Merge pull request #2034 from Bond-009/easypass

Fix easy password

(cherry picked from commit 13dd63d631)
Signed-off-by: Joshua Boniface <joshua@boniface.me>

Emby.Server.Implementations/ApplicationHost.cs

@@ -746,7 +746,8 @@ namespace Emby.Server.Implementations
 
             serviceCollection.AddSingleton(typeof(IStreamHelper), typeof(StreamHelper));
 
-            serviceCollection.AddSingleton(typeof(ICryptoProvider), typeof(CryptographyProvider));
+            var cryptoProvider = new CryptographyProvider();
+            serviceCollection.AddSingleton<ICryptoProvider>(cryptoProvider);
 
             SocketFactory = new SocketFactory();
             serviceCollection.AddSingleton(SocketFactory);
@@ -786,7 +787,17 @@ namespace Emby.Server.Implementations
 
             _userRepository = GetUserRepository();
 
-            UserManager = new UserManager(LoggerFactory.CreateLogger<UserManager>(), _userRepository, XmlSerializer, NetworkManager, () => ImageProcessor, () => DtoService, this, JsonSerializer, FileSystemManager);
+            UserManager = new UserManager(
+                LoggerFactory.CreateLogger<UserManager>(),
+                _userRepository,
+                XmlSerializer,
+                NetworkManager,
+                () => ImageProcessor,
+                () => DtoService,
+                this,
+                JsonSerializer,
+                FileSystemManager,
+                cryptoProvider);
 
             serviceCollection.AddSingleton(UserManager);
 

Emby.Server.Implementations/Library/UserManager.cs

@@ -24,6 +24,7 @@ using MediaBrowser.Controller.Providers;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Configuration;
+using MediaBrowser.Model.Cryptography;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
 using MediaBrowser.Model.Events;
@@ -60,6 +61,7 @@ namespace Emby.Server.Implementations.Library
         private readonly Func<IDtoService> _dtoServiceFactory;
         private readonly IServerApplicationHost _appHost;
         private readonly IFileSystem _fileSystem;
+        private readonly ICryptoProvider _cryptoProvider;
 
         private ConcurrentDictionary<Guid, User> _users;
 
@@ -80,7 +82,8 @@ namespace Emby.Server.Implementations.Library
             Func<IDtoService> dtoServiceFactory,
             IServerApplicationHost appHost,
             IJsonSerializer jsonSerializer,
-            IFileSystem fileSystem)
+            IFileSystem fileSystem,
+            ICryptoProvider cryptoProvider)
         {
             _logger = logger;
             _userRepository = userRepository;
@@ -91,6 +94,7 @@ namespace Emby.Server.Implementations.Library
             _appHost = appHost;
             _jsonSerializer = jsonSerializer;
             _fileSystem = fileSystem;
+            _cryptoProvider = cryptoProvider;
             _users = null;
         }
 
@@ -475,24 +479,21 @@ namespace Emby.Server.Implementations.Library
 
             if (!success
                 && _networkManager.IsInLocalNetwork(remoteEndPoint)
-                && user.Configuration.EnableLocalPassword)
+                && user.Configuration.EnableLocalPassword
+                && !string.IsNullOrEmpty(user.EasyPassword))
             {
-                success = string.Equals(
-                    GetLocalPasswordHash(user),
-                    _defaultAuthenticationProvider.GetHashedString(user, password),
-                    StringComparison.OrdinalIgnoreCase);
+                // Check easy password
+                var passwordHash = PasswordHash.Parse(user.EasyPassword);
+                var hash = _cryptoProvider.ComputeHash(
+                    passwordHash.Id,
+                    Encoding.UTF8.GetBytes(password),
+                    passwordHash.Salt);
+                success = passwordHash.Hash.SequenceEqual(hash);
             }
 
             return (authenticationProvider, username, success);
         }
 
-        private string GetLocalPasswordHash(User user)
-        {
-            return string.IsNullOrEmpty(user.EasyPassword)
-                ? null
-                : ToHexString(PasswordHash.Parse(user.EasyPassword).Hash);
-        }
-
         private void ResetInvalidLoginAttemptCount(User user)
         {
             user.Policy.InvalidLoginAttemptCount = 0;