Migrate User DB to EF Core

author: Patrick Barron <barronpm@gmail.com> 2020-05-15 17:24:01 -0400
committer: Patrick Barron <barronpm@gmail.com> 2020-05-20 10:04:00 -0400
commit: 3eeb6576d8425c8d2917f861b466dfa36e3994df (patch)
tree: b725c19d776a1ee11f3cc7686a01069c9d443e48 /Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
parent: aca7e221d811040bdb14da6390bbd16c5f7db785 (diff)
1 files changed, 185 insertions, 0 deletions
diff --git a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
new file mode 100644
index 000000000..38494727c
--- /dev/null
+++ b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
@@ -0,0 +1,185 @@
+using System;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using MediaBrowser.Common;
+using MediaBrowser.Common.Cryptography;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Model.Cryptography;
+
+namespace Jellyfin.Server.Implementations.Users
+{
+    /// <summary>
+    /// The default authentication provider.
+    /// </summary>
+    public class DefaultAuthenticationProvider : IAuthenticationProvider, IRequiresResolvedUser
+    {
+        private readonly ICryptoProvider _cryptographyProvider;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DefaultAuthenticationProvider"/> class.
+        /// </summary>
+        /// <param name="cryptographyProvider">The cryptography provider.</param>
+        public DefaultAuthenticationProvider(ICryptoProvider cryptographyProvider)
+        {
+            _cryptographyProvider = cryptographyProvider;
+        }
+
+        /// <inheritdoc />
+        public string Name => "Default";
+
+        /// <inheritdoc />
+        public bool IsEnabled => true;
+
+        /// <inheritdoc />
+        // This is dumb and an artifact of the backwards way auth providers were designed.
+        // This version of authenticate was never meant to be called, but needs to be here for interface compat
+        // Only the providers that don't provide local user support use this
+        public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
+        {
+            throw new NotImplementedException();
+        }
+
+        /// <inheritdoc />
+        // This is the version that we need to use for local users. Because reasons.
+        public Task<ProviderAuthenticationResult> Authenticate(string username, string password, Data.Entities.User resolvedUser)
+        {
+            if (resolvedUser == null)
+            {
+                throw new AuthenticationException("Specified user does not exist.");
+            }
+
+            bool success = false;
+
+            // As long as jellyfin supports passwordless users, we need this little block here to accommodate
+            if (!HasPassword(resolvedUser))
+            {
+                return Task.FromResult(new ProviderAuthenticationResult
+                {
+                    Username = username
+                });
+            }
+
+            byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
+
+            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
+            if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
+                || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
+            {
+                byte[] calculatedHash = _cryptographyProvider.ComputeHash(
+                    readyHash.Id,
+                    passwordBytes,
+                    readyHash.Salt.ToArray());
+
+                if (readyHash.Hash.SequenceEqual(calculatedHash))
+                {
+                    success = true;
+                }
+            }
+            else
+            {
+                throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
+            }
+
+            if (!success)
+            {
+                throw new AuthenticationException("Invalid username or password");
+            }
+
+            return Task.FromResult(new ProviderAuthenticationResult
+            {
+                Username = username
+            });
+        }
+
+        /// <inheritdoc />
+        public bool HasPassword(Data.Entities.User user)
+            => !string.IsNullOrEmpty(user.Password);
+
+        /// <inheritdoc />
+        public Task ChangePassword(Data.Entities.User user, string newPassword)
+        {
+            if (string.IsNullOrEmpty(newPassword))
+            {
+                user.Password = null;
+                return Task.CompletedTask;
+            }
+
+            PasswordHash newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword);
+            user.Password = newPasswordHash.ToString();
+
+            return Task.CompletedTask;
+        }
+
+        /// <inheritdoc />
+        public void ChangeEasyPassword(Data.Entities.User user, string newPassword, string newPasswordHash)
+        {
+            if (newPassword != null)
+            {
+                newPasswordHash = _cryptographyProvider.CreatePasswordHash(newPassword).ToString();
+            }
+
+            if (string.IsNullOrWhiteSpace(newPasswordHash))
+            {
+                throw new ArgumentNullException(nameof(newPasswordHash));
+            }
+
+            user.EasyPassword = newPasswordHash;
+        }
+
+        /// <inheritdoc />
+        public string GetEasyPasswordHash(Data.Entities.User user)
+        {
+            return string.IsNullOrEmpty(user.EasyPassword)
+                ? null
+                : Hex.Encode(PasswordHash.Parse(user.EasyPassword).Hash);
+        }
+
+        /// <summary>
+        /// Hashes the provided string.
+        /// </summary>
+        /// <param name="user">The user.</param>
+        /// <param name="str">The string to hash.</param>
+        /// <returns>The hashed string.</returns>
+        public string GetHashedString(Data.Entities.User user, string str)
+        {
+            if (string.IsNullOrEmpty(user.Password))
+            {
+                return _cryptographyProvider.CreatePasswordHash(str).ToString();
+            }
+
+            // TODO: make use of iterations parameter?
+            PasswordHash passwordHash = PasswordHash.Parse(user.Password);
+            var salt = passwordHash.Salt.ToArray();
+            return new PasswordHash(
+                passwordHash.Id,
+                _cryptographyProvider.ComputeHash(
+                    passwordHash.Id,
+                    Encoding.UTF8.GetBytes(str),
+                    salt),
+                salt,
+                passwordHash.Parameters.ToDictionary(x => x.Key, y => y.Value)).ToString();
+        }
+
+        /// <summary>
+        /// Hashes the provided string.
+        /// </summary>
+        /// <param name="user">The user.</param>
+        /// <param name="str">The string to hash.</param>
+        /// <returns>The hashed string.</returns>
+        public ReadOnlySpan<byte> GetHashed(Data.Entities.User user, string str)
+        {
+            if (string.IsNullOrEmpty(user.Password))
+            {
+                return _cryptographyProvider.CreatePasswordHash(str).Hash;
+            }
+
+            // TODO: make use of iterations parameter?
+            PasswordHash passwordHash = PasswordHash.Parse(user.Password);
+            return _cryptographyProvider.ComputeHash(
+                    passwordHash.Id,
+                    Encoding.UTF8.GetBytes(str),
+                    passwordHash.Salt.ToArray());
+        }
+    }
+}
author	Patrick Barron <barronpm@gmail.com>	2020-05-15 17:24:01 -0400
committer	Patrick Barron <barronpm@gmail.com>	2020-05-20 10:04:00 -0400
commit	3eeb6576d8425c8d2917f861b466dfa36e3994df (patch)
tree	b725c19d776a1ee11f3cc7686a01069c9d443e48 /Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
parent	aca7e221d811040bdb14da6390bbd16c5f7db785 (diff)