jellyfin/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs

using System;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using MediaBrowser.Common;
using MediaBrowser.Common.Cryptography;
using MediaBrowser.Controller.Authentication;
using MediaBrowser.Controller.Entities;
using MediaBrowser.Model.Cryptography;

namespace Emby.Server.Implementations.Library
{
    /// <summary>
    /// The default authentication provider.
    /// </summary>
    public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
    {
        private readonly ICryptoProvider _cryptographyProvider;

        /// <summary>
        /// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
        /// </summary>
        /// <param name="cryptographyProvider">The cryptography provider.</param>
        public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)
        {
            _cryptographyProvider = cryptographyProvider;
        }

        /// <inheritdoc />
        public string Name => "Default";

        /// <inheritdoc />
        public bool IsEnabled => true;

        /// <inheritdoc />
        // This is dumb and an artifact of the backwards way auth providers were designed.
        // This version of authenticate was never meant to be called, but needs to be here for interface compat
        // Only the providers that don't provide local user support use this
        public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
        {
            throw new NotImplementedException();
        }

        /// <inheritdoc />
        // This is the version that we need to use for local users. Because reasons.
        public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)
        {
            if (resolvedUser == null)
            {
                throw new AuthenticationException($"Specified user does not exist.");
            }

            bool success = false;

            // As long as jellyfin supports passwordless users, we need this little block here to accommodate
            if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
            {
                return Task.FromResult(new ProviderAuthenticationResult
                {
                    Username = username
                });
            }

            byte[] passwordbytes = Encoding.UTF8.GetBytes(password);

            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
            if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
                || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
            {
                byte[] calculatedHash = _cryptographyProvider.ComputeHash(
                    readyHash.Id,
                    passwordbytes,
                    readyHash.Salt.ToArray());

                if (readyHash.Hash.SequenceEqual(calculatedHash))
                {
                    success = true;
                }
            }
            else
            {
                throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
            }

            if (!success)
            {
                throw new AuthenticationException("Invalid username or password");
            }

            return Task.FromResult(new ProviderAuthenticationResult
            {
                Username = username
            });
        }

        /// <inheritdoc />
        public bool HasPassword(User user)
            => !string.IsNullOrEmpty(user.Password);

        /// <inheritdoc />
        public Task ChangePassword(User user, string newPassword)
        {
            if (string.IsNullOrEmpty(newPassword))
            {
                user.Password = null;
                return Task.CompletedTask;
            }

            PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);
            user.Password = newPasswordHash.ToString();

            return Task.CompletedTask;
        }

        /// <inheritdoc />
        public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
        {
            if (newPassword != null)
            {
                newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword).ToString();
            }

            if (string.IsNullOrWhiteSpace(newPasswordHash))
            {
                throw new ArgumentNullException(nameof(newPasswordHash));
            }

            user.EasyPassword = newPasswordHash;
        }

        /// <inheritdoc />
        public string GetEasyPasswordHash(User user)
        {
            return string.IsNullOrEmpty(user.EasyPassword)
                ? null
                : Hex.Encode(PasswordHash.Parse(user.EasyPassword).Hash);
        }
    }
}
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`using System;`
			`using System.Linq;`
			`using System.Text;`
			`using System.Threading.Tasks;`
Rewrite hex encoder/decoder 2019-10-18 22:22:08 +00:00			`using MediaBrowser.Common;`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`using MediaBrowser.Common.Cryptography;`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`using MediaBrowser.Controller.Authentication;`
			`using MediaBrowser.Controller.Entities;`
			`using MediaBrowser.Model.Cryptography;`

			`namespace Emby.Server.Implementations.Library`
			`{`
Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <summary>`
			`/// The default authentication provider.`
			`/// </summary>`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser`
			`{`
			`private readonly ICryptoProvider _cryptographyProvider;`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00
Fix more warnings 2019-11-01 17:38:54 +00:00			`/// <summary>`
			`/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.`
			`/// </summary>`
			`/// <param name="cryptographyProvider">The cryptography provider.</param>`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`_cryptographyProvider = cryptographyProvider;`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public string Name => "Default";`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public bool IsEnabled => true;`
Fix pin bug introduced in 10.3.z. The issue is that the new easyPassword format prepends the hash function. This PR extract the hash from "$SHA1$_hash_". 2019-05-11 23:32:20 +00:00
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
minor style fixes 2019-03-05 07:58:25 +00:00			`// This is dumb and an artifact of the backwards way auth providers were designed.`
			`// This version of authenticate was never meant to be called, but needs to be here for interface compat`
			`// Only the providers that don't provide local user support use this`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public Task<ProviderAuthenticationResult> Authenticate(string username, string password)`
			`{`
			`throw new NotImplementedException();`
			`}`
Fix pin bug introduced in 10.3.z. The issue is that the new easyPassword format prepends the hash function. This PR extract the hash from "$SHA1$_hash_". 2019-05-11 23:32:20 +00:00
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`// This is the version that we need to use for local users. Because reasons.`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)`
			`{`
			`if (resolvedUser == null)`
			`{`
Throw AuthenticationException instead of ArgumentNullException when a user does not exist 2020-04-13 18:55:24 +00:00			`throw new AuthenticationException($"Specified user does not exist.");`
added justaman notes, fixed new bug from emty has removals 2019-02-18 09:26:01 +00:00			`}`

Fix more warnings 2019-11-01 17:38:54 +00:00			`bool success = false;`

Fix login 2019-08-28 12:45:46 +00:00			`// As long as jellyfin supports passwordless users, we need this little block here to accommodate`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))`
added justaman notes, fixed new bug from emty has removals 2019-02-18 09:26:01 +00:00			`{`
			`return Task.FromResult(new ProviderAuthenticationResult`
			`{`
			`Username = username`
			`});`
			`}`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00
			`byte[] passwordbytes = Encoding.UTF8.GetBytes(password);`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)`
			`\|\| _cryptographyProvider.DefaultHashMethod == readyHash.Id)`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
Add clearer exceptions, warnings and docs 2019-10-20 19:12:03 +00:00			`byte[] calculatedHash = _cryptographyProvider.ComputeHash(`
			`readyHash.Id,`
			`passwordbytes,`
More warnings (removed) 2019-12-10 23:13:57 +00:00			`readyHash.Salt.ToArray());`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00
More warnings (removed) 2019-12-10 23:13:57 +00:00			`if (readyHash.Hash.SequenceEqual(calculatedHash))`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`{`
			`success = true;`
			`}`
			`}`
			`else`
			`{`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`

			`if (!success)`
			`{`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`throw new AuthenticationException("Invalid username or password");`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`

			`return Task.FromResult(new ProviderAuthenticationResult`
			`{`
			`Username = username`
			`});`
			`}`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
Streamline authentication proccess 2019-05-21 17:28:34 +00:00			`public bool HasPassword(User user)`
			`=> !string.IsNullOrEmpty(user.Password);`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`public Task ChangePassword(User user, string newPassword)`
			`{`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`if (string.IsNullOrEmpty(newPassword))`
added justaman notes, fixed new bug from emty has removals 2019-02-18 09:26:01 +00:00			`{`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`user.Password = null;`
added justaman notes, fixed new bug from emty has removals 2019-02-18 09:26:01 +00:00			`return Task.CompletedTask;`
			`}`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);`
			`user.Password = newPasswordHash.ToString();`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00
			`return Task.CompletedTask;`
			`}`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
Format correctly the PIN when updating it 2019-05-25 17:46:55 +00:00			`public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)`
			`{`
			`if (newPassword != null)`
			`{`
Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword).ToString();`
Format correctly the PIN when updating it 2019-05-25 17:46:55 +00:00			`}`

			`if (string.IsNullOrWhiteSpace(newPasswordHash))`
			`{`
			`throw new ArgumentNullException(nameof(newPasswordHash));`
			`}`

			`user.EasyPassword = newPasswordHash;`
			`}`

Remove legacy auth code (#1677) * Remove legacy auth code * Adds tests so we don't break PasswordHash (again) * Clean up interfaces * Remove duplicate code * Use auto properties * static using * Don't use 'this' * Fix build 2019-09-17 16:07:15 +00:00			`/// <inheritdoc />`
Format correctly the PIN when updating it 2019-05-25 17:46:55 +00:00			`public string GetEasyPasswordHash(User user)`
			`{`
			`return string.IsNullOrEmpty(user.EasyPassword)`
			`? null`
Rewrite hex encoder/decoder 2019-10-18 22:22:08 +00:00			`: Hex.Encode(PasswordHash.Parse(user.EasyPassword).Hash);`
made newlines into linux newlines 2019-02-20 09:17:30 +00:00			`}`
			`}`
			`}`