diff options
| author | Niels van Velzen <nielsvanvelzen@users.noreply.github.com> | 2024-09-06 21:57:35 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-06 21:57:35 +0200 |
| commit | bafbc2372c3e2b3530de4a7a2ac94043b5950176 (patch) | |
| tree | 5267cdd15dc2ed989ff4d5980b01069d0af96437 | |
| parent | 2b492ed8cd82651453f7d58321dc50753f2cf961 (diff) | |
| parent | e69e097e19b3b4c32dd0f6ca1ca9a562520449d7 (diff) | |
Merge pull request #12552 from Bond-009/passwordhashing
Increase password hash iterations
| -rw-r--r-- | Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs | 11 | ||||
| -rw-r--r-- | MediaBrowser.Model/Cryptography/Constants.cs | 2 |
2 files changed, 10 insertions, 3 deletions
diff --git a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs index cb2d09a67..acada7aa4 100644 --- a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs +++ b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs @@ -1,9 +1,11 @@ using System; using System.Diagnostics.CodeAnalysis; +using System.Globalization; using System.Threading.Tasks; using Jellyfin.Data.Entities; using MediaBrowser.Controller.Authentication; using MediaBrowser.Model.Cryptography; +using Microsoft.Extensions.Logging; namespace Jellyfin.Server.Implementations.Users { @@ -12,14 +14,17 @@ namespace Jellyfin.Server.Implementations.Users /// </summary> public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser { + private readonly ILogger<DefaultAuthenticationProvider> _logger; private readonly ICryptoProvider _cryptographyProvider; /// <summary> /// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class. /// </summary> + /// <param name="logger">The logger.</param> /// <param name="cryptographyProvider">The cryptography provider.</param> - public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider) + public DefaultAuthenticationProvider(ILogger<DefaultAuthenticationProvider> logger, ICryptoProvider cryptographyProvider) { + _logger = logger; _cryptographyProvider = cryptographyProvider; } @@ -75,8 +80,10 @@ namespace Jellyfin.Server.Implementations.Users } // Migrate old hashes to the new default - if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal)) + if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal) + || int.Parse(readyHash.Parameters["iterations"], CultureInfo.InvariantCulture) != Constants.DefaultIterations) { + _logger.LogInformation("Migrating password hash of {User} to the latest default", username); ChangePassword(resolvedUser, password); } diff --git a/MediaBrowser.Model/Cryptography/Constants.cs b/MediaBrowser.Model/Cryptography/Constants.cs index f2ebb5d3d..a4cb62245 100644 --- a/MediaBrowser.Model/Cryptography/Constants.cs +++ b/MediaBrowser.Model/Cryptography/Constants.cs @@ -18,6 +18,6 @@ namespace MediaBrowser.Model.Cryptography /// <summary> /// The default amount of iterations for hashing passwords. /// </summary> - public const int DefaultIterations = 120000; + public const int DefaultIterations = 210000; } } |