From 4bea38ab9c57d1dc111ce7ed6e73fcdea6669d8f Mon Sep 17 00:00:00 2001
From: Mark McDowall <mark@mcdowall.ca>
Date: Tue, 11 Mar 2025 08:41:48 -0700
Subject: [PATCH] Improve logging when login fails due to
 CryptographicException

(cherry picked from commit 1449941471cbb8885e9298317b9a30f2576d7941)
---
 .../AuthenticationController.cs               | 29 +++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/Lidarr.Http/Authentication/AuthenticationController.cs b/src/Lidarr.Http/Authentication/AuthenticationController.cs
index 2fc588dd2..f7281cf5c 100644
--- a/src/Lidarr.Http/Authentication/AuthenticationController.cs
+++ b/src/Lidarr.Http/Authentication/AuthenticationController.cs
@@ -1,9 +1,14 @@
 using System.Collections.Generic;
+using System.IO;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
+using System.Xml;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using NLog;
+using NzbDrone.Common.EnvironmentInfo;
 using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
 using NzbDrone.Core.Configuration;
@@ -16,11 +21,15 @@ namespace Lidarr.Http.Authentication
     {
         private readonly IAuthenticationService _authService;
         private readonly IConfigFileProvider _configFileProvider;
+        private readonly IAppFolderInfo _appFolderInfo;
+        private readonly Logger _logger;
 
-        public AuthenticationController(IAuthenticationService authService, IConfigFileProvider configFileProvider)
+        public AuthenticationController(IAuthenticationService authService, IConfigFileProvider configFileProvider, IAppFolderInfo appFolderInfo, Logger logger)
         {
             _authService = authService;
             _configFileProvider = configFileProvider;
+            _appFolderInfo = appFolderInfo;
+            _logger = logger;
         }
 
         [HttpPost("login")]
@@ -45,7 +54,23 @@ namespace Lidarr.Http.Authentication
                 IsPersistent = resource.RememberMe == "on"
             };
 
-            await HttpContext.SignInAsync(AuthenticationType.Forms.ToString(), new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookies", "user", "identifier")), authProperties);
+            try
+            {
+                await HttpContext.SignInAsync(AuthenticationType.Forms.ToString(), new ClaimsPrincipal(new ClaimsIdentity(claims, "Cookies", "user", "identifier")), authProperties);
+            }
+            catch (CryptographicException e)
+            {
+                if (e.InnerException is XmlException)
+                {
+                    _logger.Error(e, "Failed to authenticate user due to corrupt XML. Please remove all XML files from {0} and restart Lidarr", Path.Combine(_appFolderInfo.AppDataFolder, "asp"));
+                }
+                else
+                {
+                    _logger.Error(e, "Failed to authenticate user. {0}", e.Message);
+                }
+
+                return Unauthorized();
+            }
 
             if (returnUrl.IsNullOrWhiteSpace() || !Url.IsLocalUrl(returnUrl))
             {