Merge pull request #10137 from Bond-009/logspam

Reduce log spam on failed logins
pull/10154/head
Claus Vium 1 year ago committed by GitHub
commit b48a7c0f85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -1,4 +1,5 @@
using System; using System;
using System.Diagnostics.CodeAnalysis;
using System.Threading.Tasks; using System.Threading.Tasks;
using Jellyfin.Data.Entities; using Jellyfin.Data.Entities;
using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Authentication;
@ -39,14 +40,18 @@ namespace Jellyfin.Server.Implementations.Users
/// <inheritdoc /> /// <inheritdoc />
// This is the version that we need to use for local users. Because reasons. // This is the version that we need to use for local users. Because reasons.
public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser) public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User? resolvedUser)
{ {
if (resolvedUser is null) [DoesNotReturn]
static void ThrowAuthenticationException()
{ {
throw new AuthenticationException("Specified user does not exist."); throw new AuthenticationException("Invalid username or password");
} }
bool success = false; if (resolvedUser is null)
{
ThrowAuthenticationException();
}
// As long as jellyfin supports password-less users, we need this little block here to accommodate // As long as jellyfin supports password-less users, we need this little block here to accommodate
if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password)) if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
@ -60,15 +65,13 @@ namespace Jellyfin.Server.Implementations.Users
// Handle the case when the stored password is null, but the user tried to login with a password // Handle the case when the stored password is null, but the user tried to login with a password
if (resolvedUser.Password is null) if (resolvedUser.Password is null)
{ {
throw new AuthenticationException("Invalid username or password"); ThrowAuthenticationException();
} }
PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password); PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
success = _cryptographyProvider.Verify(readyHash, password); if (!_cryptographyProvider.Verify(readyHash, password))
if (!success)
{ {
throw new AuthenticationException("Invalid username or password"); ThrowAuthenticationException();
} }
// Migrate old hashes to the new default // Migrate old hashes to the new default

@ -833,7 +833,7 @@ namespace Jellyfin.Server.Implementations.Users
} }
catch (AuthenticationException ex) catch (AuthenticationException ex)
{ {
_logger.LogError(ex, "Error authenticating with provider {Provider}", provider.Name); _logger.LogDebug(ex, "Error authenticating with provider {Provider}", provider.Name);
return (username, false); return (username, false);
} }

@ -1,5 +1,3 @@
#nullable disable
#pragma warning disable CS1591 #pragma warning disable CS1591
using System.Threading.Tasks; using System.Threading.Tasks;
@ -23,7 +21,7 @@ namespace MediaBrowser.Controller.Authentication
public interface IRequiresResolvedUser public interface IRequiresResolvedUser
{ {
Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser); Task<ProviderAuthenticationResult> Authenticate(string username, string password, User? resolvedUser);
} }
public interface IHasNewUserPolicy public interface IHasNewUserPolicy
@ -33,8 +31,8 @@ namespace MediaBrowser.Controller.Authentication
public class ProviderAuthenticationResult public class ProviderAuthenticationResult
{ {
public string Username { get; set; } public required string Username { get; set; }
public string DisplayName { get; set; } public string? DisplayName { get; set; }
} }
} }

Loading…
Cancel
Save