From 09921a00aaad31c0ea4a0650e8d0ddb890dca735 Mon Sep 17 00:00:00 2001
From: Phallacy <Dragoonmac@gmail.com>
Date: Fri, 22 Mar 2019 00:01:23 -0700
Subject: made password resets an interface and per user

---
 Emby.Server.Implementations/Library/UserManager.cs | 192 +++++++--------------
 1 file changed, 67 insertions(+), 125 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 4cf703add..500bb8d66 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -79,6 +79,10 @@ namespace Emby.Server.Implementations.Library
         private IAuthenticationProvider[] _authenticationProviders;
         private DefaultAuthenticationProvider _defaultAuthenticationProvider;
 
+        private IPasswordResetProvider[] _passwordResetProviders;
+        private DefaultPasswordResetProvider _defaultPasswordResetProvider;
+        private Dictionary<string, IPasswordResetProvider> _activeResets = new Dictionary<string, IPasswordResetProvider>();
+
         public UserManager(
             ILoggerFactory loggerFactory,
             IServerConfigurationManager configurationManager,
@@ -102,8 +106,6 @@ namespace Emby.Server.Implementations.Library
             _fileSystem = fileSystem;
             ConfigurationManager = configurationManager;
             _users = Array.Empty<User>();
-
-            DeletePinFile();
         }
 
         public NameIdPair[] GetAuthenticationProviders()
@@ -120,11 +122,29 @@ namespace Emby.Server.Implementations.Library
                 .ToArray();
         }
 
-        public void AddParts(IEnumerable<IAuthenticationProvider> authenticationProviders)
+        public NameIdPair[] GetPasswordResetProviders()
+        {
+            return _passwordResetProviders
+                .Where(i => i.IsEnabled)
+                .OrderBy(i => i is DefaultPasswordResetProvider ? 0 : 1)
+                .ThenBy(i => i.Name)
+                .Select(i => new NameIdPair
+                {
+                    Name = i.Name,
+                    Id = GetPasswordResetProviderId(i)
+                })
+                .ToArray();
+        }
+
+        public void AddParts(IEnumerable<IAuthenticationProvider> authenticationProviders,IEnumerable<IPasswordResetProvider> passwordResetProviders)
         {
             _authenticationProviders = authenticationProviders.ToArray();
 
             _defaultAuthenticationProvider = _authenticationProviders.OfType<DefaultAuthenticationProvider>().First();
+
+            _passwordResetProviders = passwordResetProviders.ToArray();
+
+            _defaultPasswordResetProvider = passwordResetProviders.OfType<DefaultPasswordResetProvider>().First();
         }
 
         #region UserUpdated Event
@@ -342,11 +362,21 @@ namespace Emby.Server.Implementations.Library
             return provider.GetType().FullName;
         }
 
+        private static string GetPasswordResetProviderId(IPasswordResetProvider provider)
+        {
+            return provider.GetType().FullName;
+        }
+
         private IAuthenticationProvider GetAuthenticationProvider(User user)
         {
             return GetAuthenticationProviders(user).First();
         }
 
+        private IPasswordResetProvider GetPasswordResetProvider(User user)
+        {
+            return GetPasswordResetProviders(user).First();
+        }
+
         private IAuthenticationProvider[] GetAuthenticationProviders(User user)
         {
             var authenticationProviderId = user == null ? null : user.Policy.AuthenticationProviderId;
@@ -366,6 +396,25 @@ namespace Emby.Server.Implementations.Library
             return providers;
         }
 
+        private IPasswordResetProvider[] GetPasswordResetProviders(User user)
+        {
+            var passwordResetProviderId = user == null ? null : user.Policy.PasswordResetProviderId;
+
+            var providers = _passwordResetProviders.Where(i => i.IsEnabled).ToArray();
+
+            if (!string.IsNullOrEmpty(passwordResetProviderId))
+            {
+                providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
+            }
+
+            if (providers.Length == 0)
+            {
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
+            }
+
+            return providers;
+        }
+
         private async Task<bool> AuthenticateWithProvider(IAuthenticationProvider provider, string username, string password, User resolvedUser)
         {
             try
@@ -844,159 +893,52 @@ namespace Emby.Server.Implementations.Library
                 Id = Guid.NewGuid(),
                 DateCreated = DateTime.UtcNow,
                 DateModified = DateTime.UtcNow,
-                UsesIdForConfigurationPath = true,
-                //Salt = BCrypt.GenerateSalt()
-            };
-        }
-
-        private string PasswordResetFile => Path.Combine(ConfigurationManager.ApplicationPaths.ProgramDataPath, "passwordreset.txt");
-
-        private string _lastPin;
-        private PasswordPinCreationResult _lastPasswordPinCreationResult;
-        private int _pinAttempts;
-
-        private async Task<PasswordPinCreationResult> CreatePasswordResetPin()
-        {
-            var num = new Random().Next(1, 9999);
-
-            var path = PasswordResetFile;
-
-            var pin = num.ToString("0000", CultureInfo.InvariantCulture);
-            _lastPin = pin;
-
-            var time = TimeSpan.FromMinutes(5);
-            var expiration = DateTime.UtcNow.Add(time);
-
-            var text = new StringBuilder();
-
-            var localAddress = (await _appHost.GetLocalApiUrl(CancellationToken.None).ConfigureAwait(false)) ?? string.Empty;
-
-            text.AppendLine("Use your web browser to visit:");
-            text.AppendLine(string.Empty);
-            text.AppendLine(localAddress + "/web/index.html#!/forgotpasswordpin.html");
-            text.AppendLine(string.Empty);
-            text.AppendLine("Enter the following pin code:");
-            text.AppendLine(string.Empty);
-            text.AppendLine(pin);
-            text.AppendLine(string.Empty);
-
-            var localExpirationTime = expiration.ToLocalTime();
-            // Tuesday, 22 August 2006 06:30 AM
-            text.AppendLine("The pin code will expire at " + localExpirationTime.ToString("f1", CultureInfo.CurrentCulture));
-
-            File.WriteAllText(path, text.ToString(), Encoding.UTF8);
-
-            var result = new PasswordPinCreationResult
-            {
-                PinFile = path,
-                ExpirationDate = expiration
+                UsesIdForConfigurationPath = true
             };
-
-            _lastPasswordPinCreationResult = result;
-            _pinAttempts = 0;
-
-            return result;
         }
 
         public async Task<ForgotPasswordResult> StartForgotPasswordProcess(string enteredUsername, bool isInNetwork)
         {
-            DeletePinFile();
-
             var user = string.IsNullOrWhiteSpace(enteredUsername) ?
                 null :
                 GetUserByName(enteredUsername);
 
             var action = ForgotPasswordAction.InNetworkRequired;
-            string pinFile = null;
-            DateTime? expirationDate = null;
 
-            if (user != null && !user.Policy.IsAdministrator)
+            if (user != null && isInNetwork)
             {
-                action = ForgotPasswordAction.ContactAdmin;
+                var passwordResetProvider = GetPasswordResetProvider(user);
+                _activeResets.Add(user.Name, passwordResetProvider);
+                return await passwordResetProvider.StartForgotPasswordProcess(user, isInNetwork).ConfigureAwait(false);
             }
             else
             {
-                if (isInNetwork)
+                return new ForgotPasswordResult
                 {
-                    action = ForgotPasswordAction.PinCode;
-                }
-
-                var result = await CreatePasswordResetPin().ConfigureAwait(false);
-                pinFile = result.PinFile;
-                expirationDate = result.ExpirationDate;
+                    Action = action,
+                    PinFile = string.Empty
+                };
             }
-
-            return new ForgotPasswordResult
-            {
-                Action = action,
-                PinFile = pinFile,
-                PinExpirationDate = expirationDate
-            };
         }
 
         public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
         {
-            DeletePinFile();
-
-            var usersReset = new List<string>();
-
-            var valid = !string.IsNullOrWhiteSpace(_lastPin) &&
-                string.Equals(_lastPin, pin, StringComparison.OrdinalIgnoreCase) &&
-                _lastPasswordPinCreationResult != null &&
-                _lastPasswordPinCreationResult.ExpirationDate > DateTime.UtcNow;
-
-            if (valid)
+            foreach (var provider in _passwordResetProviders)
             {
-                _lastPin = null;
-                _lastPasswordPinCreationResult = null;
-
-                foreach (var user in Users)
+                var result = await provider.RedeemPasswordResetPin(pin).ConfigureAwait(false);
+                if (result.Success)
                 {
-                    await ResetPassword(user).ConfigureAwait(false);
-
-                    if (user.Policy.IsDisabled)
-                    {
-                        user.Policy.IsDisabled = false;
-                        UpdateUserPolicy(user, user.Policy, true);
-                    }
-                    usersReset.Add(user.Name);
-                }
-            }
-            else
-            {
-                _pinAttempts++;
-                if (_pinAttempts >= 3)
-                {
-                    _lastPin = null;
-                    _lastPasswordPinCreationResult = null;
+                    return result;
                 }
             }
 
             return new PinRedeemResult
             {
-                Success = valid,
-                UsersReset = usersReset.ToArray()
+                Success = false,
+                UsersReset = Array.Empty<string>()
             };
         }
 
-        private void DeletePinFile()
-        {
-            try
-            {
-                _fileSystem.DeleteFile(PasswordResetFile);
-            }
-            catch
-            {
-
-            }
-        }
-
-        class PasswordPinCreationResult
-        {
-            public string PinFile { get; set; }
-            public DateTime ExpirationDate { get; set; }
-        }
-
         public UserPolicy GetUserPolicy(User user)
         {
             var path = GetPolicyFilePath(user);
-- 
cgit v1.2.3


From 4e2841f0d747a9501d454fab7c7df5ce4ff86890 Mon Sep 17 00:00:00 2001
From: Claus Vium <cvium@users.noreply.github.com>
Date: Sun, 24 Mar 2019 11:41:03 -0700
Subject: Update Emby.Server.Implementations/Library/UserManager.cs

Co-Authored-By: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com>
---
 Emby.Server.Implementations/Library/UserManager.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 500bb8d66..bddec70ed 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -398,7 +398,7 @@ namespace Emby.Server.Implementations.Library
 
         private IPasswordResetProvider[] GetPasswordResetProviders(User user)
         {
-            var passwordResetProviderId = user == null ? null : user.Policy.PasswordResetProviderId;
+            var passwordResetProviderId = user?.Policy.PasswordResetProviderId;
 
             var providers = _passwordResetProviders.Where(i => i.IsEnabled).ToArray();
 
-- 
cgit v1.2.3


From 86772bd7bdd570264565c0078ddc66964860f389 Mon Sep 17 00:00:00 2001
From: Phallacy <Dragoonmac@gmail.com>
Date: Sun, 24 Mar 2019 12:17:32 -0700
Subject: removes needless dictionary

---
 Emby.Server.Implementations/Library/UserManager.cs | 2 --
 1 file changed, 2 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index bddec70ed..05ec750ba 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -81,7 +81,6 @@ namespace Emby.Server.Implementations.Library
 
         private IPasswordResetProvider[] _passwordResetProviders;
         private DefaultPasswordResetProvider _defaultPasswordResetProvider;
-        private Dictionary<string, IPasswordResetProvider> _activeResets = new Dictionary<string, IPasswordResetProvider>();
 
         public UserManager(
             ILoggerFactory loggerFactory,
@@ -908,7 +907,6 @@ namespace Emby.Server.Implementations.Library
             if (user != null && isInNetwork)
             {
                 var passwordResetProvider = GetPasswordResetProvider(user);
-                _activeResets.Add(user.Name, passwordResetProvider);
                 return await passwordResetProvider.StartForgotPasswordProcess(user, isInNetwork).ConfigureAwait(false);
             }
             else
-- 
cgit v1.2.3


From 740c95d557515cedd3912983f7aec50bdfefb0d4 Mon Sep 17 00:00:00 2001
From: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com>
Date: Mon, 25 Mar 2019 21:40:10 -0700
Subject: Apply minor suggestions from code review

Co-Authored-By: LogicalPhallacy <44458166+LogicalPhallacy@users.noreply.github.com>
---
 .../Library/DefaultPasswordResetProvider.cs        | 223 +++++++++++----------
 Emby.Server.Implementations/Library/UserManager.cs |   2 +-
 2 files changed, 113 insertions(+), 112 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs
index 1ae8960ee..46f3732d6 100644
--- a/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs
+++ b/Emby.Server.Implementations/Library/DefaultPasswordResetProvider.cs
@@ -1,113 +1,114 @@
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.IO;
-using System.Linq;
-using System.Threading.Tasks;
-using MediaBrowser.Common.Extensions;
-using MediaBrowser.Controller.Authentication;
-using MediaBrowser.Controller.Configuration;
-using MediaBrowser.Controller.Library;
-using MediaBrowser.Model.Serialization;
-using MediaBrowser.Model.Users;
-
-namespace Emby.Server.Implementations.Library
-{
-    public class DefaultPasswordResetProvider : IPasswordResetProvider
-    {
-        public string Name => "Default Password Reset Provider";
-
-        public bool IsEnabled => true;
-
-        private readonly string _passwordResetFileBase;
-        private readonly string _passwordResetFileBaseDir;
-        private readonly string _passwordResetFileBaseName = "passwordreset";
-
-        private IJsonSerializer _jsonSerializer;
-        private IUserManager _userManager;
-
-        public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager)
-        {
-            _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
-            _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName);
-            _jsonSerializer = jsonSerializer;
-            _userManager = userManager;
-        }
-
-        public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
-        {
-            HashSet<string> usersreset = new HashSet<string>();
-            foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*"))
-            {
-                var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile);
-                if (spr.ExpirationDate < DateTime.Now)
-                {
-                    File.Delete(resetfile);
-                }
-                else
-                {
-                    if (spr.Pin == pin)
-                    {
-                        var resetUser = _userManager.GetUserByName(spr.UserName);
-                        if (!string.IsNullOrEmpty(resetUser.Password))
-                        {
-                            await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
-                            usersreset.Add(resetUser.Name);
-                        }
-                    }
-                }
-            }
-
-            if (usersreset.Count < 1)
-            {
-                throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
-            }
-            else
-            {
-                return new PinRedeemResult
-                {
-                    Success = true,
-                    UsersReset = usersreset.ToArray()
-                };
-            }
-            throw new System.NotImplementedException();
-        }
-
-        public async Task<ForgotPasswordResult> StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork)
-        {
-            string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture);
-            DateTime expireTime = DateTime.Now.AddMinutes(30);
-            string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json";
-            SerializablePasswordReset spr = new SerializablePasswordReset
-            {
-                ExpirationDate = expireTime,
-                Pin = pin,
-                PinFile = filePath,
-                UserName = user.Name
-            };
-
-            try
-            {
-                await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false);
-            }
-            catch (Exception e)
-            {
-                throw new Exception($"Error serializing or writing password reset for {user.Name} to location:{filePath}", e);
-            }
-
-            return new ForgotPasswordResult
-            {
-                Action = ForgotPasswordAction.PinCode,
-                PinExpirationDate = expireTime,
-                PinFile = filePath
-            };
-        }
-
-        private class SerializablePasswordReset : PasswordPinCreationResult
-        {
-            public string Pin { get; set; }
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+using System.Threading.Tasks;
+using MediaBrowser.Common.Extensions;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Configuration;
+using MediaBrowser.Controller.Library;
+using MediaBrowser.Model.Serialization;
+using MediaBrowser.Model.Users;
 
-            public string UserName { get; set; }
-        }
-    }
+namespace Emby.Server.Implementations.Library
+{
+    public class DefaultPasswordResetProvider : IPasswordResetProvider
+    {
+        public string Name => "Default Password Reset Provider";
+
+        public bool IsEnabled => true;
+
+        private readonly string _passwordResetFileBase;
+        private readonly string _passwordResetFileBaseDir;
+        private readonly string _passwordResetFileBaseName = "passwordreset";
+
+        private IJsonSerializer _jsonSerializer;
+        private IUserManager _userManager;
+
+        public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager)
+        {
+            _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
+            _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName);
+            _jsonSerializer = jsonSerializer;
+            _userManager = userManager;
+        }
+
+        public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
+        {
+            HashSet<string> usersreset = new HashSet<string>();
+            foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*"))
+            {
+                var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile);
+                if (spr.ExpirationDate < DateTime.Now)
+                {
+                    File.Delete(resetfile);
+                }
+                else
+                {
+                    if (spr.Pin == pin)
+                    {
+                        var resetUser = _userManager.GetUserByName(spr.UserName);
+                        if (!string.IsNullOrEmpty(resetUser.Password))
+                        {
+                            await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
+                            usersreset.Add(resetUser.Name);
+                        }
+                    }
+                }
+            }
+
+            if (usersreset.Count < 1)
+            {
+                throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
+            }
+            else
+            {
+                return new PinRedeemResult
+                {
+                    Success = true,
+                    UsersReset = usersreset.ToArray()
+                };
+            }
+
+            throw new System.NotImplementedException();
+        }
+
+        public async Task<ForgotPasswordResult> StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork)
+        {
+            string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture);
+            DateTime expireTime = DateTime.Now.AddMinutes(30);
+            string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json";
+            SerializablePasswordReset spr = new SerializablePasswordReset
+            {
+                ExpirationDate = expireTime,
+                Pin = pin,
+                PinFile = filePath,
+                UserName = user.Name
+            };
+
+            try
+            {
+                await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false);
+            }
+            catch (Exception e)
+            {
+                throw new Exception($"Error serializing or writing password reset for {user.Name} to location: {filePath}", e);
+            }
+
+            return new ForgotPasswordResult
+            {
+                Action = ForgotPasswordAction.PinCode,
+                PinExpirationDate = expireTime,
+                PinFile = filePath
+            };
+        }
+
+        private class SerializablePasswordReset : PasswordPinCreationResult
+        {
+            public string Pin { get; set; }
+
+            public string UserName { get; set; }
+        }
+    }
 }
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 05ec750ba..75c82ca71 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -373,7 +373,7 @@ namespace Emby.Server.Implementations.Library
 
         private IPasswordResetProvider GetPasswordResetProvider(User user)
         {
-            return GetPasswordResetProviders(user).First();
+            return GetPasswordResetProviders(user)[0];
         }
 
         private IAuthenticationProvider[] GetAuthenticationProviders(User user)
-- 
cgit v1.2.3


From 1af9c047fbc0283f7abfb4b98918454258dfb348 Mon Sep 17 00:00:00 2001
From: Joshua Boniface <joshua@boniface.me>
Date: Sun, 7 Apr 2019 19:51:45 -0400
Subject: Override username with AuthenticationProvider

Pass back the Username directive returned by an AuthenticationProvider
to the calling code, so we may override the user-provided Username
value if the authentication provider passes this back. Useful for
instance in an LDAP scenario where what the user types may not
necessarily be the "username" that is mapped in the system, e.g.
the user providing 'mail' while 'uid' is the "username" value.
Could also then be extensible to other authentication providers
as well, should they wish to do a similar thing.
---
 Emby.Server.Implementations/Library/UserManager.cs | 44 ++++++++++++++++------
 1 file changed, 33 insertions(+), 11 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 75c82ca71..952cc6896 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -277,24 +277,35 @@ namespace Emby.Server.Implementations.Library
                 .FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
 
             var success = false;
+            string updatedUsername = null;
             IAuthenticationProvider authenticationProvider = null;
 
             if (user != null)
             {
                 var authResult = await AuthenticateLocalUser(username, password, hashedPassword, user, remoteEndPoint).ConfigureAwait(false);
                 authenticationProvider = authResult.Item1;
-                success = authResult.Item2;
+                updatedUsername = authResult.Item2;
+                success = authResult.Item3;
             }
             else
             {
                 // user is null
                 var authResult = await AuthenticateLocalUser(username, password, hashedPassword, null, remoteEndPoint).ConfigureAwait(false);
                 authenticationProvider = authResult.Item1;
-                success = authResult.Item2;
+                updatedUsername = authResult.Item2;
+                success = authResult.Item3;
 
                 if (success && authenticationProvider != null && !(authenticationProvider is DefaultAuthenticationProvider))
                 {
-                    user = await CreateUser(username).ConfigureAwait(false);
+                    // We should trust the user that the authprovider says, not what was typed
+                    if (updatedUsername != username)
+                    {
+                        username = updatedUsername;
+                    }
+
+                    // Search the database for the user again; the authprovider might have created it
+                    user = Users
+                        .FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
 
                     var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
                     if (hasNewUserPolicy != null)
@@ -414,32 +425,40 @@ namespace Emby.Server.Implementations.Library
             return providers;
         }
 
-        private async Task<bool> AuthenticateWithProvider(IAuthenticationProvider provider, string username, string password, User resolvedUser)
+        private async Task<Tuple<string, bool>> AuthenticateWithProvider(IAuthenticationProvider provider, string username, string password, User resolvedUser)
         {
             try
             {
                 var requiresResolvedUser = provider as IRequiresResolvedUser;
+                ProviderAuthenticationResult authenticationResult = null;
                 if (requiresResolvedUser != null)
                 {
-                    await requiresResolvedUser.Authenticate(username, password, resolvedUser).ConfigureAwait(false);
+                    authenticationResult = await requiresResolvedUser.Authenticate(username, password, resolvedUser).ConfigureAwait(false);
                 }
                 else
                 {
-                    await provider.Authenticate(username, password).ConfigureAwait(false);
+                    authenticationResult = await provider.Authenticate(username, password).ConfigureAwait(false);
+                }
+
+                if(authenticationResult.Username != username)
+                {
+                    _logger.LogDebug("Authentication provider provided updated username {1}", authenticationResult.Username);
+                    username = authenticationResult.Username;
                 }
 
-                return true;
+                return new Tuple<string, bool>(username, true);
             }
             catch (Exception ex)
             {
                 _logger.LogError(ex, "Error authenticating with provider {provider}", provider.Name);
 
-                return false;
+                return new Tuple<string, bool>(username, false);
             }
         }
 
-        private async Task<Tuple<IAuthenticationProvider, bool>> AuthenticateLocalUser(string username, string password, string hashedPassword, User user, string remoteEndPoint)
+        private async Task<Tuple<IAuthenticationProvider, string, bool>> AuthenticateLocalUser(string username, string password, string hashedPassword, User user, string remoteEndPoint)
         {
+            string updatedUsername = null;
             bool success = false;
             IAuthenticationProvider authenticationProvider = null;
 
@@ -458,11 +477,14 @@ namespace Emby.Server.Implementations.Library
             {
                 foreach (var provider in GetAuthenticationProviders(user))
                 {
-                    success = await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false);
+                    var providerAuthResult = await AuthenticateWithProvider(provider, username, password, user).ConfigureAwait(false);
+                    updatedUsername = providerAuthResult.Item1;
+                    success = providerAuthResult.Item2;
 
                     if (success)
                     {
                         authenticationProvider = provider;
+                        username = updatedUsername;
                         break;
                     }
                 }
@@ -484,7 +506,7 @@ namespace Emby.Server.Implementations.Library
                 }
             }
 
-            return new Tuple<IAuthenticationProvider, bool>(authenticationProvider, success);
+            return new Tuple<IAuthenticationProvider, string, bool>(authenticationProvider, username, success);
         }
 
         private void UpdateInvalidLoginAttemptCount(User user, int newValue)
-- 
cgit v1.2.3


From 1df73fdeba0aca5ff2835080659877f0a6722f17 Mon Sep 17 00:00:00 2001
From: bugfixin <steve@bugfix.in>
Date: Tue, 30 Apr 2019 19:16:53 +0000
Subject: Fix incorrect hasPassword flag when easy pin set

---
 Emby.Server.Implementations/Library/UserManager.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 952cc6896..c33bb7740 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -596,7 +596,7 @@ namespace Emby.Server.Implementations.Library
             }
 
             bool hasConfiguredPassword = GetAuthenticationProvider(user).HasPassword(user).Result;
-            bool hasConfiguredEasyPassword = string.IsNullOrEmpty(GetLocalPasswordHash(user));
+            bool hasConfiguredEasyPassword = !string.IsNullOrEmpty(GetLocalPasswordHash(user));
 
             bool hasPassword = user.Configuration.EnableLocalPassword && !string.IsNullOrEmpty(remoteEndPoint) && _networkManager.IsInLocalNetwork(remoteEndPoint) ?
                 hasConfiguredEasyPassword :
-- 
cgit v1.2.3


From c22068d6b1b84e54521d7ce31b3dac43eeb1e92e Mon Sep 17 00:00:00 2001
From: DrPandemic <bipbip500@gmail.com>
Date: Sat, 11 May 2019 19:32:20 -0400
Subject: Fix pin bug introduced in 10.3.z.

The issue is that the new easyPassword format prepends the hash
function. This PR extract the hash from "$SHA1$_hash_".
---
 .../Library/DefaultAuthenticationProvider.cs                        | 6 +++---
 Emby.Server.Implementations/Library/UserManager.cs                  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
index 3d15a8afb..0527464ff 100644
--- a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
+++ b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
@@ -19,7 +19,7 @@ namespace Emby.Server.Implementations.Library
         public string Name => "Default";
 
         public bool IsEnabled => true;
-        
+
         // This is dumb and an artifact of the backwards way auth providers were designed.
         // This version of authenticate was never meant to be called, but needs to be here for interface compat
         // Only the providers that don't provide local user support use this
@@ -27,7 +27,7 @@ namespace Emby.Server.Implementations.Library
         {
             throw new NotImplementedException();
         }
-        
+
         // This is the verson that we need to use for local users. Because reasons.
         public Task<ProviderAuthenticationResult> Authenticate(string username, string password, User resolvedUser)
         {
@@ -103,7 +103,7 @@ namespace Emby.Server.Implementations.Library
                 string hash = user.Password;
                 user.Password = string.Format("$SHA1${0}", hash);
             }
-            
+
             if (user.EasyPassword != null && !user.EasyPassword.Contains("$"))
             {
                 string hash = user.EasyPassword;
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index c33bb7740..b396ee51a 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -550,7 +550,7 @@ namespace Emby.Server.Implementations.Library
         {
             return string.IsNullOrEmpty(user.EasyPassword)
                 ? null
-                : user.EasyPassword;
+                : (new PasswordHash(user.EasyPassword)).Hash;
         }
 
         /// <summary>
-- 
cgit v1.2.3


From 69ee49bee607d716a857a1525f503575ebf6db7f Mon Sep 17 00:00:00 2001
From: DrPandemic <bipbip500@gmail.com>
Date: Sat, 25 May 2019 13:46:55 -0400
Subject: Format correctly the PIN when updating it

---
 .../Library/DefaultAuthenticationProvider.cs       | 28 ++++++++++++++++++++++
 Emby.Server.Implementations/Library/UserManager.cs | 27 ++++-----------------
 .../Authentication/IAuthenticationProvider.cs      |  3 +++
 3 files changed, 36 insertions(+), 22 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
index 0527464ff..fe09b07ff 100644
--- a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
+++ b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
@@ -165,6 +165,34 @@ namespace Emby.Server.Implementations.Library
             return user.Password;
         }
 
+        public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
+        {
+            ConvertPasswordFormat(user);
+
+            if (newPassword != null)
+            {
+                newPasswordHash = string.Format("$SHA1${0}", GetHashedString(user, newPassword));
+            }
+
+            if (string.IsNullOrWhiteSpace(newPasswordHash))
+            {
+                throw new ArgumentNullException(nameof(newPasswordHash));
+            }
+
+            user.EasyPassword = newPasswordHash;
+        }
+
+        public string GetEasyPasswordHash(User user)
+        {
+            // This should be removed in the future. This was added to let user login after
+            // Jellyfin 10.3.3 failed to save a well formatted PIN.
+            ConvertPasswordFormat(user);
+
+            return string.IsNullOrEmpty(user.EasyPassword)
+                ? null
+                : (new PasswordHash(user.EasyPassword)).Hash;
+        }
+
         public string GetHashedStringChangeAuth(string newPassword, PasswordHash passwordHash)
         {
             passwordHash.HashBytes = Encoding.UTF8.GetBytes(newPassword);
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index b396ee51a..a0b8d4ba4 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -471,7 +471,7 @@ namespace Emby.Server.Implementations.Library
             if (password == null)
             {
                 // legacy
-                success = string.Equals(_defaultAuthenticationProvider.GetPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
+                success = string.Equals(GetAuthenticationProvider(user).GetPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
             }
             else
             {
@@ -497,11 +497,11 @@ namespace Emby.Server.Implementations.Library
                     if (password == null)
                     {
                         // legacy
-                        success = string.Equals(GetLocalPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
+                        success = string.Equals(GetAuthenticationProvider(user).GetEasyPasswordHash(user), hashedPassword.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
                     }
                     else
                     {
-                        success = string.Equals(GetLocalPasswordHash(user), _defaultAuthenticationProvider.GetHashedString(user, password), StringComparison.OrdinalIgnoreCase);
+                        success = string.Equals(GetAuthenticationProvider(user).GetEasyPasswordHash(user), _defaultAuthenticationProvider.GetHashedString(user, password), StringComparison.OrdinalIgnoreCase);
                     }
                 }
             }
@@ -546,13 +546,6 @@ namespace Emby.Server.Implementations.Library
             }
         }
 
-        private string GetLocalPasswordHash(User user)
-        {
-            return string.IsNullOrEmpty(user.EasyPassword)
-                ? null
-                : (new PasswordHash(user.EasyPassword)).Hash;
-        }
-
         /// <summary>
         /// Loads the users from the repository
         /// </summary>
@@ -596,7 +589,7 @@ namespace Emby.Server.Implementations.Library
             }
 
             bool hasConfiguredPassword = GetAuthenticationProvider(user).HasPassword(user).Result;
-            bool hasConfiguredEasyPassword = !string.IsNullOrEmpty(GetLocalPasswordHash(user));
+            bool hasConfiguredEasyPassword = !string.IsNullOrEmpty(GetAuthenticationProvider(user).GetEasyPasswordHash(user));
 
             bool hasPassword = user.Configuration.EnableLocalPassword && !string.IsNullOrEmpty(remoteEndPoint) && _networkManager.IsInLocalNetwork(remoteEndPoint) ?
                 hasConfiguredEasyPassword :
@@ -884,17 +877,7 @@ namespace Emby.Server.Implementations.Library
                 throw new ArgumentNullException(nameof(user));
             }
 
-            if (newPassword != null)
-            {
-                newPasswordHash = _defaultAuthenticationProvider.GetHashedString(user, newPassword);
-            }
-
-            if (string.IsNullOrWhiteSpace(newPasswordHash))
-            {
-                throw new ArgumentNullException(nameof(newPasswordHash));
-            }
-
-            user.EasyPassword = newPasswordHash;
+            GetAuthenticationProvider(user).ChangeEasyPassword(user, newPassword, newPasswordHash);
 
             UpdateUser(user);
 
diff --git a/MediaBrowser.Controller/Authentication/IAuthenticationProvider.cs b/MediaBrowser.Controller/Authentication/IAuthenticationProvider.cs
index b9f282bd2..2cf531eed 100644
--- a/MediaBrowser.Controller/Authentication/IAuthenticationProvider.cs
+++ b/MediaBrowser.Controller/Authentication/IAuthenticationProvider.cs
@@ -11,6 +11,9 @@ namespace MediaBrowser.Controller.Authentication
         Task<ProviderAuthenticationResult> Authenticate(string username, string password);
         Task<bool> HasPassword(User user);
         Task ChangePassword(User user, string newPassword);
+        void ChangeEasyPassword(User user, string newPassword, string newPasswordHash);
+        string GetPasswordHash(User user);
+        string GetEasyPasswordHash(User user);
     }
 
     public interface IRequiresResolvedUser
-- 
cgit v1.2.3


From d78a55adb4f66b8a82449216a11657da1388ab12 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sat, 8 Jun 2019 22:54:31 -0400
Subject: Implement InvalidAuthProvider

Implements the InvalidAuthProvider, which acts as a fallback if a
configured authentication provider, e.g. LDAP, is unavailable due
to a load failure or removal. Until the user or the authentication
plugin is corrected, this will cause users with the missing provider
to be locked out, while throwing errors in the logs about the issue.

Fixes #1445 part 2
---
 .../Library/InvalidAuthProvider.cs                 | 46 ++++++++++++++++++++++
 Emby.Server.Implementations/Library/UserManager.cs | 20 +++++++---
 2 files changed, 61 insertions(+), 5 deletions(-)
 create mode 100644 Emby.Server.Implementations/Library/InvalidAuthProvider.cs

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/InvalidAuthProvider.cs b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
new file mode 100644
index 000000000..ee2569562
--- /dev/null
+++ b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
@@ -0,0 +1,46 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Entities;
+
+namespace Emby.Server.Implementations.Library
+{
+    public class InvalidAuthProvider : IAuthenticationProvider
+    {
+        public string Name => "InvalidorMissingAuthenticationProvider";
+
+        public bool IsEnabled => true;
+
+        public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
+        {
+            throw new Exception("User Account cannot login with this provider. The Normal provider for this user cannot be found");
+        }
+
+        public Task<bool> HasPassword(User user)
+        {
+            return Task.FromResult(true);
+        }
+
+        public Task ChangePassword(User user, string newPassword)
+        {
+            return Task.FromResult(true);
+        }
+
+        public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
+        {
+            // Nothing here   
+        }
+
+        public string GetPasswordHash(User user)
+        {
+            return "";
+        }
+
+        public string GetEasyPasswordHash(User user)
+        {
+            return "";
+        }
+    }
+}
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index a0b8d4ba4..ca43f7aaa 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -79,6 +79,8 @@ namespace Emby.Server.Implementations.Library
         private IAuthenticationProvider[] _authenticationProviders;
         private DefaultAuthenticationProvider _defaultAuthenticationProvider;
 
+        private InvalidAuthProvider _invalidAuthProvider;
+
         private IPasswordResetProvider[] _passwordResetProviders;
         private DefaultPasswordResetProvider _defaultPasswordResetProvider;
 
@@ -141,6 +143,8 @@ namespace Emby.Server.Implementations.Library
 
             _defaultAuthenticationProvider = _authenticationProviders.OfType<DefaultAuthenticationProvider>().First();
 
+            _invalidAuthProvider = _authenticationProviders.OfType<InvalidAuthProvider>().First();
+
             _passwordResetProviders = passwordResetProviders.ToArray();
 
             _defaultPasswordResetProvider = passwordResetProviders.OfType<DefaultPasswordResetProvider>().First();
@@ -307,11 +311,14 @@ namespace Emby.Server.Implementations.Library
                     user = Users
                         .FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
 
-                    var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
-                    if (hasNewUserPolicy != null)
+                    if (authenticationProvider.GetType() != typeof(InvalidAuthProvider))
                     {
-                        var policy = hasNewUserPolicy.GetNewUserPolicy();
-                        UpdateUserPolicy(user, policy, true);
+                        var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
+                        if (hasNewUserPolicy != null)
+                        {
+                            var policy = hasNewUserPolicy.GetNewUserPolicy();
+                            UpdateUserPolicy(user, policy, true);
+                        }
                     }
                 }
             }
@@ -400,7 +407,10 @@ namespace Emby.Server.Implementations.Library
 
             if (providers.Length == 0)
             {
-                providers = new IAuthenticationProvider[] { _defaultAuthenticationProvider };
+                // this function used to assign any user without an auth provider to the default.
+                // we're going to have it use a new function now.
+                _logger.LogWarning($"The user {user.Name} was found but no Authentication Provider with ID: {user.Policy.AuthenticationProviderId} was found. Assigning user to InvalidAuthProvider temporarily");
+                providers = new IAuthenticationProvider[] { _invalidAuthProvider };
             }
 
             return providers;
-- 
cgit v1.2.3


From 74ef3898798033a7cad987c4a869e7e72f57b229 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 11:07:35 -0400
Subject: Add nicer log message and comment

---
 Emby.Server.Implementations/Library/UserManager.cs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index ca43f7aaa..83584acf3 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -407,9 +407,8 @@ namespace Emby.Server.Implementations.Library
 
             if (providers.Length == 0)
             {
-                // this function used to assign any user without an auth provider to the default.
-                // we're going to have it use a new function now.
-                _logger.LogWarning($"The user {user.Name} was found but no Authentication Provider with ID: {user.Policy.AuthenticationProviderId} was found. Assigning user to InvalidAuthProvider temporarily");
+                // Assign the user to the InvalidAuthProvider since no configured auth provider was valid/found
+                _logger.LogWarning("User {0} was found with invalid/missing Authentication Provider {1}. Assigning user to InvalidAuthProvider until this is corrected", user.Name, user.Policy.AuthenticationProviderId);
                 providers = new IAuthenticationProvider[] { _invalidAuthProvider };
             }
 
-- 
cgit v1.2.3


From b70083f3b370055b2942e450291ce42345732cb7 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 13:41:14 -0400
Subject: Apply suggestions from code review

Co-Authored-By: Claus Vium <cvium@users.noreply.github.com>
Co-Authored-By: Bond-009 <bond.009@outlook.com>
---
 Emby.Server.Implementations/Library/InvalidAuthProvider.cs | 8 ++++----
 Emby.Server.Implementations/Library/UserManager.cs         | 5 ++---
 2 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/InvalidAuthProvider.cs b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
index ee2569562..133864708 100644
--- a/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
+++ b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
@@ -9,7 +9,7 @@ namespace Emby.Server.Implementations.Library
 {
     public class InvalidAuthProvider : IAuthenticationProvider
     {
-        public string Name => "InvalidorMissingAuthenticationProvider";
+        public string Name => "InvalidOrMissingAuthenticationProvider";
 
         public bool IsEnabled => true;
 
@@ -25,7 +25,7 @@ namespace Emby.Server.Implementations.Library
 
         public Task ChangePassword(User user, string newPassword)
         {
-            return Task.FromResult(true);
+            return Task.CompletedTask;
         }
 
         public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
@@ -35,12 +35,12 @@ namespace Emby.Server.Implementations.Library
 
         public string GetPasswordHash(User user)
         {
-            return "";
+            return string.Empty;
         }
 
         public string GetEasyPasswordHash(User user)
         {
-            return "";
+            return string.Empty;
         }
     }
 }
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 83584acf3..04abfc315 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -313,8 +313,7 @@ namespace Emby.Server.Implementations.Library
 
                     if (authenticationProvider.GetType() != typeof(InvalidAuthProvider))
                     {
-                        var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
-                        if (hasNewUserPolicy != null)
+                        if (authenticationProvider is IHasNewUserPolicy hasNewUserPolicy)
                         {
                             var policy = hasNewUserPolicy.GetNewUserPolicy();
                             UpdateUserPolicy(user, policy, true);
@@ -408,7 +407,7 @@ namespace Emby.Server.Implementations.Library
             if (providers.Length == 0)
             {
                 // Assign the user to the InvalidAuthProvider since no configured auth provider was valid/found
-                _logger.LogWarning("User {0} was found with invalid/missing Authentication Provider {1}. Assigning user to InvalidAuthProvider until this is corrected", user.Name, user.Policy.AuthenticationProviderId);
+                _logger.LogWarning("User {UserName} was found with invalid/missing Authentication Provider {AuthenticationProviderId}. Assigning user to InvalidAuthProvider until this is corrected", user.Name, user.Policy.AuthenticationProviderId);
                 providers = new IAuthenticationProvider[] { _invalidAuthProvider };
             }
 
-- 
cgit v1.2.3


From c230d49d7c37d4fbe77676b835c3afd6c8cb56e7 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 13:46:53 -0400
Subject: Don't set a default reset provider

---
 Emby.Server.Implementations/Library/UserManager.cs | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 04abfc315..4233ea8f4 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -425,11 +425,6 @@ namespace Emby.Server.Implementations.Library
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
             }
 
-            if (providers.Length == 0)
-            {
-                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
-            }
-
             return providers;
         }
 
-- 
cgit v1.2.3


From 4b8f735cb89901bd1004d590f4f2820c23e2493c Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 13:57:49 -0400
Subject: Remove superfluous conditional

This wasn't needed to prevent updating the policy on-disk from my
tests and can be removed as suggested by @Bond-009
---
 Emby.Server.Implementations/Library/UserManager.cs | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 4233ea8f4..16becbd52 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -311,13 +311,10 @@ namespace Emby.Server.Implementations.Library
                     user = Users
                         .FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
 
-                    if (authenticationProvider.GetType() != typeof(InvalidAuthProvider))
+                    if (authenticationProvider is IHasNewUserPolicy hasNewUserPolicy)
                     {
-                        if (authenticationProvider is IHasNewUserPolicy hasNewUserPolicy)
-                        {
-                            var policy = hasNewUserPolicy.GetNewUserPolicy();
-                            UpdateUserPolicy(user, policy, true);
-                        }
+                        var policy = hasNewUserPolicy.GetNewUserPolicy();
+                        UpdateUserPolicy(user, policy, true);
                     }
                 }
             }
-- 
cgit v1.2.3


From 2946ae10092cddadade4c84cfa000129bf117e03 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 15:27:38 -0400
Subject: Revert "Don't set a default reset provider"

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7.

This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.

Removing this in the first place was due to a misunderstanding
anyways so no harm.
---
 Emby.Server.Implementations/Library/UserManager.cs | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 16becbd52..ff375e590 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
             }
 
+            if (providers.Length == 0)
+            {
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
+            }
+
             return providers;
         }
 
-- 
cgit v1.2.3


From d961278b3dcab57910b260115cd45d9831e6443e Mon Sep 17 00:00:00 2001
From: Bond_009 <Bond.009@outlook.com>
Date: Wed, 3 Apr 2019 18:15:04 +0200
Subject: Reduce amount of raw sql

---
 .../Data/SqliteUserRepository.cs                   | 23 ++++++------
 Emby.Server.Implementations/Library/UserManager.cs | 42 +++++++++++-----------
 2 files changed, 34 insertions(+), 31 deletions(-)

(limited to 'Emby.Server.Implementations/Library/UserManager.cs')

diff --git a/Emby.Server.Implementations/Data/SqliteUserRepository.cs b/Emby.Server.Implementations/Data/SqliteUserRepository.cs
index cd364e7f4..de2354eef 100644
--- a/Emby.Server.Implementations/Data/SqliteUserRepository.cs
+++ b/Emby.Server.Implementations/Data/SqliteUserRepository.cs
@@ -75,10 +75,8 @@ namespace Emby.Server.Implementations.Data
 
         private void RemoveEmptyPasswordHashes(ManagedConnection connection)
         {
-            foreach (var row in connection.Query("select id,guid,data from LocalUsersv2"))
+            foreach (var user in RetrieveAllUsers(connection))
             {
-                var user = GetUser(row);
-
                 // If the user password is the sha1 hash of the empty string, remove it
                 if (!string.Equals(user.Password, "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709", StringComparison.Ordinal)
                     && !string.Equals(user.Password, "$SHA1$DA39A3EE5E6B4B0D3255BFEF95601890AFD80709", StringComparison.Ordinal))
@@ -198,17 +196,22 @@ namespace Emby.Server.Implementations.Data
         /// <returns>IEnumerable{User}.</returns>
         public List<User> RetrieveAllUsers()
         {
-            var list = new List<User>();
-
             using (var connection = GetConnection(true))
             {
-                foreach (var row in connection.Query("select id,guid,data from LocalUsersv2"))
-                {
-                    list.Add(GetUser(row));
-                }
+                return new List<User>(RetrieveAllUsers(connection));
             }
+        }
 
-            return list;
+        /// <summary>
+        /// Retrieve all users from the database
+        /// </summary>
+        /// <returns>IEnumerable{User}.</returns>
+        private IEnumerable<User> RetrieveAllUsers(ManagedConnection connection)
+        {
+            foreach (var row in connection.Query("select id,guid,data from LocalUsersv2"))
+            {
+                yield return GetUser(row);
+            }
         }
 
         /// <summary>
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index ff375e590..1701ced42 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -222,9 +222,8 @@ namespace Emby.Server.Implementations.Library
 
         public void Initialize()
         {
-            _users = LoadUsers();
-
-            var users = Users.ToList();
+            var users = LoadUsers();
+            _users = users.ToArray();
 
             // If there are no local users with admin rights, make them all admins
             if (!users.Any(i => i.Policy.IsAdministrator))
@@ -555,35 +554,36 @@ namespace Emby.Server.Implementations.Library
         /// Loads the users from the repository
         /// </summary>
         /// <returns>IEnumerable{User}.</returns>
-        private User[] LoadUsers()
+        private List<User> LoadUsers()
         {
             var users = UserRepository.RetrieveAllUsers();
 
             // There always has to be at least one user.
-            if (users.Count == 0)
+            if (users.Count != 0)
             {
-                var defaultName = Environment.UserName;
-                if (string.IsNullOrWhiteSpace(defaultName))
-                {
-                    defaultName = "MyJellyfinUser";
-                }
-                var name = MakeValidUsername(defaultName);
+                return users;
+            }
 
-                var user = InstantiateNewUser(name);
+            var defaultName = Environment.UserName;
+            if (string.IsNullOrWhiteSpace(defaultName))
+            {
+                defaultName = "MyJellyfinUser";
+            }
 
-                user.DateLastSaved = DateTime.UtcNow;
+            var name = MakeValidUsername(defaultName);
 
-                UserRepository.CreateUser(user);
+            var user = InstantiateNewUser(name);
+
+            user.DateLastSaved = DateTime.UtcNow;
 
-                users.Add(user);
+            UserRepository.CreateUser(user);
 
-                user.Policy.IsAdministrator = true;
-                user.Policy.EnableContentDeletion = true;
-                user.Policy.EnableRemoteControlOfOtherUsers = true;
-                UpdateUserPolicy(user, user.Policy, false);
-            }
+            user.Policy.IsAdministrator = true;
+            user.Policy.EnableContentDeletion = true;
+            user.Policy.EnableRemoteControlOfOtherUsers = true;
+            UpdateUserPolicy(user, user.Policy, false);
 
-            return users.ToArray();
+            return new List<User> { user };
         }
 
         public UserDto GetUserDto(User user, string remoteEndPoint = null)
-- 
cgit v1.2.3