
2014-12-23 03:58:14 +00:00
if (!IsValidUsername(name))
{
2014-12-23 04:53:52 +00:00
throw new ArgumentException("Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)");
2014-12-23 03:58:14 +00:00
}
if (Users.Any(u => u.Name.Equals(name, StringComparison.OrdinalIgnoreCase)))
2013-02-21 01:33:05 +00:00
{
throw new ArgumentException(string.Format("A user with the name '{0}' already exists.", name));
}
2014-03-25 21:13:55 +00:00
await _userListLock.WaitAsync(CancellationToken.None).ConfigureAwait(false);
2013-02-21 01:33:05 +00:00
2014-03-25 21:13:55 +00:00
try
{
var user = InstantiateNewUser(name);
2013-02-21 01:33:05 +00:00
2014-03-25 21:13:55 +00:00
var list = Users.ToList();
list.Add(user);
2018-09-12 17:26:21 +00:00
_users = list.ToArray();
2013-12-26 14:20:30 +00:00
2014-03-25 21:13:55 +00:00
user.DateLastSaved = DateTime.UtcNow;
2013-02-21 01:33:05 +00:00
2018-09-12 17:26:21 +00:00
UserRepository.CreateUser(user);
2013-12-26 14:20:30 +00:00
2014-03-25 21:13:55 +00:00
EventHelper.QueueEventIfNotNull(UserCreated, this, new GenericEventArgs<User> { Argument = user }, _logger);
return user;
}
finally
{
_userListLock.Release();
}
2013-02-21 01:33:05 +00:00
}
/// <summary>
/// Deletes the user.
/// </summary>
/// <param name="user">The user.</param>
/// <returns>Task.</returns>
2019-01-13 20:37:13 +00:00
/// <exception cref="ArgumentNullException">user</exception>
/// <exception cref="ArgumentException"></exception>
2013-02-21 01:33:05 +00:00
public async Task DeleteUser(User user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2013-02-21 01:33:05 +00:00
}
var allUsers = Users.ToList();
if (allUsers.FirstOrDefault(u => u.Id == user.Id) == null)
2013-02-21 01:33:05 +00:00
{
throw new ArgumentException(string.Format("The user cannot be deleted because there is no user with the Name {0} and Id {1}.", user.Name, user.Id));
}
if (allUsers.Count == 1)
{
throw new ArgumentException(string.Format("The user '{0}' cannot be deleted because there must be at least one user in the system.", user.Name));
}
2014-12-20 06:06:27 +00:00
if (user.Policy.IsAdministrator && allUsers.Count(i => i.Policy.IsAdministrator) == 1)
2013-02-21 01:33:05 +00:00
{
throw new ArgumentException(string.Format("The user '{0}' cannot be deleted because there must be at least one admin user in the system.", user.Name));
2013-02-21 01:33:05 +00:00
}
2014-03-25 21:13:55 +00:00
await _userListLock.WaitAsync(CancellationToken.None).ConfigureAwait(false);
2014-02-21 05:04:11 +00:00
try
{
2014-12-20 06:06:27 +00:00
var configPath = GetConfigurationFilePath(user);
2014-03-25 21:13:55 +00:00
2018-09-12 17:26:21 +00:00
UserRepository.DeleteUser(user);
2014-03-25 21:13:55 +00:00
try
{
_fileSystem.DeleteFile(configPath);
2014-03-25 21:13:55 +00:00
}
catch (IOException ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error deleting file {path}", configPath);
2014-03-25 21:13:55 +00:00
}
2014-12-16 05:01:57 +00:00
DeleteUserPolicy(user);
2018-09-12 17:26:21 +00:00
_users = allUsers.Where(i => i.Id != user.Id).ToArray();
2014-03-25 21:13:55 +00:00
OnUserDeleted(user);
2014-02-21 05:04:11 +00:00
}
2014-03-25 21:13:55 +00:00
finally
{
2014-03-25 21:13:55 +00:00
_userListLock.Release();
}
2013-02-21 01:33:05 +00:00
}
2013-03-13 05:19:03 +00:00
/// <summary>
/// Resets the password by clearing it.
/// </summary>
/// <returns>Task.</returns>
2018-09-12 17:26:21 +00:00
public Task ResetPassword(User user)
2013-03-13 05:19:03 +00:00
{
2018-09-12 17:26:21 +00:00
return ChangePassword(user, string.Empty);
2013-03-13 05:19:03 +00:00
}
public void ResetEasyPassword(User user)
2015-01-29 06:06:24 +00:00
{
2017-09-17 16:45:23 +00:00
ChangeEasyPassword(user, string.Empty, null);
2015-01-29 06:06:24 +00:00
}
2018-09-12 17:26:21 +00:00
public async Task ChangePassword(User user, string newPassword)
2013-03-13 05:19:03 +00:00
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2013-03-13 05:19:03 +00:00
}
2017-09-17 16:45:23 +00:00
2014-10-16 03:26:39 +00:00
if (user.ConnectLinkType.HasValue && user.ConnectLinkType.Value == UserLinkType.Guest)
{
throw new ArgumentException("Passwords for guests cannot be changed.");
}
2018-09-12 17:26:21 +00:00
await GetAuthenticationProvider(user).ChangePassword(user, newPassword).ConfigureAwait(false);
2013-03-13 05:19:03 +00:00
UpdateUser(user);
2014-08-10 22:13:17 +00:00
UserPasswordChanged?.Invoke(this, new GenericEventArgs<User>(user));
2013-03-13 05:19:03 +00:00
}
2017-09-17 16:45:23 +00:00
public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
2015-01-29 06:06:24 +00:00
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
2015-01-29 06:06:24 +00:00
}
2017-09-17 16:45:23 +00:00
if (newPassword != null)
{
2018-09-12 17:26:21 +00:00
newPasswordHash = _defaultAuthenticationProvider.GetHashedString(user, newPassword);
2017-09-17 16:45:23 +00:00
}
if (string.IsNullOrWhiteSpace(newPasswordHash))
2015-01-29 06:06:24 +00:00
{
throw new ArgumentNullException(nameof(newPasswordHash));
2015-01-29 06:06:24 +00:00
}
2017-09-17 16:45:23 +00:00
user.EasyPassword = newPasswordHash;
2015-01-29 06:06:24 +00:00
UpdateUser(user);
2015-01-29 06:06:24 +00:00
UserPasswordChanged?.Invoke(this, new GenericEventArgs<User>(user));
2015-01-29 06:06:24 +00:00
}
2013-02-21 01:33:05 +00:00
/// <summary>
/// Instantiates the new user.
/// </summary>
/// <param name="name">The name.</param>
/// <returns>User.</returns>
private static User InstantiateNewUser(string name)
2013-02-21 01:33:05 +00:00
{
return new User
{
Name = name,
Id = Guid.NewGuid(),
2013-02-21 01:33:05 +00:00
DateCreated = DateTime.UtcNow,
2014-09-14 15:10:51 +00:00
DateModified = DateTime.UtcNow,
2017-09-17 16:45:23 +00:00
UsesIdForConfigurationPath = true,
//Salt = BCrypt.GenerateSalt()
2013-02-21 01:33:05 +00:00
};
}
2013-07-07 02:01:14 +00:00
private string PasswordResetFile => Path.Combine(ConfigurationManager.ApplicationPaths.ProgramDataPath, "passwordreset.txt");
private string _lastPin;
private PasswordPinCreationResult _lastPasswordPinCreationResult;
private int _pinAttempts;
2018-09-12 17:26:21 +00:00
private async Task<PasswordPinCreationResult> CreatePasswordResetPin()
{
var num = new Random().Next(1, 9999);
var path = PasswordResetFile;
var pin = num.ToString("0000", CultureInfo.InvariantCulture);
_lastPin = pin;
var time = TimeSpan.FromMinutes(5);
var expiration = DateTime.UtcNow.Add(time);
var text = new StringBuilder();
2018-09-12 17:26:21 +00:00
var localAddress = (await _appHost.GetLocalApiUrl(CancellationToken.None).ConfigureAwait(false)) ?? string.Empty;
text.AppendLine("Use your web browser to visit:");
text.AppendLine(string.Empty);
text.AppendLine(localAddress + "/web/index.html#!/forgotpasswordpin.html");
text.AppendLine(string.Empty);
text.AppendLine("Enter the following pin code:");
text.AppendLine(string.Empty);
text.AppendLine(pin);
text.AppendLine(string.Empty);
2016-11-03 07:14:14 +00:00
var localExpirationTime = expiration.ToLocalTime();
// Tuesday, 22 August 2006 06:30 AM
text.AppendLine("The pin code will expire at " + localExpirationTime.ToString("f1", CultureInfo.CurrentCulture));
_fileSystem.WriteAllText(path, text.ToString(), Encoding.UTF8);
var result = new PasswordPinCreationResult
{
PinFile = path,
ExpirationDate = expiration
};
_lastPasswordPinCreationResult = result;
_pinAttempts = 0;
return result;
}
2018-09-12 17:26:21 +00:00
public async Task<ForgotPasswordResult> StartForgotPasswordProcess(string enteredUsername, bool isInNetwork)
{
DeletePinFile();
var user = string.IsNullOrWhiteSpace(enteredUsername) ?
null :
GetUserByName(enteredUsername);
if (user != null && user.ConnectLinkType.HasValue && user.ConnectLinkType.Value == UserLinkType.Guest)
{
throw new ArgumentException("Unable to process forgot password request for guests.");
}
var action = ForgotPasswordAction.InNetworkRequired;
string pinFile = null;
DateTime? expirationDate = null;
2014-12-20 06:06:27 +00:00
if (user != null && !user.Policy.IsAdministrator)
{
action = ForgotPasswordAction.ContactAdmin;
}
else
{
if (isInNetwork)
{
action = ForgotPasswordAction.PinCode;
}
2018-09-12 17:26:21 +00:00
var result = await CreatePasswordResetPin().ConfigureAwait(false);
pinFile = result.PinFile;
expirationDate = result.ExpirationDate;
}
return new ForgotPasswordResult
{
Action = action,
PinFile = pinFile,
PinExpirationDate = expirationDate
};
}
2018-09-12 17:26:21 +00:00
public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
{
DeletePinFile();
var usersReset = new List<string>();
2014-12-16 05:01:57 +00:00
var valid = !string.IsNullOrWhiteSpace(_lastPin) &&
string.Equals(_lastPin, pin, StringComparison.OrdinalIgnoreCase) &&
_lastPasswordPinCreationResult != null &&
_lastPasswordPinCreationResult.ExpirationDate > DateTime.UtcNow;
if (valid)
{
_lastPin = null;
_lastPasswordPinCreationResult = null;
var users = Users.Where(i => !i.ConnectLinkType.HasValue || i.ConnectLinkType.Value != UserLinkType.Guest)
.ToList();
foreach (var user in users)
{
2018-09-12 17:26:21 +00:00
await ResetPassword(user).ConfigureAwait(false);
2015-03-15 04:17:35 +00:00
if (user.Policy.IsDisabled)
{
user.Policy.IsDisabled = false;
UpdateUserPolicy(user, user.Policy, true);
2015-03-15 04:17:35 +00:00
}
usersReset.Add(user.Name);
}
}
else
{
_pinAttempts++;
if (_pinAttempts >= 3)
{
_lastPin = null;
_lastPasswordPinCreationResult = null;
}
}
return new PinRedeemResult
{
Success = valid,
UsersReset = usersReset.ToArray()
};
}
private void DeletePinFile()
{
try
{
_fileSystem.DeleteFile(PasswordResetFile);
}
catch
{
}
}
class PasswordPinCreationResult
{
public string PinFile { get; set; }
public DateTime ExpirationDate { get; set; }
}
2014-12-16 05:01:57 +00:00
public UserPolicy GetUserPolicy(User user)
{
2018-09-12 17:26:21 +00:00
var path = GetPolicyFilePath(user);
2014-12-16 05:01:57 +00:00
try
{
lock (_policySyncLock)
{
2014-12-22 07:00:40 +00:00
return (UserPolicy)_xmlSerializer.DeserializeFromFile(typeof(UserPolicy), path);
2014-12-16 05:01:57 +00:00
}
}
2016-11-03 07:14:14 +00:00
catch (FileNotFoundException)
2014-12-23 03:58:14 +00:00
{
return GetDefaultPolicy(user);
}
2016-11-03 07:14:14 +00:00
catch (IOException)
2014-12-19 04:20:07 +00:00
{
return GetDefaultPolicy(user);
}
2014-12-16 05:01:57 +00:00
catch (Exception ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error reading policy file: {path}", path);
2014-12-16 05:01:57 +00:00
2014-12-19 04:20:07 +00:00
return GetDefaultPolicy(user);
2014-12-16 05:01:57 +00:00
}
}
private static UserPolicy GetDefaultPolicy(User user)
2014-12-19 04:20:07 +00:00
{
return new UserPolicy
{
2017-04-25 18:23:20 +00:00
EnableContentDownloading = true,
EnableSyncTranscoding = true
2014-12-19 04:20:07 +00:00
};
}
2014-12-16 05:01:57 +00:00
private readonly object _policySyncLock = new object();
2018-09-12 17:26:21 +00:00
public void UpdateUserPolicy(Guid userId, UserPolicy userPolicy)
2014-12-16 05:01:57 +00:00
{
var user = GetUserById(userId);
UpdateUserPolicy(user, userPolicy, true);
2014-12-20 06:06:27 +00:00
}
private void UpdateUserPolicy(User user, UserPolicy userPolicy, bool fireEvent)
2014-12-20 06:06:27 +00:00
{
2014-12-28 06:21:39 +00:00
// The xml serializer will output differently if the type is not exact
if (userPolicy.GetType() != typeof(UserPolicy))
{
var json = _jsonSerializer.SerializeToString(userPolicy);
userPolicy = _jsonSerializer.DeserializeFromString<UserPolicy>(json);
}
2018-09-12 17:26:21 +00:00
var path = GetPolicyFilePath(user);
2014-12-16 05:01:57 +00:00
2017-05-04 18:14:45 +00:00
_fileSystem.CreateDirectory(_fileSystem.GetDirectoryName(path));
2014-12-23 03:58:14 +00:00
2014-12-16 05:01:57 +00:00
lock (_policySyncLock)
{
2014-12-22 07:00:40 +00:00
_xmlSerializer.SerializeToFile(userPolicy, path);
2014-12-16 05:01:57 +00:00
user.Policy = userPolicy;
}
2014-12-20 06:06:27 +00:00
2018-09-12 17:26:21 +00:00
if (fireEvent)
{
UserPolicyUpdated?.Invoke(this, new GenericEventArgs<User> { Argument = user });
2018-09-12 17:26:21 +00:00
}
2014-12-16 05:01:57 +00:00
}
private void DeleteUserPolicy(User user)
2014-11-30 19:01:33 +00:00
{
2018-09-12 17:26:21 +00:00
var path = GetPolicyFilePath(user);
2014-12-16 05:01:57 +00:00
try
{
lock (_policySyncLock)
{
_fileSystem.DeleteFile(path);
2014-12-16 05:01:57 +00:00
}
}
catch (IOException)
{
}
catch (Exception ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error deleting policy file");
2014-12-16 05:01:57 +00:00
}
2014-11-30 19:01:33 +00:00
}
private static string GetPolicyFilePath(User user)
2014-11-30 19:01:33 +00:00
{
2014-12-22 07:00:40 +00:00
return Path.Combine(user.ConfigurationDirectoryPath, "policy.xml");
2014-12-20 06:06:27 +00:00
}
private static string GetConfigurationFilePath(User user)
2014-12-20 06:06:27 +00:00
{
return Path.Combine(user.ConfigurationDirectoryPath, "config.xml");
}
public UserConfiguration GetUserConfiguration(User user)
{
var path = GetConfigurationFilePath(user);
try
{
lock (_configSyncLock)
{
return (UserConfiguration)_xmlSerializer.DeserializeFromFile(typeof(UserConfiguration), path);
}
}
2016-11-03 07:14:14 +00:00
catch (FileNotFoundException)
2014-12-23 03:58:14 +00:00
{
return new UserConfiguration();
}
2016-11-03 07:14:14 +00:00
catch (IOException)
2014-12-20 06:06:27 +00:00
{
return new UserConfiguration();
}
catch (Exception ex)
{
2018-12-20 12:11:26 +00:00
_logger.LogError(ex, "Error reading policy file: {path}", path);
2014-12-20 06:06:27 +00:00
return new UserConfiguration();
}
}
private readonly object _configSyncLock = new object();
2018-09-12 17:26:21 +00:00
public void UpdateConfiguration(Guid userId, UserConfiguration config)
2014-12-20 06:06:27 +00:00
{
var user = GetUserById(userId);
2018-09-12 17:26:21 +00:00
UpdateConfiguration(user, config);
}
public void UpdateConfiguration(User user, UserConfiguration config)
{
UpdateConfiguration(user, config, true);
2014-12-20 06:06:27 +00:00
}
private void UpdateConfiguration(User user, UserConfiguration config, bool fireEvent)
2014-12-20 06:06:27 +00:00
{
var path = GetConfigurationFilePath(user);
// The xml serializer will output differently if the type is not exact
if (config.GetType() != typeof(UserConfiguration))
2014-12-20 06:06:27 +00:00
{
var json = _jsonSerializer.SerializeToString(config);
config = _jsonSerializer.DeserializeFromString<UserConfiguration>(json);
}
2017-05-04 18:14:45 +00:00
_fileSystem.CreateDirectory(_fileSystem.GetDirectoryName(path));
2014-12-20 06:06:27 +00:00
lock (_configSyncLock)
{
_xmlSerializer.SerializeToFile(config, path);
user.Configuration = config;
}
if (fireEvent)
{
UserConfigurationUpdated?.Invoke(this, new GenericEventArgs<User> { Argument = user });
2014-12-20 06:06:27 +00:00
}
2014-11-30 19:01:33 +00:00
}
2013-02-21 01:33:05 +00:00
}
2018-09-12 17:26:21 +00:00
public class DeviceAccessEntryPoint : IServerEntryPoint
{
private IUserManager _userManager;
private IAuthenticationRepository _authRepo;
private IDeviceManager _deviceManager;
private ISessionManager _sessionManager;
public DeviceAccessEntryPoint(IUserManager userManager, IAuthenticationRepository authRepo, IDeviceManager deviceManager, ISessionManager sessionManager)
{
_userManager = userManager;
_authRepo = authRepo;
_deviceManager = deviceManager;
_sessionManager = sessionManager;
}
public void Run()
{
_userManager.UserPolicyUpdated += _userManager_UserPolicyUpdated;
}
private void _userManager_UserPolicyUpdated(object sender, GenericEventArgs<User> e)
{
var user = e.Argument;
if (!user.Policy.EnableAllDevices)
{
UpdateDeviceAccess(user);
}
}
private void UpdateDeviceAccess(User user)
{
var existing = _authRepo.Get(new AuthenticationInfoQuery
{
UserId = user.Id
}).Items;
foreach (var authInfo in existing)
{
if (!string.IsNullOrEmpty(authInfo.DeviceId) && !_deviceManager.CanAccessDevice(user, authInfo.DeviceId))
{
_sessionManager.Logout(authInfo);
}
}
}
public void Dispose()
{
}
}
2018-12-11 00:27:54 +00:00
}