Merge pull request #12552 from Bond-009/passwordhashing

Increase password hash iterations
This commit is contained in:
Niels van Velzen 2024-09-06 21:57:35 +02:00 committed by GitHub
commit bafbc2372c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 3 deletions

View File

@ -1,9 +1,11 @@
using System; using System;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Authentication;
using MediaBrowser.Model.Cryptography; using MediaBrowser.Model.Cryptography;
using Microsoft.Extensions.Logging;
namespace Jellyfin.Server.Implementations.Users namespace Jellyfin.Server.Implementations.Users
{ {
@ -12,14 +14,17 @@ namespace Jellyfin.Server.Implementations.Users
/// </summary> /// </summary>
public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
{ {
private readonly ILogger<DefaultAuthenticationProvider> _logger;
private readonly ICryptoProvider _cryptographyProvider; private readonly ICryptoProvider _cryptographyProvider;
/// <summary> /// <summary>
/// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class. /// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
/// </summary> /// </summary>
/// <param name="logger">The logger.</param>
/// <param name="cryptographyProvider">The cryptography provider.</param> /// <param name="cryptographyProvider">The cryptography provider.</param>
public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider) public DefaultAuthenticationProvider(ILogger<DefaultAuthenticationProvider> logger, ICryptoProvider cryptographyProvider)
{ {
_logger = logger;
_cryptographyProvider = cryptographyProvider; _cryptographyProvider = cryptographyProvider;
} }
@ -75,8 +80,10 @@ namespace Jellyfin.Server.Implementations.Users
} }
// Migrate old hashes to the new default // Migrate old hashes to the new default
if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)) if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)
|| int.Parse(readyHash.Parameters["iterations"], CultureInfo.InvariantCulture) != Constants.DefaultIterations)
{ {
_logger.LogInformation("Migrating password hash of {User} to the latest default", username);
ChangePassword(resolvedUser, password); ChangePassword(resolvedUser, password);
} }

View File

@ -18,6 +18,6 @@ namespace MediaBrowser.Model.Cryptography
/// <summary> /// <summary>
/// The default amount of iterations for hashing passwords. /// The default amount of iterations for hashing passwords.
/// </summary> /// </summary>
public const int DefaultIterations = 120000; public const int DefaultIterations = 210000;
} }
} }