chore: deprecate EasyPassword as it isn't very secure
This commit is contained in:
cvium
parent
4a9bcbd626
commit
716bcc6410
|
|
@ -323,36 +323,16 @@ public class UserController : BaseJellyfinApiController
|
|||
/// <response code="404">User not found.</response>
|
||||
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
|
||||
[HttpPost("{userId}/EasyPassword")]
|
||||
[Obsolete("Use Quick Connect instead")]
|
||||
[Authorize]
|
||||
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
||||
[ProducesResponseType(StatusCodes.Status403Forbidden)]
|
||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||
public async Task<ActionResult> UpdateUserEasyPassword(
|
||||
public ActionResult UpdateUserEasyPassword(
|
||||
[FromRoute, Required] Guid userId,
|
||||
[FromBody, Required] UpdateUserEasyPassword request)
|
||||
{
|
||||
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true))
|
||||
{
|
||||
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the easy password.");
|
||||
}
|
||||
|
||||
var user = _userManager.GetUserById(userId);
|
||||
|
||||
if (user is null)
|
||||
{
|
||||
return NotFound("User not found");
|
||||
}
|
||||
|
||||
if (request.ResetPassword)
|
||||
{
|
||||
await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
|
||||
}
|
||||
else
|
||||
{
|
||||
await _userManager.ChangeEasyPassword(user, request.NewPw ?? string.Empty, request.NewPassword ?? string.Empty).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
return NoContent();
|
||||
return BadRequest("Deprecated");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
|
|
|||
|
|
@ -91,16 +91,6 @@ namespace Jellyfin.Data.Entities
|
|||
[StringLength(65535)]
|
||||
public string? Password { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the user's easy password, or <c>null</c> if none is set.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Max length = 65535.
|
||||
/// </remarks>
|
||||
[MaxLength(65535)]
|
||||
[StringLength(65535)]
|
||||
public string? EasyPassword { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a value indicating whether the user must update their password.
|
||||
/// </summary>
|
||||
|
|
|
|||
|
|
@ -15,9 +15,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
protected override void BuildModel(ModelBuilder modelBuilder)
|
||||
{
|
||||
#pragma warning disable 612, 618
|
||||
modelBuilder
|
||||
.HasDefaultSchema("jellyfin")
|
||||
.HasAnnotation("ProductVersion", "6.0.9");
|
||||
modelBuilder.HasAnnotation("ProductVersion", "7.0.5");
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
|
||||
{
|
||||
|
|
@ -41,7 +39,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
|
||||
b.HasIndex("UserId");
|
||||
|
||||
b.ToTable("AccessSchedules", "jellyfin");
|
||||
b.ToTable("AccessSchedules");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.ActivityLog", b =>
|
||||
|
|
@ -89,7 +87,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
|
||||
b.HasIndex("DateCreated");
|
||||
|
||||
b.ToTable("ActivityLogs", "jellyfin");
|
||||
b.ToTable("ActivityLogs");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.CustomItemDisplayPreferences", b =>
|
||||
|
|
@ -121,7 +119,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("UserId", "ItemId", "Client", "Key")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("CustomItemDisplayPreferences", "jellyfin");
|
||||
b.ToTable("CustomItemDisplayPreferences");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
|
||||
|
|
@ -178,7 +176,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("UserId", "ItemId", "Client")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("DisplayPreferences", "jellyfin");
|
||||
b.ToTable("DisplayPreferences");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.HomeSection", b =>
|
||||
|
|
@ -200,7 +198,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
|
||||
b.HasIndex("DisplayPreferencesId");
|
||||
|
||||
b.ToTable("HomeSection", "jellyfin");
|
||||
b.ToTable("HomeSection");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.ImageInfo", b =>
|
||||
|
|
@ -225,7 +223,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("UserId")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("ImageInfos", "jellyfin");
|
||||
b.ToTable("ImageInfos");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.ItemDisplayPreferences", b =>
|
||||
|
|
@ -269,7 +267,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
|
||||
b.HasIndex("UserId");
|
||||
|
||||
b.ToTable("ItemDisplayPreferences", "jellyfin");
|
||||
b.ToTable("ItemDisplayPreferences");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.Permission", b =>
|
||||
|
|
@ -300,7 +298,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
.IsUnique()
|
||||
.HasFilter("[UserId] IS NOT NULL");
|
||||
|
||||
b.ToTable("Permissions", "jellyfin");
|
||||
b.ToTable("Permissions");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.Preference", b =>
|
||||
|
|
@ -333,7 +331,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
.IsUnique()
|
||||
.HasFilter("[UserId] IS NOT NULL");
|
||||
|
||||
b.ToTable("Preferences", "jellyfin");
|
||||
b.ToTable("Preferences");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.Security.ApiKey", b =>
|
||||
|
|
@ -362,7 +360,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("AccessToken")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("ApiKeys", "jellyfin");
|
||||
b.ToTable("ApiKeys");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
|
||||
|
|
@ -420,7 +418,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
|
||||
b.HasIndex("UserId", "DeviceId");
|
||||
|
||||
b.ToTable("Devices", "jellyfin");
|
||||
b.ToTable("Devices");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.Security.DeviceOptions", b =>
|
||||
|
|
@ -441,7 +439,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("DeviceId")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("DeviceOptions", "jellyfin");
|
||||
b.ToTable("DeviceOptions");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.User", b =>
|
||||
|
|
@ -465,10 +463,6 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.Property<bool>("DisplayMissingEpisodes")
|
||||
.HasColumnType("INTEGER");
|
||||
|
||||
b.Property<string>("EasyPassword")
|
||||
.HasMaxLength(65535)
|
||||
.HasColumnType("TEXT");
|
||||
|
||||
b.Property<bool>("EnableAutoLogin")
|
||||
.HasColumnType("INTEGER");
|
||||
|
||||
|
|
@ -554,7 +548,7 @@ namespace Jellyfin.Server.Implementations.Migrations
|
|||
b.HasIndex("Username")
|
||||
.IsUnique();
|
||||
|
||||
b.ToTable("Users", "jellyfin");
|
||||
b.ToTable("Users");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
|
||||
|
|
|
|||
|
|
@ -114,8 +114,6 @@ namespace Jellyfin.Server.Implementations.Users
|
|||
await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
user.EasyPassword = pin;
|
||||
|
||||
return new ForgotPasswordResult
|
||||
{
|
||||
Action = ForgotPasswordAction.PinCode,
|
||||
|
|
|
|||
|
|
@ -268,12 +268,6 @@ namespace Jellyfin.Server.Implementations.Users
|
|||
return ChangePassword(user, string.Empty);
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public Task ResetEasyPassword(User user)
|
||||
{
|
||||
return ChangeEasyPassword(user, string.Empty, null);
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public async Task ChangePassword(User user, string newPassword)
|
||||
{
|
||||
|
|
@ -285,25 +279,6 @@ namespace Jellyfin.Server.Implementations.Users
|
|||
await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public async Task ChangeEasyPassword(User user, string newPassword, string? newPasswordSha1)
|
||||
{
|
||||
if (newPassword is not null)
|
||||
{
|
||||
newPasswordSha1 = _cryptoProvider.CreatePasswordHash(newPassword).ToString();
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(newPasswordSha1))
|
||||
{
|
||||
throw new ArgumentNullException(nameof(newPasswordSha1));
|
||||
}
|
||||
|
||||
user.EasyPassword = newPasswordSha1;
|
||||
await UpdateUserAsync(user).ConfigureAwait(false);
|
||||
|
||||
await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public UserDto GetUserDto(User user, string? remoteEndPoint = null)
|
||||
{
|
||||
|
|
@ -315,7 +290,6 @@ namespace Jellyfin.Server.Implementations.Users
|
|||
ServerId = _appHost.SystemId,
|
||||
HasPassword = hasPassword,
|
||||
HasConfiguredPassword = hasPassword,
|
||||
HasConfiguredEasyPassword = !string.IsNullOrEmpty(user.EasyPassword),
|
||||
EnableAutoLogin = user.EnableAutoLogin,
|
||||
LastLoginDate = user.LastLoginDate,
|
||||
LastActivityDate = user.LastActivityDate,
|
||||
|
|
@ -832,16 +806,6 @@ namespace Jellyfin.Server.Implementations.Users
|
|||
}
|
||||
}
|
||||
|
||||
if (!success
|
||||
&& _networkManager.IsInLocalNetwork(remoteEndPoint)
|
||||
&& user?.EnableLocalPassword == true
|
||||
&& !string.IsNullOrEmpty(user.EasyPassword))
|
||||
{
|
||||
// Check easy password
|
||||
var passwordHash = PasswordHash.Parse(user.EasyPassword);
|
||||
success = _cryptoProvider.Verify(passwordHash, password);
|
||||
}
|
||||
|
||||
return (authenticationProvider, username, success);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -127,7 +127,6 @@ namespace Jellyfin.Server.Migrations.Routines
|
|||
RememberSubtitleSelections = config.RememberSubtitleSelections,
|
||||
SubtitleLanguagePreference = config.SubtitleLanguagePreference,
|
||||
Password = mockup.Password,
|
||||
EasyPassword = mockup.EasyPassword,
|
||||
LastLoginDate = mockup.LastLoginDate,
|
||||
LastActivityDate = mockup.LastActivityDate
|
||||
};
|
||||
|
|
|
|||
|
|
@ -96,13 +96,6 @@ namespace MediaBrowser.Controller.Library
|
|||
/// <returns>Task.</returns>
|
||||
Task ResetPassword(User user);
|
||||
|
||||
/// <summary>
|
||||
/// Resets the easy password.
|
||||
/// </summary>
|
||||
/// <param name="user">The user.</param>
|
||||
/// <returns>Task.</returns>
|
||||
Task ResetEasyPassword(User user);
|
||||
|
||||
/// <summary>
|
||||
/// Changes the password.
|
||||
/// </summary>
|
||||
|
|
@ -111,15 +104,6 @@ namespace MediaBrowser.Controller.Library
|
|||
/// <returns>Awaitable task.</returns>
|
||||
Task ChangePassword(User user, string newPassword);
|
||||
|
||||
/// <summary>
|
||||
/// Changes the easy password.
|
||||
/// </summary>
|
||||
/// <param name="user">The user.</param>
|
||||
/// <param name="newPassword">New password to use.</param>
|
||||
/// <param name="newPasswordSha1">Hash of new password.</param>
|
||||
/// <returns>Task.</returns>
|
||||
Task ChangeEasyPassword(User user, string newPassword, string newPasswordSha1);
|
||||
|
||||
/// <summary>
|
||||
/// Gets the user dto.
|
||||
/// </summary>
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ namespace MediaBrowser.Model.Dto
|
|||
/// Gets or sets a value indicating whether this instance has configured easy password.
|
||||
/// </summary>
|
||||
/// <value><c>true</c> if this instance has configured easy password; otherwise, <c>false</c>.</value>
|
||||
[Obsolete("Easy Password has been replaced with Quick Connect")]
|
||||
public bool HasConfiguredEasyPassword { get; set; }
|
||||
|
||||
/// <summary>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user