Merge pull request #870 from LogicalPhallacy/betterauth

Better default authentication
author: Bond-009 <bond.009@outlook.com> 2019-03-07 19:11:36 +0100
committer: GitHub <noreply@github.com> 2019-03-07 19:11:36 +0100
commit: ae0ecc1b10982d9240ecdcc82cb7299fc708aafb (patch)
tree: fbdce662f046bd191bd07385c1e27fe152dff1b2 /Emby.Server.Implementations/Data/SqliteUserRepository.cs
parent: 8a53b609127cca6feee06b34f12b6d21a9eb37c7 (diff)
parent: f486f5966f2fb9a3cf266ee816b8c247f0de5482 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/Emby.Server.Implementations/Data/SqliteUserRepository.cs b/Emby.Server.Implementations/Data/SqliteUserRepository.cs
index db359d7dd..182df0edc 100644
--- a/Emby.Server.Implementations/Data/SqliteUserRepository.cs
+++ b/Emby.Server.Implementations/Data/SqliteUserRepository.cs
@@ -55,6 +55,8 @@ namespace Emby.Server.Implementations.Data
                 {
                     TryMigrateToLocalUsersTable(connection);
                 }
+
+                RemoveEmptyPasswordHashes();
             }
         }
 
@@ -73,6 +75,38 @@ namespace Emby.Server.Implementations.Data
             }
         }
 
+        private void RemoveEmptyPasswordHashes()
+        {
+            foreach (var user in RetrieveAllUsers())
+            {
+                // If the user password is the sha1 hash of the empty string, remove it
+                if (!string.Equals(user.Password, "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709", StringComparison.Ordinal)
+                    || !string.Equals(user.Password, "$SHA1$DA39A3EE5E6B4B0D3255BFEF95601890AFD80709", StringComparison.Ordinal))
+                {
+                    continue;
+                }
+
+                user.Password = null;
+                var serialized = _jsonSerializer.SerializeToBytes(user);
+
+                using (WriteLock.Write())
+                using (var connection = CreateConnection())
+                {
+                    connection.RunInTransaction(db =>
+                    {
+                        using (var statement = db.PrepareStatement("update LocalUsersv2 set data=@data where Id=@InternalId"))
+                        {
+                            statement.TryBind("@InternalId", user.InternalId);
+                            statement.TryBind("@data", serialized);
+                            statement.MoveNext();
+                        }
+
+                    }, TransactionMode);
+                }
+            }
+
+        }
+
         /// <summary>
         /// Save a user in the repo
         /// </summary>
author	Bond-009 <bond.009@outlook.com>	2019-03-07 19:11:36 +0100
committer	GitHub <noreply@github.com>	2019-03-07 19:11:36 +0100
commit	ae0ecc1b10982d9240ecdcc82cb7299fc708aafb (patch)
tree	fbdce662f046bd191bd07385c1e27fe152dff1b2 /Emby.Server.Implementations/Data/SqliteUserRepository.cs
parent	8a53b609127cca6feee06b34f12b6d21a9eb37c7 (diff)
parent	f486f5966f2fb9a3cf266ee816b8c247f0de5482 (diff)