From 0f18482ba604cf67ab85cada716648012d2738d7 Mon Sep 17 00:00:00 2001 From: Vasily Date: Fri, 22 Nov 2019 11:17:24 +0300 Subject: [PATCH] Merge pull request #2034 from Bond-009/easypass Fix easy password (cherry picked from commit 13dd63d631d63ad9e1818af88a3662cae7c88f52) Signed-off-by: Joshua Boniface --- .../ApplicationHost.cs | 15 +++++++++-- .../Library/UserManager.cs | 27 ++++++++++--------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs index f36d465dd1..e1561b1cac 100644 --- a/Emby.Server.Implementations/ApplicationHost.cs +++ b/Emby.Server.Implementations/ApplicationHost.cs @@ -746,7 +746,8 @@ namespace Emby.Server.Implementations serviceCollection.AddSingleton(typeof(IStreamHelper), typeof(StreamHelper)); - serviceCollection.AddSingleton(typeof(ICryptoProvider), typeof(CryptographyProvider)); + var cryptoProvider = new CryptographyProvider(); + serviceCollection.AddSingleton(cryptoProvider); SocketFactory = new SocketFactory(); serviceCollection.AddSingleton(SocketFactory); @@ -786,7 +787,17 @@ namespace Emby.Server.Implementations _userRepository = GetUserRepository(); - UserManager = new UserManager(LoggerFactory.CreateLogger(), _userRepository, XmlSerializer, NetworkManager, () => ImageProcessor, () => DtoService, this, JsonSerializer, FileSystemManager); + UserManager = new UserManager( + LoggerFactory.CreateLogger(), + _userRepository, + XmlSerializer, + NetworkManager, + () => ImageProcessor, + () => DtoService, + this, + JsonSerializer, + FileSystemManager, + cryptoProvider); serviceCollection.AddSingleton(UserManager); diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs index 52b2f56ffc..ffd46b6fc0 100644 --- a/Emby.Server.Implementations/Library/UserManager.cs +++ b/Emby.Server.Implementations/Library/UserManager.cs @@ -24,6 +24,7 @@ using MediaBrowser.Controller.Providers; using MediaBrowser.Controller.Security; using MediaBrowser.Controller.Session; using MediaBrowser.Model.Configuration; +using MediaBrowser.Model.Cryptography; using MediaBrowser.Model.Dto; using MediaBrowser.Model.Entities; using MediaBrowser.Model.Events; @@ -60,6 +61,7 @@ namespace Emby.Server.Implementations.Library private readonly Func _dtoServiceFactory; private readonly IServerApplicationHost _appHost; private readonly IFileSystem _fileSystem; + private readonly ICryptoProvider _cryptoProvider; private ConcurrentDictionary _users; @@ -80,7 +82,8 @@ namespace Emby.Server.Implementations.Library Func dtoServiceFactory, IServerApplicationHost appHost, IJsonSerializer jsonSerializer, - IFileSystem fileSystem) + IFileSystem fileSystem, + ICryptoProvider cryptoProvider) { _logger = logger; _userRepository = userRepository; @@ -91,6 +94,7 @@ namespace Emby.Server.Implementations.Library _appHost = appHost; _jsonSerializer = jsonSerializer; _fileSystem = fileSystem; + _cryptoProvider = cryptoProvider; _users = null; } @@ -475,24 +479,21 @@ namespace Emby.Server.Implementations.Library if (!success && _networkManager.IsInLocalNetwork(remoteEndPoint) - && user.Configuration.EnableLocalPassword) + && user.Configuration.EnableLocalPassword + && !string.IsNullOrEmpty(user.EasyPassword)) { - success = string.Equals( - GetLocalPasswordHash(user), - _defaultAuthenticationProvider.GetHashedString(user, password), - StringComparison.OrdinalIgnoreCase); + // Check easy password + var passwordHash = PasswordHash.Parse(user.EasyPassword); + var hash = _cryptoProvider.ComputeHash( + passwordHash.Id, + Encoding.UTF8.GetBytes(password), + passwordHash.Salt); + success = passwordHash.Hash.SequenceEqual(hash); } return (authenticationProvider, username, success); } - private string GetLocalPasswordHash(User user) - { - return string.IsNullOrEmpty(user.EasyPassword) - ? null - : ToHexString(PasswordHash.Parse(user.EasyPassword).Hash); - } - private void ResetInvalidLoginAttemptCount(User user) { user.Policy.InvalidLoginAttemptCount = 0;