minor changes and return to netstandard

This commit is contained in:
Phallacy 2019-02-20 00:00:26 -08:00
parent 56e3063342
commit 6bbb968b57
6 changed files with 72 additions and 55 deletions

View File

@ -73,8 +73,9 @@ namespace Emby.Server.Implementations.Cryptography
}
private byte[] PBKDF2(string method, byte[] bytes, byte[] salt, int iterations)
{
using (var r = new Rfc2898DeriveBytes(bytes, salt, iterations, new HashAlgorithmName(method)))
{
//downgrading for now as we need this library to be dotnetstandard compliant
using (var r = new Rfc2898DeriveBytes(bytes, salt, iterations))
{
return r.GetBytes(32);
}

View File

@ -54,7 +54,8 @@ namespace Emby.Server.Implementations.Data
if (!localUsersTableExists && TableExists(connection, "Users"))
{
TryMigrateToLocalUsersTable(connection);
}
}
RemoveEmptyPasswordHashes();
}
}

View File

@ -34,7 +34,7 @@
</ItemGroup>
<PropertyGroup>
<TargetFramework>netcoreapp2.1</TargetFramework>
<TargetFramework>netstandard2.0</TargetFramework>
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
</PropertyGroup>

View File

@ -56,7 +56,7 @@ namespace Emby.Server.Implementations.Library
string CalculatedHashString;
if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id))
{
if (String.IsNullOrEmpty(readyHash.Salt))
if (string.IsNullOrEmpty(readyHash.Salt))
{
CalculatedHash = _cryptographyProvider.ComputeHash(readyHash.Id, passwordbytes);
CalculatedHashString = BitConverter.ToString(CalculatedHash).Replace("-", string.Empty);
@ -65,7 +65,8 @@ namespace Emby.Server.Implementations.Library
{
CalculatedHash = _cryptographyProvider.ComputeHash(readyHash.Id, passwordbytes, readyHash.SaltBytes);
CalculatedHashString = BitConverter.ToString(CalculatedHash).Replace("-", string.Empty);
}
}
if (CalculatedHashString == readyHash.Hash)
{
success = true;
@ -95,18 +96,20 @@ namespace Emby.Server.Implementations.Library
private void ConvertPasswordFormat(User user)
{
if (!string.IsNullOrEmpty(user.Password))
{
return;
}
if (!user.Password.Contains("$"))
{
if (!user.Password.Contains("$"))
{
string hash = user.Password;
user.Password = String.Format("$SHA1${0}", hash);
}
if (user.EasyPassword != null && !user.EasyPassword.Contains("$"))
{
string hash = user.EasyPassword;
user.EasyPassword = string.Format("$SHA1${0}", hash);
}
string hash = user.Password;
user.Password = String.Format("$SHA1${0}", hash);
}
if (user.EasyPassword != null && !user.EasyPassword.Contains("$"))
{
string hash = user.EasyPassword;
user.EasyPassword = string.Format("$SHA1${0}", hash);
}
}
@ -122,6 +125,7 @@ namespace Emby.Server.Implementations.Library
{
return string.IsNullOrEmpty(password);
}
return false;
}
@ -188,7 +192,8 @@ namespace Emby.Server.Implementations.Library
{
ConvertPasswordFormat(user);
passwordHash = new PasswordHash(user.Password);
}
}
if (passwordHash.SaltBytes != null)
{
//the password is modern format with PBKDF and we should take advantage of that

View File

@ -221,9 +221,8 @@ namespace Emby.Server.Implementations.Library
{
//This is some regex that matches only on unicode "word" characters, as well as -, _ and @
//In theory this will cut out most if not all 'control' characters which should help minimize any weirdness
string UserNameRegex = "^[\\w-'._@]*$";
// Usernames can contain letters (a-z + whatever else unicode is cool with), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
return Regex.IsMatch(username, UserNameRegex);
return Regex.IsMatch(username, "^[\\w-'._@]*$");
}
private static bool IsValidUsernameCharacter(char i)

View File

@ -10,26 +10,33 @@ namespace MediaBrowser.Model.Cryptography
//https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
//$<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
public string Id;
public Dictionary<string, string> Parameters = new Dictionary<string, string>();
public string Salt;
public byte[] SaltBytes;
public string Hash;
public byte[] HashBytes;
private string id;
private Dictionary<string, string> parameters = new Dictionary<string, string>();
private string salt;
private byte[] saltBytes;
private string hash;
private byte[] hashBytes;
public string Id { get => id; set => id = value; }
public Dictionary<string, string> Parameters { get => parameters; set => parameters = value; }
public string Salt { get => salt; set => salt = value; }
public byte[] SaltBytes { get => saltBytes; set => saltBytes = value; }
public string Hash { get => hash; set => hash = value; }
public byte[] HashBytes { get => hashBytes; set => hashBytes = value; }
public PasswordHash(string storageString)
{
string[] splitted = storageString.Split('$');
Id = splitted[1];
id = splitted[1];
if (splitted[2].Contains("="))
{
foreach (string paramset in (splitted[2].Split(',')))
{
if (!String.IsNullOrEmpty(paramset))
if (!string.IsNullOrEmpty(paramset))
{
string[] fields = paramset.Split('=');
if (fields.Length == 2)
{
Parameters.Add(fields[0], fields[1]);
parameters.Add(fields[0], fields[1]);
}
else
{
@ -39,32 +46,32 @@ namespace MediaBrowser.Model.Cryptography
}
if (splitted.Length == 5)
{
Salt = splitted[3];
SaltBytes = ConvertFromByteString(Salt);
Hash = splitted[4];
HashBytes = ConvertFromByteString(Hash);
salt = splitted[3];
saltBytes = ConvertFromByteString(salt);
hash = splitted[4];
hashBytes = ConvertFromByteString(hash);
}
else
{
Salt = string.Empty;
Hash = splitted[3];
HashBytes = ConvertFromByteString(Hash);
salt = string.Empty;
hash = splitted[3];
hashBytes = ConvertFromByteString(hash);
}
}
else
{
if (splitted.Length == 4)
{
Salt = splitted[2];
SaltBytes = ConvertFromByteString(Salt);
Hash = splitted[3];
HashBytes = ConvertFromByteString(Hash);
salt = splitted[2];
saltBytes = ConvertFromByteString(salt);
hash = splitted[3];
hashBytes = ConvertFromByteString(hash);
}
else
{
Salt = string.Empty;
Hash = splitted[2];
HashBytes = ConvertFromByteString(Hash);
salt = string.Empty;
hash = splitted[2];
hashBytes = ConvertFromByteString(hash);
}
}
@ -73,9 +80,9 @@ namespace MediaBrowser.Model.Cryptography
public PasswordHash(ICryptoProvider cryptoProvider)
{
Id = cryptoProvider.DefaultHashMethod;
SaltBytes = cryptoProvider.GenerateSalt();
Salt = ConvertToByteString(SaltBytes);
id = cryptoProvider.DefaultHashMethod;
saltBytes = cryptoProvider.GenerateSalt();
salt = ConvertToByteString(SaltBytes);
}
public static byte[] ConvertFromByteString(string byteString)
@ -95,31 +102,35 @@ namespace MediaBrowser.Model.Cryptography
private string SerializeParameters()
{
string ReturnString = String.Empty;
foreach (var KVP in Parameters)
string ReturnString = string.Empty;
foreach (var KVP in parameters)
{
ReturnString += String.Format(",{0}={1}", KVP.Key, KVP.Value);
}
ReturnString += $",{KVP.Key}={KVP.Value}";
}
if ((!string.IsNullOrEmpty(ReturnString)) && ReturnString[0] == ',')
{
ReturnString = ReturnString.Remove(0, 1);
}
}
return ReturnString;
}
public override string ToString()
{
string outString = "$" +Id;
string outString = "$" +id;
string paramstring = SerializeParameters();
if (!string.IsNullOrEmpty(paramstring))
{
outString += $"${paramstring}";
}
if (!string.IsNullOrEmpty(Salt))
if (!string.IsNullOrEmpty(salt))
{
outString += $"${Salt}";
outString += $"${salt}";
}
outString += $"${Hash}";
outString += $"${hash}";
return outString;
}
}