jellyfin/Emby.Server.Implementations, branch v10.3.5

Revert "Don't set a default reset provider"

2019-06-09T19:29:43Z

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7. This reenables an edge case where an admin might want to reset, with the default auth provider, the password of an externally-provided user so they could "unlock" the account while it was failing. There might be minor security implications to this, but the malicious actor would need FS access to do it (as they would with any password resets) so it's probably best to keep it as-is. Removing this in the first place was due to a misunderstanding anyways so no harm.

Remove superfluous conditional

2019-06-09T17:57:49Z

This wasn't needed to prevent updating the policy on-disk from my tests and can be removed as suggested by @Bond-009

Don't set a default reset provider

2019-06-09T17:46:53Z

Use SecurityException for auth failure

2019-06-09T17:45:51Z

Apply suggestions from code review

2019-06-09T17:41:14Z

Co-Authored-By: Claus Vium Co-Authored-By: Bond-009

Add nicer log message and comment

2019-06-09T15:07:35Z

Implement InvalidAuthProvider

2019-06-09T02:54:31Z

Implements the InvalidAuthProvider, which acts as a fallback if a configured authentication provider, e.g. LDAP, is unavailable due to a load failure or removal. Until the user or the authentication plugin is corrected, this will cause users with the missing provider to be locked out, while throwing errors in the logs about the issue. Fixes #1445 part 2

Format correctly the PIN when updating it

2019-05-25T17:46:55Z

Fix pin bug introduced in 10.3.z.

2019-05-11T23:53:34Z

The issue is that the new easyPassword format prepends the hash function. This PR extract the hash from "$SHA1$_hash_".

Fix incorrect hasPassword flag when easy pin set

2019-04-30T19:16:53Z