Пример #1
0
        /// <inheritdoc />
        // This is the version that we need to use for local users. Because reasons.
        public Task <ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)
        {
            if (resolvedUser == null)
            {
                throw new AuthenticationException("Specified user does not exist.");
            }

            bool success = false;

            // As long as jellyfin supports password-less users, we need this little block here to accommodate
            if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
            {
                return(Task.FromResult(new ProviderAuthenticationResult
                {
                    Username = username
                }));
            }

            // Handle the case when the stored password is null, but the user tried to login with a password
            if (resolvedUser.Password == null)
            {
                throw new AuthenticationException("Invalid username or password");
            }

            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);

            success = _cryptographyProvider.Verify(readyHash, password);

            if (!success)
            {
                throw new AuthenticationException("Invalid username or password");
            }

            // Migrate old hashes to the new default
            if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal))
            {
                ChangePassword(resolvedUser, password);
            }

            return(Task.FromResult(new ProviderAuthenticationResult
            {
                Username = username
            }));
        }
Пример #2
0
        private async Task <(IAuthenticationProvider?authenticationProvider, string username, bool success)> AuthenticateLocalUser(
            string username,
            string password,
            User?user,
            string remoteEndPoint)
        {
            bool success = false;
            IAuthenticationProvider?authenticationProvider = null;

            foreach (var provider in GetAuthenticationProviders(user))
            {
                var providerAuthResult =
                    await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false);

                var updatedUsername = providerAuthResult.username;
                success = providerAuthResult.success;

                if (success)
                {
                    authenticationProvider = provider;
                    username = updatedUsername;
                    break;
                }
            }

            if (!success &&
                _networkManager.IsInLocalNetwork(remoteEndPoint) &&
                user?.EnableLocalPassword == true &&
                !string.IsNullOrEmpty(user.EasyPassword))
            {
                // Check easy password
                var passwordHash = PasswordHash.Parse(user.EasyPassword);
                success = _cryptoProvider.Verify(passwordHash, password);
            }

            return(authenticationProvider, username, success);
        }