jellyfin/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs

144 lines
5.2 KiB
C#
Raw Normal View History

2020-06-09 16:21:21 +00:00
#nullable enable
2019-05-21 17:28:34 +00:00
using System;
using System.Collections.Generic;
using System.IO;
2019-06-09 20:08:01 +00:00
using System.Security.Cryptography;
2019-05-21 17:28:34 +00:00
using System.Threading.Tasks;
2020-05-15 21:24:01 +00:00
using Jellyfin.Data.Entities;
2020-06-20 21:58:09 +00:00
using MediaBrowser.Common;
2019-05-21 17:28:34 +00:00
using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Library;
using MediaBrowser.Model.Serialization;
using MediaBrowser.Model.Users;
2020-05-15 21:24:01 +00:00
namespace Jellyfin.Server.Implementations.Users
2019-05-21 17:28:34 +00:00
{
2019-11-01 17:38:54 +00:00
/// <summary>
/// The default password reset provider.
/// </summary>
2019-05-21 17:28:34 +00:00
public class DefaultPasswordResetProvider : IPasswordResetProvider
{
2019-06-09 20:08:01 +00:00
private const string BaseResetFileName = "passwordreset";
2019-05-21 17:28:34 +00:00
2019-06-09 20:08:01 +00:00
private readonly IJsonSerializer _jsonSerializer;
2020-06-20 21:58:09 +00:00
private readonly IApplicationHost _appHost;
2019-05-21 17:28:34 +00:00
private readonly string _passwordResetFileBase;
private readonly string _passwordResetFileBaseDir;
2019-11-01 17:38:54 +00:00
/// <summary>
/// Initializes a new instance of the <see cref="DefaultPasswordResetProvider"/> class.
/// </summary>
/// <param name="configurationManager">The configuration manager.</param>
/// <param name="jsonSerializer">The JSON serializer.</param>
2020-06-20 21:58:09 +00:00
/// <param name="appHost">The application host.</param>
2019-06-09 20:08:01 +00:00
public DefaultPasswordResetProvider(
IServerConfigurationManager configurationManager,
IJsonSerializer jsonSerializer,
2020-06-20 21:58:09 +00:00
IApplicationHost appHost)
2019-05-21 17:28:34 +00:00
{
_passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
2019-06-09 20:08:01 +00:00
_passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, BaseResetFileName);
2019-05-21 17:28:34 +00:00
_jsonSerializer = jsonSerializer;
2020-06-20 21:58:09 +00:00
_appHost = appHost;
// TODO: Remove the circular dependency on UserManager
2019-05-21 17:28:34 +00:00
}
2019-06-09 20:08:01 +00:00
/// <inheritdoc />
public string Name => "Default Password Reset Provider";
/// <inheritdoc />
public bool IsEnabled => true;
/// <inheritdoc />
2019-05-21 17:28:34 +00:00
public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
{
2020-06-20 21:58:09 +00:00
var userManager = _appHost.Resolve<IUserManager>();
2020-05-30 04:19:36 +00:00
var usersReset = new List<string>();
2020-05-13 02:10:35 +00:00
foreach (var resetFile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{BaseResetFileName}*"))
2019-05-21 17:28:34 +00:00
{
2020-05-30 04:19:36 +00:00
SerializablePasswordReset spr;
2020-05-13 02:10:35 +00:00
await using (var str = File.OpenRead(resetFile))
2019-05-21 17:28:34 +00:00
{
spr = await _jsonSerializer.DeserializeFromStreamAsync<SerializablePasswordReset>(str).ConfigureAwait(false);
}
2020-05-30 04:19:36 +00:00
if (spr.ExpirationDate < DateTime.UtcNow)
2019-05-21 17:28:34 +00:00
{
2020-05-13 02:10:35 +00:00
File.Delete(resetFile);
2019-05-21 17:28:34 +00:00
}
2019-06-09 20:08:01 +00:00
else if (string.Equals(
2019-11-01 17:38:54 +00:00
spr.Pin.Replace("-", string.Empty, StringComparison.Ordinal),
pin.Replace("-", string.Empty, StringComparison.Ordinal),
2019-06-09 20:08:01 +00:00
StringComparison.InvariantCultureIgnoreCase))
2019-05-21 17:28:34 +00:00
{
2020-06-20 21:58:09 +00:00
var resetUser = userManager.GetUserByName(spr.UserName)
2020-05-30 04:19:36 +00:00
?? throw new ResourceNotFoundException($"User with a username of {spr.UserName} not found");
2019-05-21 17:28:34 +00:00
2020-06-20 21:58:09 +00:00
await userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
2020-05-13 02:10:35 +00:00
usersReset.Add(resetUser.Username);
File.Delete(resetFile);
2019-05-21 17:28:34 +00:00
}
}
2020-05-13 02:10:35 +00:00
if (usersReset.Count < 1)
2019-05-21 17:28:34 +00:00
{
throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
}
2020-05-13 02:10:35 +00:00
return new PinRedeemResult
2019-05-21 17:28:34 +00:00
{
2020-05-13 02:10:35 +00:00
Success = true,
UsersReset = usersReset.ToArray()
};
2019-05-21 17:28:34 +00:00
}
2019-06-09 20:08:01 +00:00
/// <inheritdoc />
2020-05-15 21:24:01 +00:00
public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
2019-05-21 17:28:34 +00:00
{
2020-05-13 02:10:35 +00:00
string pin;
2019-06-09 20:08:01 +00:00
using (var cryptoRandom = RandomNumberGenerator.Create())
2019-05-21 17:28:34 +00:00
{
byte[] bytes = new byte[4];
cryptoRandom.GetBytes(bytes);
pin = BitConverter.ToString(bytes);
}
2020-05-30 04:19:36 +00:00
DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
string filePath = _passwordResetFileBase + user.Id + ".json";
SerializablePasswordReset spr = new SerializablePasswordReset
{
ExpirationDate = expireTime,
Pin = pin,
PinFile = filePath,
UserName = user.Username
};
await using (FileStream fileStream = File.OpenWrite(filePath))
{
_jsonSerializer.SerializeToStream(spr, fileStream);
await fileStream.FlushAsync().ConfigureAwait(false);
}
2019-05-21 17:28:34 +00:00
2020-05-13 02:10:35 +00:00
user.EasyPassword = pin;
2019-05-21 17:28:34 +00:00
return new ForgotPasswordResult
{
Action = ForgotPasswordAction.PinCode,
PinExpirationDate = expireTime,
};
}
2020-06-09 16:21:21 +00:00
#nullable disable
2019-05-21 17:28:34 +00:00
private class SerializablePasswordReset : PasswordPinCreationResult
{
public string Pin { get; set; }
public string UserName { get; set; }
}
}
}