Return MethodNotAllowedException if Pw is not set

Don't accept pre-hashed (not-plaintext) passwords as the auth provider no longer supports this due to sha1+salting the passwords in the database.
author: Joshua Boniface <joshua@boniface.me> 2019-04-17 22:31:17 -0400
committer: Joshua Boniface <joshua@boniface.me> 2019-04-17 22:33:00 -0400
commit: e790f024c2da2b3104ad698abfbd74fdf273bb9f (patch)
tree: 60d5895ada9322bfc4ff169c4e015e230245eda5 /MediaBrowser.Api
parent: 250e0c75dfaebca54e93be6c11c70cb0d19e589a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
index a6849f75f..0db62098c 100644
--- a/MediaBrowser.Api/UserService.cs
+++ b/MediaBrowser.Api/UserService.cs
@@ -379,6 +379,11 @@ namespace MediaBrowser.Api
                 throw new ResourceNotFoundException("User not found");
             }
 
+            if (!request.Pw)
+            {
+                throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
+            }
+
             return Post(new AuthenticateUserByName
             {
                 Username = user.Name,
author	Joshua Boniface <joshua@boniface.me>	2019-04-17 22:31:17 -0400
committer	Joshua Boniface <joshua@boniface.me>	2019-04-17 22:33:00 -0400
commit	e790f024c2da2b3104ad698abfbd74fdf273bb9f (patch)
tree	60d5895ada9322bfc4ff169c4e015e230245eda5 /MediaBrowser.Api
parent	250e0c75dfaebca54e93be6c11c70cb0d19e589a (diff)