From 716bcc6410c91edd755ea294f5908b7f383fc326 Mon Sep 17 00:00:00 2001 From: cvium Date: Fri, 26 May 2023 19:40:40 +0200 Subject: chore: deprecate EasyPassword as it isn't very secure --- .../Users/DefaultPasswordResetProvider.cs | 2 -- .../Users/UserManager.cs | 36 ---------------------- 2 files changed, 38 deletions(-) (limited to 'Jellyfin.Server.Implementations/Users') diff --git a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs index 9601954671..cefbd0624d 100644 --- a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs +++ b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs @@ -114,8 +114,6 @@ namespace Jellyfin.Server.Implementations.Users await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false); } - user.EasyPassword = pin; - return new ForgotPasswordResult { Action = ForgotPasswordAction.PinCode, diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index c4756433e0..fa23fe148b 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -268,12 +268,6 @@ namespace Jellyfin.Server.Implementations.Users return ChangePassword(user, string.Empty); } - /// - public Task ResetEasyPassword(User user) - { - return ChangeEasyPassword(user, string.Empty, null); - } - /// public async Task ChangePassword(User user, string newPassword) { @@ -285,25 +279,6 @@ namespace Jellyfin.Server.Implementations.Users await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false); } - /// - public async Task ChangeEasyPassword(User user, string newPassword, string? newPasswordSha1) - { - if (newPassword is not null) - { - newPasswordSha1 = _cryptoProvider.CreatePasswordHash(newPassword).ToString(); - } - - if (string.IsNullOrWhiteSpace(newPasswordSha1)) - { - throw new ArgumentNullException(nameof(newPasswordSha1)); - } - - user.EasyPassword = newPasswordSha1; - await UpdateUserAsync(user).ConfigureAwait(false); - - await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false); - } - /// public UserDto GetUserDto(User user, string? remoteEndPoint = null) { @@ -315,7 +290,6 @@ namespace Jellyfin.Server.Implementations.Users ServerId = _appHost.SystemId, HasPassword = hasPassword, HasConfiguredPassword = hasPassword, - HasConfiguredEasyPassword = !string.IsNullOrEmpty(user.EasyPassword), EnableAutoLogin = user.EnableAutoLogin, LastLoginDate = user.LastLoginDate, LastActivityDate = user.LastActivityDate, @@ -832,16 +806,6 @@ namespace Jellyfin.Server.Implementations.Users } } - if (!success - && _networkManager.IsInLocalNetwork(remoteEndPoint) - && user?.EnableLocalPassword == true - && !string.IsNullOrEmpty(user.EasyPassword)) - { - // Check easy password - var passwordHash = PasswordHash.Parse(user.EasyPassword); - success = _cryptoProvider.Verify(passwordHash, password); - } - return (authenticationProvider, username, success); } -- cgit v1.2.3 From 57d8452e2a093c733d25d662e72f43a4c4c55eea Mon Sep 17 00:00:00 2001 From: cvium Date: Fri, 26 May 2023 19:52:27 +0200 Subject: refactor: admin users must have a non-empty password --- Jellyfin.Server.Implementations/Users/UserManager.cs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Jellyfin.Server.Implementations/Users') diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index c4756433e0..04c3d8a70d 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -278,6 +278,10 @@ namespace Jellyfin.Server.Implementations.Users public async Task ChangePassword(User user, string newPassword) { ArgumentNullException.ThrowIfNull(user); + if (user.HasPermission(PermissionKind.IsAdministrator) && string.IsNullOrWhiteSpace(newPassword)) + { + throw new ArgumentException("Admin user passwords must not be empty", nameof(newPassword)); + } await GetAuthenticationProvider(user).ChangePassword(user, newPassword).ConfigureAwait(false); await UpdateUserAsync(user).ConfigureAwait(false); -- cgit v1.2.3