1 files changed, 47 insertions, 12 deletions

diff --git a/MediaBrowser.Server.Implementations/Library/UserManager.cs b/MediaBrowser.Server.Implementations/Library/UserManager.cs
index 59fecc857..b101f6ae1 100644
--- a/MediaBrowser.Server.Implementations/Library/UserManager.cs
+++ b/MediaBrowser.Server.Implementations/Library/UserManager.cs
@@ -97,6 +97,7 @@ namespace MediaBrowser.Server.Implementations.Library
         /// </summary>
         public event EventHandler<GenericEventArgs<User>> UserUpdated;
         public event EventHandler<GenericEventArgs<User>> UserConfigurationUpdated;
+        public event EventHandler<GenericEventArgs<User>> UserLockedOut;
 
         /// <summary>
         /// Called when [user updated].
@@ -192,10 +193,10 @@ namespace MediaBrowser.Server.Implementations.Library
         public bool IsValidUsername(string username)
         {
             // Usernames can contain letters (a-z), numbers (0-9), dashes (-), underscores (_), apostrophes ('), and periods (.)
-            return username.All(IsValidCharacter);
+            return username.All(IsValidUsernameCharacter);
         }
 
-        private bool IsValidCharacter(char i)
+        private bool IsValidUsernameCharacter(char i)
         {
             return char.IsLetterOrDigit(i) || char.Equals(i, '-') || char.Equals(i, '_') || char.Equals(i, '\'') ||
                    char.Equals(i, '.');
@@ -213,7 +214,7 @@ namespace MediaBrowser.Server.Implementations.Library
 
             foreach (var c in username)
             {
-                if (IsValidCharacter(c))
+                if (IsValidUsernameCharacter(c))
                 {
                     builder.Append(c);
                 }
@@ -259,6 +260,11 @@ namespace MediaBrowser.Server.Implementations.Library
             {
                 user.LastActivityDate = user.LastLoginDate = DateTime.UtcNow;
                 await UpdateUser(user).ConfigureAwait(false);
+                await UpdateInvalidLoginAttemptCount(user, 0).ConfigureAwait(false);
+            }
+            else
+            {
+                await UpdateInvalidLoginAttemptCount(user, user.Policy.InvalidLoginAttemptCount + 1).ConfigureAwait(false);
             }
 
             _logger.Info("Authentication request for {0} {1}.", user.Name, (success ? "has succeeded" : "has been denied"));
@@ -266,6 +272,38 @@ namespace MediaBrowser.Server.Implementations.Library
             return success;
         }
 
+        private async Task UpdateInvalidLoginAttemptCount(User user, int newValue)
+        {
+            if (user.Policy.InvalidLoginAttemptCount != newValue || newValue > 0)
+            {
+                user.Policy.InvalidLoginAttemptCount = newValue;
+
+                var maxCount = user.Policy.IsAdministrator ? 
+                    3 : 
+                    5;
+
+                var fireLockout = false;
+
+                if (newValue >= maxCount)
+                {
+                    //_logger.Debug("Disabling user {0} due to {1} unsuccessful login attempts.", user.Name, newValue.ToString(CultureInfo.InvariantCulture));
+                    //user.Policy.IsDisabled = true;
+
+                    //fireLockout = true;
+                }
+
+                await UpdateUserPolicy(user, user.Policy, false).ConfigureAwait(false);
+
+                if (fireLockout)
+                {
+                    if (UserLockedOut != null)
+                    {
+                        EventHelper.FireEventIfNotNull(UserLockedOut, this, new GenericEventArgs<User>(user), _logger);
+                    }
+                }
+            }
+        }
+
         private string GetPasswordHash(User user)
         {
             return string.IsNullOrEmpty(user.Password)
@@ -332,11 +370,6 @@ namespace MediaBrowser.Server.Implementations.Library
         {
             if (!user.Configuration.HasMigratedToPolicy)
             {
-                user.Policy.BlockUnratedItems = user.Configuration.BlockUnratedItems;
-                user.Policy.EnableContentDeletion = user.Configuration.EnableContentDeletion;
-                user.Policy.EnableLiveTvAccess = user.Configuration.EnableLiveTvAccess;
-                user.Policy.EnableLiveTvManagement = user.Configuration.EnableLiveTvManagement;
-                user.Policy.EnableMediaPlayback = user.Configuration.EnableMediaPlayback;
                 user.Policy.IsAdministrator = user.Configuration.IsAdministrator;
 
                 await UpdateUserPolicy(user, user.Policy, false);
@@ -815,6 +848,12 @@ namespace MediaBrowser.Server.Implementations.Library
                 foreach (var user in users)
                 {
                     await ResetPassword(user).ConfigureAwait(false);
+
+                    if (user.Policy.IsDisabled)
+                    {
+                        user.Policy.IsDisabled = false;
+                        await UpdateUserPolicy(user, user.Policy, true).ConfigureAwait(false);
+                    }
                     usersReset.Add(user.Name);
                 }
             }
@@ -915,10 +954,6 @@ namespace MediaBrowser.Server.Implementations.Library
             }
 
             user.Configuration.IsAdministrator = user.Policy.IsAdministrator;
-            user.Configuration.EnableLiveTvManagement = user.Policy.EnableLiveTvManagement;
-            user.Configuration.EnableLiveTvAccess = user.Policy.EnableLiveTvAccess;
-            user.Configuration.EnableMediaPlayback = user.Policy.EnableMediaPlayback;
-            user.Configuration.EnableContentDeletion = user.Policy.EnableContentDeletion;
 
             await UpdateConfiguration(user, user.Configuration, true).ConfigureAwait(false);
         }