Merge branch 'master' into keyframe_extraction_v1

# Conflicts: # Jellyfin.Api/Controllers/DynamicHlsController.cs # MediaBrowser.Controller/MediaEncoding/IMediaEncoder.cs # MediaBrowser.MediaEncoding/Encoder/MediaEncoder.cs
author: cvium <clausvium@gmail.com> 2022-01-07 10:23:22 +0100
committer: cvium <clausvium@gmail.com> 2022-01-07 10:23:22 +0100
commit: c658a883a2bc84b46ed73d209d2983e8a324cdce (patch)
tree: dabdbb5ac224e202d5433e7062e0c1b6872d1af7 /Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
parent: 2899b77cd58456470b8dd4d01d3a8c525a9b5911 (diff)
parent: 6b4f5a86631e5bde93dae88553380c7ffd99b8e4 (diff)
1 files changed, 11 insertions, 24 deletions
diff --git a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
index 6a78e7ee6..7480a05c2 100644
--- a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
@@ -1,9 +1,6 @@
 using System;
-using System.Linq;
-using System.Text;
 using System.Threading.Tasks;
 using Jellyfin.Data.Entities;
-using MediaBrowser.Common.Cryptography;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Model.Cryptography;
 
@@ -61,35 +58,25 @@ namespace Jellyfin.Server.Implementations.Users
             }
 
             // Handle the case when the stored password is null, but the user tried to login with a password
-            if (resolvedUser.Password != null)
+            if (resolvedUser.Password == null)
             {
-                byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
-
-                PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
-                if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
-                    || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
-                {
-                    byte[] calculatedHash = _cryptographyProvider.ComputeHash(
-                        readyHash.Id,
-                        passwordBytes,
-                        readyHash.Salt.ToArray());
-
-                    if (readyHash.Hash.SequenceEqual(calculatedHash))
-                    {
-                        success = true;
-                    }
-                }
-                else
-                {
-                    throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
-                }
+                throw new AuthenticationException("Invalid username or password");
             }
 
+            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
+            success = _cryptographyProvider.Verify(readyHash, password);
+
             if (!success)
             {
                 throw new AuthenticationException("Invalid username or password");
             }
 
+            // Migrate old hashes to the new default
+            if (!string.Equals(readyHash.Id, _cryptographyProvider.DefaultHashMethod, StringComparison.Ordinal))
+            {
+                ChangePassword(resolvedUser, password);
+            }
+
             return Task.FromResult(new ProviderAuthenticationResult
             {
                 Username = username
author	cvium <clausvium@gmail.com>	2022-01-07 10:23:22 +0100
committer	cvium <clausvium@gmail.com>	2022-01-07 10:23:22 +0100
commit	c658a883a2bc84b46ed73d209d2983e8a324cdce (patch)
tree	dabdbb5ac224e202d5433e7062e0c1b6872d1af7 /Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
parent	2899b77cd58456470b8dd4d01d3a8c525a9b5911 (diff)
parent	6b4f5a86631e5bde93dae88553380c7ffd99b8e4 (diff)