/// <inheritdoc /> // This is the version that we need to use for local users. Because reasons. public Task <ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser) { if (resolvedUser == null) { throw new AuthenticationException("Specified user does not exist."); } bool success = false; // As long as jellyfin supports password-less users, we need this little block here to accommodate if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password)) { return(Task.FromResult(new ProviderAuthenticationResult { Username = username })); } // Handle the case when the stored password is null, but the user tried to login with a password if (resolvedUser.Password == null) { throw new AuthenticationException("Invalid username or password"); } PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password); success = _cryptographyProvider.Verify(readyHash, password); if (!success) { throw new AuthenticationException("Invalid username or password"); } // Migrate old hashes to the new default if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)) { ChangePassword(resolvedUser, password); } return(Task.FromResult(new ProviderAuthenticationResult { Username = username })); }
private async Task <(IAuthenticationProvider?authenticationProvider, string username, bool success)> AuthenticateLocalUser( string username, string password, User?user, string remoteEndPoint) { bool success = false; IAuthenticationProvider?authenticationProvider = null; foreach (var provider in GetAuthenticationProviders(user)) { var providerAuthResult = await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false); var updatedUsername = providerAuthResult.username; success = providerAuthResult.success; if (success) { authenticationProvider = provider; username = updatedUsername; break; } } if (!success && _networkManager.IsInLocalNetwork(remoteEndPoint) && user?.EnableLocalPassword == true && !string.IsNullOrEmpty(user.EasyPassword)) { // Check easy password var passwordHash = PasswordHash.Parse(user.EasyPassword); success = _cryptoProvider.Verify(passwordHash, password); } return(authenticationProvider, username, success); }