From 09921a00aaad31c0ea4a0650e8d0ddb890dca735 Mon Sep 17 00:00:00 2001 From: Phallacy Date: Fri, 22 Mar 2019 00:01:23 -0700 Subject: made password resets an interface and per user --- .../Library/DefaultPasswordResetProvider.cs | 118 +++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs new file mode 100644 index 000000000..ae6fe8239 --- /dev/null +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -0,0 +1,118 @@ +using System; +using System.Collections; +using System.Collections.Generic; +using System.Globalization; +using System.IO; +using System.Threading.Tasks; +using MediaBrowser.Common.Configuration; +using MediaBrowser.Common.Extensions; +using MediaBrowser.Controller; +using MediaBrowser.Controller.Authentication; +using MediaBrowser.Controller.Configuration; +using MediaBrowser.Controller.Entities; +using MediaBrowser.Controller.Library; +using MediaBrowser.Model.Serialization; +using MediaBrowser.Model.Users; +using ServiceStack; +using TvDbSharper.Dto; + +namespace Emby.Server.Implementations.Library +{ + public class DefaultPasswordResetProvider : IPasswordResetProvider + { + public string Name => "Default Password Reset Provider"; + + public bool IsEnabled => true; + + private readonly string _passwordResetFileBase; + private readonly string _passwordResetFileBaseDir; + private readonly string _passwordResetFileBaseName = "passwordreset"; + + private IJsonSerializer _jsonSerializer; + private IUserManager _userManager; + + public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager) + { + _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath; + _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName); + _jsonSerializer = jsonSerializer; + _userManager = userManager; + } + + public async Task RedeemPasswordResetPin(string pin) + { + HashSet usersreset = new HashSet(); + foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) + { + var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); + if (spr.ExpirationDate > DateTime.Now) + { + File.Delete(resetfile); + } + else + { + if (spr.Pin == pin) + { + var resetUser = _userManager.GetUserByName(spr.UserName); + if (!string.IsNullOrEmpty(resetUser.Password)) + { + await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); + usersreset.Add(resetUser.Name); + } + } + } + } + + if (usersreset.Count < 1) + { + throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}"); + } + else + { + return new PinRedeemResult + { + Success = true, + UsersReset = usersreset.ToArray() + }; + } + throw new System.NotImplementedException(); + } + + public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) + { + string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); + DateTime expireTime = DateTime.Now.AddMinutes(30); + string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json"; + SerializablePasswordReset spr = new SerializablePasswordReset + { + ExpirationDate = expireTime, + Pin = pin, + PinFile = filePath, + UserName = user.Name + }; + + try + { + await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false); + } + catch (Exception e) + { + throw new Exception($"Error serializing or writing password reset for {user.Name} to location:{filePath}", e); + } + + return new ForgotPasswordResult + { + Action = ForgotPasswordAction.PinCode, + PinExpirationDate = expireTime, + PinFile = filePath + }; + } + + private class SerializablePasswordReset : PasswordPinCreationResult + { + public string Pin { get; set; } + + public string UserName { get; set; } + } + } +} -- cgit v1.2.3 From 758e35baba95278fb3b55a89dc9295e6f6dad5ac Mon Sep 17 00:00:00 2001 From: Phallacy Date: Sun, 24 Mar 2019 00:30:16 -0700 Subject: greaterthen/lessthen reversal fix --- Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index ae6fe8239..2e537c7e5 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -45,7 +45,7 @@ namespace Emby.Server.Implementations.Library foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) { var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); - if (spr.ExpirationDate > DateTime.Now) + if (spr.ExpirationDate < DateTime.Now) { File.Delete(resetfile); } @@ -111,8 +111,8 @@ namespace Emby.Server.Implementations.Library private class SerializablePasswordReset : PasswordPinCreationResult { public string Pin { get; set; } - + public string UserName { get; set; } } } -} +} -- cgit v1.2.3 From 26fe4040bfc9ef5f9e723e3c9a410fb24fb8b9b1 Mon Sep 17 00:00:00 2001 From: Phallacy Date: Sun, 24 Mar 2019 11:40:00 -0700 Subject: fixes some usings --- .../Library/DefaultPasswordResetProvider.cs | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 2e537c7e5..1ae8960ee 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -1,20 +1,15 @@ using System; -using System.Collections; using System.Collections.Generic; using System.Globalization; using System.IO; +using System.Linq; using System.Threading.Tasks; -using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Extensions; -using MediaBrowser.Controller; using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Configuration; -using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Library; using MediaBrowser.Model.Serialization; using MediaBrowser.Model.Users; -using ServiceStack; -using TvDbSharper.Dto; namespace Emby.Server.Implementations.Library { -- cgit v1.2.3 From 740c95d557515cedd3912983f7aec50bdfefb0d4 Mon Sep 17 00:00:00 2001 From: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com> Date: Mon, 25 Mar 2019 21:40:10 -0700 Subject: Apply minor suggestions from code review Co-Authored-By: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com> --- .../Library/DefaultPasswordResetProvider.cs | 223 +++++++++++---------- Emby.Server.Implementations/Library/UserManager.cs | 2 +- 2 files changed, 113 insertions(+), 112 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 1ae8960ee..46f3732d6 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -1,113 +1,114 @@ -using System; -using System.Collections.Generic; -using System.Globalization; -using System.IO; -using System.Linq; -using System.Threading.Tasks; -using MediaBrowser.Common.Extensions; -using MediaBrowser.Controller.Authentication; -using MediaBrowser.Controller.Configuration; -using MediaBrowser.Controller.Library; -using MediaBrowser.Model.Serialization; -using MediaBrowser.Model.Users; - -namespace Emby.Server.Implementations.Library -{ - public class DefaultPasswordResetProvider : IPasswordResetProvider - { - public string Name => "Default Password Reset Provider"; - - public bool IsEnabled => true; - - private readonly string _passwordResetFileBase; - private readonly string _passwordResetFileBaseDir; - private readonly string _passwordResetFileBaseName = "passwordreset"; - - private IJsonSerializer _jsonSerializer; - private IUserManager _userManager; - - public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager) - { - _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath; - _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName); - _jsonSerializer = jsonSerializer; - _userManager = userManager; - } - - public async Task RedeemPasswordResetPin(string pin) - { - HashSet usersreset = new HashSet(); - foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) - { - var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); - if (spr.ExpirationDate < DateTime.Now) - { - File.Delete(resetfile); - } - else - { - if (spr.Pin == pin) - { - var resetUser = _userManager.GetUserByName(spr.UserName); - if (!string.IsNullOrEmpty(resetUser.Password)) - { - await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); - usersreset.Add(resetUser.Name); - } - } - } - } - - if (usersreset.Count < 1) - { - throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}"); - } - else - { - return new PinRedeemResult - { - Success = true, - UsersReset = usersreset.ToArray() - }; - } - throw new System.NotImplementedException(); - } - - public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) - { - string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); - DateTime expireTime = DateTime.Now.AddMinutes(30); - string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json"; - SerializablePasswordReset spr = new SerializablePasswordReset - { - ExpirationDate = expireTime, - Pin = pin, - PinFile = filePath, - UserName = user.Name - }; - - try - { - await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false); - } - catch (Exception e) - { - throw new Exception($"Error serializing or writing password reset for {user.Name} to location:{filePath}", e); - } - - return new ForgotPasswordResult - { - Action = ForgotPasswordAction.PinCode, - PinExpirationDate = expireTime, - PinFile = filePath - }; - } - - private class SerializablePasswordReset : PasswordPinCreationResult - { - public string Pin { get; set; } +using System; +using System.Collections.Generic; +using System.Globalization; +using System.IO; +using System.Linq; +using System.Threading.Tasks; +using MediaBrowser.Common.Extensions; +using MediaBrowser.Controller.Authentication; +using MediaBrowser.Controller.Configuration; +using MediaBrowser.Controller.Library; +using MediaBrowser.Model.Serialization; +using MediaBrowser.Model.Users; - public string UserName { get; set; } - } - } +namespace Emby.Server.Implementations.Library +{ + public class DefaultPasswordResetProvider : IPasswordResetProvider + { + public string Name => "Default Password Reset Provider"; + + public bool IsEnabled => true; + + private readonly string _passwordResetFileBase; + private readonly string _passwordResetFileBaseDir; + private readonly string _passwordResetFileBaseName = "passwordreset"; + + private IJsonSerializer _jsonSerializer; + private IUserManager _userManager; + + public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager) + { + _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath; + _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName); + _jsonSerializer = jsonSerializer; + _userManager = userManager; + } + + public async Task RedeemPasswordResetPin(string pin) + { + HashSet usersreset = new HashSet(); + foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) + { + var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); + if (spr.ExpirationDate < DateTime.Now) + { + File.Delete(resetfile); + } + else + { + if (spr.Pin == pin) + { + var resetUser = _userManager.GetUserByName(spr.UserName); + if (!string.IsNullOrEmpty(resetUser.Password)) + { + await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); + usersreset.Add(resetUser.Name); + } + } + } + } + + if (usersreset.Count < 1) + { + throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}"); + } + else + { + return new PinRedeemResult + { + Success = true, + UsersReset = usersreset.ToArray() + }; + } + + throw new System.NotImplementedException(); + } + + public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) + { + string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); + DateTime expireTime = DateTime.Now.AddMinutes(30); + string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json"; + SerializablePasswordReset spr = new SerializablePasswordReset + { + ExpirationDate = expireTime, + Pin = pin, + PinFile = filePath, + UserName = user.Name + }; + + try + { + await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false); + } + catch (Exception e) + { + throw new Exception($"Error serializing or writing password reset for {user.Name} to location: {filePath}", e); + } + + return new ForgotPasswordResult + { + Action = ForgotPasswordAction.PinCode, + PinExpirationDate = expireTime, + PinFile = filePath + }; + } + + private class SerializablePasswordReset : PasswordPinCreationResult + { + public string Pin { get; set; } + + public string UserName { get; set; } + } + } } diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs index 05ec750ba..75c82ca71 100644 --- a/Emby.Server.Implementations/Library/UserManager.cs +++ b/Emby.Server.Implementations/Library/UserManager.cs @@ -373,7 +373,7 @@ namespace Emby.Server.Implementations.Library private IPasswordResetProvider GetPasswordResetProvider(User user) { - return GetPasswordResetProviders(user).First(); + return GetPasswordResetProviders(user)[0]; } private IAuthenticationProvider[] GetAuthenticationProviders(User user) -- cgit v1.2.3 From 6be8624373bba6cf25a659390874613a4ea6ba79 Mon Sep 17 00:00:00 2001 From: Phallacy Date: Mon, 25 Mar 2019 22:17:23 -0700 Subject: async improvements and post reset cleanups --- .../Library/DefaultPasswordResetProvider.cs | 27 +++++++++++----------- 1 file changed, 13 insertions(+), 14 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 46f3732d6..a589d6168 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -10,6 +10,7 @@ using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Library; using MediaBrowser.Model.Serialization; using MediaBrowser.Model.Users; +using Microsoft.Win32.SafeHandles; namespace Emby.Server.Implementations.Library { @@ -39,21 +40,19 @@ namespace Emby.Server.Implementations.Library HashSet usersreset = new HashSet(); foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) { - var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); + var spr = await _jsonSerializer.DeserializeFromStreamAsync(File.OpenRead(resetfile)).ConfigureAwait(false); if (spr.ExpirationDate < DateTime.Now) { File.Delete(resetfile); } - else + else if (spr.Pin == pin) { - if (spr.Pin == pin) + var resetUser = _userManager.GetUserByName(spr.UserName); + if (resetUser != null) { - var resetUser = _userManager.GetUserByName(spr.UserName); - if (!string.IsNullOrEmpty(resetUser.Password)) - { - await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); - usersreset.Add(resetUser.Name); - } + await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); + usersreset.Add(resetUser.Name); + File.Delete(resetfile); } } } @@ -70,15 +69,13 @@ namespace Emby.Server.Implementations.Library UsersReset = usersreset.ToArray() }; } - - throw new System.NotImplementedException(); } public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) { string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); DateTime expireTime = DateTime.Now.AddMinutes(30); - string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json"; + string filePath = _passwordResetFileBase + user.InternalId + ".json"; SerializablePasswordReset spr = new SerializablePasswordReset { ExpirationDate = expireTime, @@ -88,8 +85,10 @@ namespace Emby.Server.Implementations.Library }; try - { - await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false); + { + FileStream fileStream = File.OpenWrite(filePath); + _jsonSerializer.SerializeToStream(spr,fileStream); + await fileStream.FlushAsync().ConfigureAwait(false); } catch (Exception e) { -- cgit v1.2.3 From b07c146fd96d9ed7676adffda0333ec85f0c05b6 Mon Sep 17 00:00:00 2001 From: Bond-009 Date: Wed, 27 Mar 2019 16:17:18 -0700 Subject: Update Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs Co-Authored-By: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com> --- .../Library/DefaultPasswordResetProvider.cs | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index a589d6168..da6596743 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -40,7 +40,10 @@ namespace Emby.Server.Implementations.Library HashSet usersreset = new HashSet(); foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) { - var spr = await _jsonSerializer.DeserializeFromStreamAsync(File.OpenRead(resetfile)).ConfigureAwait(false); + using (var str = File.OpenRead(resetfile)) + { + var spr = await _jsonSerializer.DeserializeFromStreamAsync(str).ConfigureAwait(false); + } if (spr.ExpirationDate < DateTime.Now) { File.Delete(resetfile); @@ -51,7 +54,7 @@ namespace Emby.Server.Implementations.Library if (resetUser != null) { await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); - usersreset.Add(resetUser.Name); + usersreset.Add(resetUser.Name); File.Delete(resetfile); } } @@ -85,8 +88,8 @@ namespace Emby.Server.Implementations.Library }; try - { - FileStream fileStream = File.OpenWrite(filePath); + { + FileStream fileStream = File.OpenWrite(filePath); _jsonSerializer.SerializeToStream(spr,fileStream); await fileStream.FlushAsync().ConfigureAwait(false); } -- cgit v1.2.3 From 5e8496bc593399f062169c90b1820c1b8b75a73e Mon Sep 17 00:00:00 2001 From: Phallacy Date: Wed, 27 Mar 2019 22:46:25 -0700 Subject: minor fixes and usings --- .../Library/DefaultPasswordResetProvider.cs | 27 +++++++++++++--------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index da6596743..63ebc7c72 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -10,7 +10,6 @@ using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Library; using MediaBrowser.Model.Serialization; using MediaBrowser.Model.Users; -using Microsoft.Win32.SafeHandles; namespace Emby.Server.Implementations.Library { @@ -37,13 +36,15 @@ namespace Emby.Server.Implementations.Library public async Task RedeemPasswordResetPin(string pin) { + SerializablePasswordReset spr; HashSet usersreset = new HashSet(); foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) { using (var str = File.OpenRead(resetfile)) { - var spr = await _jsonSerializer.DeserializeFromStreamAsync(str).ConfigureAwait(false); - } + spr = await _jsonSerializer.DeserializeFromStreamAsync(str).ConfigureAwait(false); + } + if (spr.ExpirationDate < DateTime.Now) { File.Delete(resetfile); @@ -51,12 +52,14 @@ namespace Emby.Server.Implementations.Library else if (spr.Pin == pin) { var resetUser = _userManager.GetUserByName(spr.UserName); - if (resetUser != null) + if (resetUser == null) { - await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); - usersreset.Add(resetUser.Name); - File.Delete(resetfile); + throw new Exception($"User with a username of {spr.UserName} not found"); } + + await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); + usersreset.Add(resetUser.Name); + File.Delete(resetfile); } } @@ -76,7 +79,7 @@ namespace Emby.Server.Implementations.Library public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) { - string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); + string pin = new Random().Next(99999999).ToString("00000000", CultureInfo.InvariantCulture); DateTime expireTime = DateTime.Now.AddMinutes(30); string filePath = _passwordResetFileBase + user.InternalId + ".json"; SerializablePasswordReset spr = new SerializablePasswordReset @@ -89,9 +92,11 @@ namespace Emby.Server.Implementations.Library try { - FileStream fileStream = File.OpenWrite(filePath); - _jsonSerializer.SerializeToStream(spr,fileStream); - await fileStream.FlushAsync().ConfigureAwait(false); + using (FileStream fileStream = File.OpenWrite(filePath)) + { + _jsonSerializer.SerializeToStream(spr, fileStream); + await fileStream.FlushAsync().ConfigureAwait(false); + } } catch (Exception e) { -- cgit v1.2.3 From 48b50a22a43dde00c795fb01521fcd731c323de7 Mon Sep 17 00:00:00 2001 From: Phallacy Date: Thu, 28 Mar 2019 08:15:53 -0700 Subject: switched to a hexa string with crypto random backing --- .../Library/DefaultPasswordResetProvider.cs | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 63ebc7c72..b726fa2d0 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -8,6 +8,7 @@ using MediaBrowser.Common.Extensions; using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Library; +using MediaBrowser.Model.Cryptography; using MediaBrowser.Model.Serialization; using MediaBrowser.Model.Users; @@ -25,13 +26,15 @@ namespace Emby.Server.Implementations.Library private IJsonSerializer _jsonSerializer; private IUserManager _userManager; + private ICryptoProvider _crypto; - public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager) + public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager, ICryptoProvider cryptoProvider) { _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath; _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName); _jsonSerializer = jsonSerializer; _userManager = userManager; + _crypto = cryptoProvider; } public async Task RedeemPasswordResetPin(string pin) @@ -49,7 +52,7 @@ namespace Emby.Server.Implementations.Library { File.Delete(resetfile); } - else if (spr.Pin == pin) + else if (spr.Pin.Equals(pin, StringComparison.InvariantCultureIgnoreCase)) { var resetUser = _userManager.GetUserByName(spr.UserName); if (resetUser == null) @@ -79,7 +82,14 @@ namespace Emby.Server.Implementations.Library public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) { - string pin = new Random().Next(99999999).ToString("00000000", CultureInfo.InvariantCulture); + string pin = string.Empty; + using (var cryptoRandom = System.Security.Cryptography.RandomNumberGenerator.Create()) + { + byte[] bytes = new byte[4]; + cryptoRandom.GetBytes(bytes); + pin = bytes.ToString(); + } + DateTime expireTime = DateTime.Now.AddMinutes(30); string filePath = _passwordResetFileBase + user.InternalId + ".json"; SerializablePasswordReset spr = new SerializablePasswordReset -- cgit v1.2.3 From b56031b9f3ccfd4a8ac0413657f45645fe2e0f1e Mon Sep 17 00:00:00 2001 From: Phallacy Date: Thu, 28 Mar 2019 20:49:11 -0700 Subject: fix byte string --- Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index b726fa2d0..56540cc08 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.Globalization; using System.IO; using System.Linq; +using System.Text; using System.Threading.Tasks; using MediaBrowser.Common.Extensions; using MediaBrowser.Controller.Authentication; @@ -87,7 +88,7 @@ namespace Emby.Server.Implementations.Library { byte[] bytes = new byte[4]; cryptoRandom.GetBytes(bytes); - pin = bytes.ToString(); + pin = BitConverter.ToString(bytes); } DateTime expireTime = DateTime.Now.AddMinutes(30); -- cgit v1.2.3 From 2d396cb589722bf8a950f80abb6d6137fe084a52 Mon Sep 17 00:00:00 2001 From: Phallacy Date: Fri, 29 Mar 2019 07:10:49 -0700 Subject: adds readonly to properties --- Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 56540cc08..256399d2f 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -25,9 +25,9 @@ namespace Emby.Server.Implementations.Library private readonly string _passwordResetFileBaseDir; private readonly string _passwordResetFileBaseName = "passwordreset"; - private IJsonSerializer _jsonSerializer; - private IUserManager _userManager; - private ICryptoProvider _crypto; + private readonly IJsonSerializer _jsonSerializer; + private readonly IUserManager _userManager; + private readonly ICryptoProvider _crypto; public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager, ICryptoProvider cryptoProvider) { -- cgit v1.2.3 From 13e94a8b1b78d570a528eee65ff777412f0e83c8 Mon Sep 17 00:00:00 2001 From: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com> Date: Fri, 29 Mar 2019 12:48:07 -0700 Subject: Remove dashes from pins --- .../Library/DefaultPasswordResetProvider.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index 256399d2f..c6d475520 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -47,13 +47,13 @@ namespace Emby.Server.Implementations.Library using (var str = File.OpenRead(resetfile)) { spr = await _jsonSerializer.DeserializeFromStreamAsync(str).ConfigureAwait(false); - } + } if (spr.ExpirationDate < DateTime.Now) { File.Delete(resetfile); } - else if (spr.Pin.Equals(pin, StringComparison.InvariantCultureIgnoreCase)) + else if (spr.Pin.Replace('-', '').Equals(pin.Replace('-', ''), StringComparison.InvariantCultureIgnoreCase)) { var resetUser = _userManager.GetUserByName(spr.UserName); if (resetUser == null) @@ -85,11 +85,11 @@ namespace Emby.Server.Implementations.Library { string pin = string.Empty; using (var cryptoRandom = System.Security.Cryptography.RandomNumberGenerator.Create()) - { + { byte[] bytes = new byte[4]; cryptoRandom.GetBytes(bytes); pin = BitConverter.ToString(bytes); - } + } DateTime expireTime = DateTime.Now.AddMinutes(30); string filePath = _passwordResetFileBase + user.InternalId + ".json"; -- cgit v1.2.3 From f0fbd0232cd2367dda26f3f895926c1d0f742bdd Mon Sep 17 00:00:00 2001 From: Joshua Boniface Date: Fri, 29 Mar 2019 19:13:01 -0400 Subject: Correct bad quote characters --- Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs') diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs index c6d475520..e218749d9 100644 --- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs +++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs @@ -53,7 +53,7 @@ namespace Emby.Server.Implementations.Library { File.Delete(resetfile); } - else if (spr.Pin.Replace('-', '').Equals(pin.Replace('-', ''), StringComparison.InvariantCultureIgnoreCase)) + else if (spr.Pin.Replace("-", "").Equals(pin.Replace("-", ""), StringComparison.InvariantCultureIgnoreCase)) { var resetUser = _userManager.GetUserByName(spr.UserName); if (resetUser == null) -- cgit v1.2.3