From 0f18482ba604cf67ab85cada716648012d2738d7 Mon Sep 17 00:00:00 2001
From: Vasily <JustAMan@users.noreply.github.com>
Date: Fri, 22 Nov 2019 11:17:24 +0300
Subject: Merge pull request #2034 from Bond-009/easypass

Fix easy password

(cherry picked from commit 13dd63d631d63ad9e1818af88a3662cae7c88f52)
Signed-off-by: Joshua Boniface <joshua@boniface.me>
---
 Emby.Server.Implementations/Library/UserManager.cs | 27 +++++++++++-----------
 1 file changed, 14 insertions(+), 13 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 52b2f56ff..ffd46b6fc 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -24,6 +24,7 @@ using MediaBrowser.Controller.Providers;
 using MediaBrowser.Controller.Security;
 using MediaBrowser.Controller.Session;
 using MediaBrowser.Model.Configuration;
+using MediaBrowser.Model.Cryptography;
 using MediaBrowser.Model.Dto;
 using MediaBrowser.Model.Entities;
 using MediaBrowser.Model.Events;
@@ -60,6 +61,7 @@ namespace Emby.Server.Implementations.Library
         private readonly Func<IDtoService> _dtoServiceFactory;
         private readonly IServerApplicationHost _appHost;
         private readonly IFileSystem _fileSystem;
+        private readonly ICryptoProvider _cryptoProvider;
 
         private ConcurrentDictionary<Guid, User> _users;
 
@@ -80,7 +82,8 @@ namespace Emby.Server.Implementations.Library
             Func<IDtoService> dtoServiceFactory,
             IServerApplicationHost appHost,
             IJsonSerializer jsonSerializer,
-            IFileSystem fileSystem)
+            IFileSystem fileSystem,
+            ICryptoProvider cryptoProvider)
         {
             _logger = logger;
             _userRepository = userRepository;
@@ -91,6 +94,7 @@ namespace Emby.Server.Implementations.Library
             _appHost = appHost;
             _jsonSerializer = jsonSerializer;
             _fileSystem = fileSystem;
+            _cryptoProvider = cryptoProvider;
             _users = null;
         }
 
@@ -475,24 +479,21 @@ namespace Emby.Server.Implementations.Library
 
             if (!success
                 && _networkManager.IsInLocalNetwork(remoteEndPoint)
-                && user.Configuration.EnableLocalPassword)
+                && user.Configuration.EnableLocalPassword
+                && !string.IsNullOrEmpty(user.EasyPassword))
             {
-                success = string.Equals(
-                    GetLocalPasswordHash(user),
-                    _defaultAuthenticationProvider.GetHashedString(user, password),
-                    StringComparison.OrdinalIgnoreCase);
+                // Check easy password
+                var passwordHash = PasswordHash.Parse(user.EasyPassword);
+                var hash = _cryptoProvider.ComputeHash(
+                    passwordHash.Id,
+                    Encoding.UTF8.GetBytes(password),
+                    passwordHash.Salt);
+                success = passwordHash.Hash.SequenceEqual(hash);
             }
 
             return (authenticationProvider, username, success);
         }
 
-        private string GetLocalPasswordHash(User user)
-        {
-            return string.IsNullOrEmpty(user.EasyPassword)
-                ? null
-                : ToHexString(PasswordHash.Parse(user.EasyPassword).Hash);
-        }
-
         private void ResetInvalidLoginAttemptCount(User user)
         {
             user.Policy.InvalidLoginAttemptCount = 0;
-- 
cgit v1.2.3