chore: deprecate EasyPassword as it isn't very secure

This commit is contained in:
cvium 2023-05-26 19:40:40 +02:00
parent 4a9bcbd626
commit 716bcc6410
8 changed files with 18 additions and 108 deletions

View File

@ -323,36 +323,16 @@ public class UserController : BaseJellyfinApiController
/// <response code="404">User not found.</response> /// <response code="404">User not found.</response>
/// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns> /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
[HttpPost("{userId}/EasyPassword")] [HttpPost("{userId}/EasyPassword")]
[Obsolete("Use Quick Connect instead")]
[Authorize] [Authorize]
[ProducesResponseType(StatusCodes.Status204NoContent)] [ProducesResponseType(StatusCodes.Status204NoContent)]
[ProducesResponseType(StatusCodes.Status403Forbidden)] [ProducesResponseType(StatusCodes.Status403Forbidden)]
[ProducesResponseType(StatusCodes.Status404NotFound)] [ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<ActionResult> UpdateUserEasyPassword( public ActionResult UpdateUserEasyPassword(
[FromRoute, Required] Guid userId, [FromRoute, Required] Guid userId,
[FromBody, Required] UpdateUserEasyPassword request) [FromBody, Required] UpdateUserEasyPassword request)
{ {
if (!RequestHelpers.AssertCanUpdateUser(_userManager, User, userId, true)) return BadRequest("Deprecated");
{
return StatusCode(StatusCodes.Status403Forbidden, "User is not allowed to update the easy password.");
}
var user = _userManager.GetUserById(userId);
if (user is null)
{
return NotFound("User not found");
}
if (request.ResetPassword)
{
await _userManager.ResetEasyPassword(user).ConfigureAwait(false);
}
else
{
await _userManager.ChangeEasyPassword(user, request.NewPw ?? string.Empty, request.NewPassword ?? string.Empty).ConfigureAwait(false);
}
return NoContent();
} }
/// <summary> /// <summary>

View File

@ -91,16 +91,6 @@ namespace Jellyfin.Data.Entities
[StringLength(65535)] [StringLength(65535)]
public string? Password { get; set; } public string? Password { get; set; }
/// <summary>
/// Gets or sets the user's easy password, or <c>null</c> if none is set.
/// </summary>
/// <remarks>
/// Max length = 65535.
/// </remarks>
[MaxLength(65535)]
[StringLength(65535)]
public string? EasyPassword { get; set; }
/// <summary> /// <summary>
/// Gets or sets a value indicating whether the user must update their password. /// Gets or sets a value indicating whether the user must update their password.
/// </summary> /// </summary>

View File

@ -15,9 +15,7 @@ namespace Jellyfin.Server.Implementations.Migrations
protected override void BuildModel(ModelBuilder modelBuilder) protected override void BuildModel(ModelBuilder modelBuilder)
{ {
#pragma warning disable 612, 618 #pragma warning disable 612, 618
modelBuilder modelBuilder.HasAnnotation("ProductVersion", "7.0.5");
.HasDefaultSchema("jellyfin")
.HasAnnotation("ProductVersion", "6.0.9");
modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b => modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>
{ {
@ -41,7 +39,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId"); b.HasIndex("UserId");
b.ToTable("AccessSchedules", "jellyfin"); b.ToTable("AccessSchedules");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.ActivityLog", b => modelBuilder.Entity("Jellyfin.Data.Entities.ActivityLog", b =>
@ -89,7 +87,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("DateCreated"); b.HasIndex("DateCreated");
b.ToTable("ActivityLogs", "jellyfin"); b.ToTable("ActivityLogs");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.CustomItemDisplayPreferences", b => modelBuilder.Entity("Jellyfin.Data.Entities.CustomItemDisplayPreferences", b =>
@ -121,7 +119,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId", "ItemId", "Client", "Key") b.HasIndex("UserId", "ItemId", "Client", "Key")
.IsUnique(); .IsUnique();
b.ToTable("CustomItemDisplayPreferences", "jellyfin"); b.ToTable("CustomItemDisplayPreferences");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b => modelBuilder.Entity("Jellyfin.Data.Entities.DisplayPreferences", b =>
@ -178,7 +176,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId", "ItemId", "Client") b.HasIndex("UserId", "ItemId", "Client")
.IsUnique(); .IsUnique();
b.ToTable("DisplayPreferences", "jellyfin"); b.ToTable("DisplayPreferences");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.HomeSection", b => modelBuilder.Entity("Jellyfin.Data.Entities.HomeSection", b =>
@ -200,7 +198,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("DisplayPreferencesId"); b.HasIndex("DisplayPreferencesId");
b.ToTable("HomeSection", "jellyfin"); b.ToTable("HomeSection");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.ImageInfo", b => modelBuilder.Entity("Jellyfin.Data.Entities.ImageInfo", b =>
@ -225,7 +223,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId") b.HasIndex("UserId")
.IsUnique(); .IsUnique();
b.ToTable("ImageInfos", "jellyfin"); b.ToTable("ImageInfos");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.ItemDisplayPreferences", b => modelBuilder.Entity("Jellyfin.Data.Entities.ItemDisplayPreferences", b =>
@ -269,7 +267,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId"); b.HasIndex("UserId");
b.ToTable("ItemDisplayPreferences", "jellyfin"); b.ToTable("ItemDisplayPreferences");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.Permission", b => modelBuilder.Entity("Jellyfin.Data.Entities.Permission", b =>
@ -300,7 +298,7 @@ namespace Jellyfin.Server.Implementations.Migrations
.IsUnique() .IsUnique()
.HasFilter("[UserId] IS NOT NULL"); .HasFilter("[UserId] IS NOT NULL");
b.ToTable("Permissions", "jellyfin"); b.ToTable("Permissions");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.Preference", b => modelBuilder.Entity("Jellyfin.Data.Entities.Preference", b =>
@ -333,7 +331,7 @@ namespace Jellyfin.Server.Implementations.Migrations
.IsUnique() .IsUnique()
.HasFilter("[UserId] IS NOT NULL"); .HasFilter("[UserId] IS NOT NULL");
b.ToTable("Preferences", "jellyfin"); b.ToTable("Preferences");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.Security.ApiKey", b => modelBuilder.Entity("Jellyfin.Data.Entities.Security.ApiKey", b =>
@ -362,7 +360,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("AccessToken") b.HasIndex("AccessToken")
.IsUnique(); .IsUnique();
b.ToTable("ApiKeys", "jellyfin"); b.ToTable("ApiKeys");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b => modelBuilder.Entity("Jellyfin.Data.Entities.Security.Device", b =>
@ -420,7 +418,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("UserId", "DeviceId"); b.HasIndex("UserId", "DeviceId");
b.ToTable("Devices", "jellyfin"); b.ToTable("Devices");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.Security.DeviceOptions", b => modelBuilder.Entity("Jellyfin.Data.Entities.Security.DeviceOptions", b =>
@ -441,7 +439,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("DeviceId") b.HasIndex("DeviceId")
.IsUnique(); .IsUnique();
b.ToTable("DeviceOptions", "jellyfin"); b.ToTable("DeviceOptions");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.User", b => modelBuilder.Entity("Jellyfin.Data.Entities.User", b =>
@ -465,10 +463,6 @@ namespace Jellyfin.Server.Implementations.Migrations
b.Property<bool>("DisplayMissingEpisodes") b.Property<bool>("DisplayMissingEpisodes")
.HasColumnType("INTEGER"); .HasColumnType("INTEGER");
b.Property<string>("EasyPassword")
.HasMaxLength(65535)
.HasColumnType("TEXT");
b.Property<bool>("EnableAutoLogin") b.Property<bool>("EnableAutoLogin")
.HasColumnType("INTEGER"); .HasColumnType("INTEGER");
@ -554,7 +548,7 @@ namespace Jellyfin.Server.Implementations.Migrations
b.HasIndex("Username") b.HasIndex("Username")
.IsUnique(); .IsUnique();
b.ToTable("Users", "jellyfin"); b.ToTable("Users");
}); });
modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b => modelBuilder.Entity("Jellyfin.Data.Entities.AccessSchedule", b =>

View File

@ -114,8 +114,6 @@ namespace Jellyfin.Server.Implementations.Users
await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false); await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
} }
user.EasyPassword = pin;
return new ForgotPasswordResult return new ForgotPasswordResult
{ {
Action = ForgotPasswordAction.PinCode, Action = ForgotPasswordAction.PinCode,

View File

@ -268,12 +268,6 @@ namespace Jellyfin.Server.Implementations.Users
return ChangePassword(user, string.Empty); return ChangePassword(user, string.Empty);
} }
/// <inheritdoc/>
public Task ResetEasyPassword(User user)
{
return ChangeEasyPassword(user, string.Empty, null);
}
/// <inheritdoc/> /// <inheritdoc/>
public async Task ChangePassword(User user, string newPassword) public async Task ChangePassword(User user, string newPassword)
{ {
@ -285,25 +279,6 @@ namespace Jellyfin.Server.Implementations.Users
await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false); await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false);
} }
/// <inheritdoc/>
public async Task ChangeEasyPassword(User user, string newPassword, string? newPasswordSha1)
{
if (newPassword is not null)
{
newPasswordSha1 = _cryptoProvider.CreatePasswordHash(newPassword).ToString();
}
if (string.IsNullOrWhiteSpace(newPasswordSha1))
{
throw new ArgumentNullException(nameof(newPasswordSha1));
}
user.EasyPassword = newPasswordSha1;
await UpdateUserAsync(user).ConfigureAwait(false);
await _eventManager.PublishAsync(new UserPasswordChangedEventArgs(user)).ConfigureAwait(false);
}
/// <inheritdoc/> /// <inheritdoc/>
public UserDto GetUserDto(User user, string? remoteEndPoint = null) public UserDto GetUserDto(User user, string? remoteEndPoint = null)
{ {
@ -315,7 +290,6 @@ namespace Jellyfin.Server.Implementations.Users
ServerId = _appHost.SystemId, ServerId = _appHost.SystemId,
HasPassword = hasPassword, HasPassword = hasPassword,
HasConfiguredPassword = hasPassword, HasConfiguredPassword = hasPassword,
HasConfiguredEasyPassword = !string.IsNullOrEmpty(user.EasyPassword),
EnableAutoLogin = user.EnableAutoLogin, EnableAutoLogin = user.EnableAutoLogin,
LastLoginDate = user.LastLoginDate, LastLoginDate = user.LastLoginDate,
LastActivityDate = user.LastActivityDate, LastActivityDate = user.LastActivityDate,
@ -832,16 +806,6 @@ namespace Jellyfin.Server.Implementations.Users
} }
} }
if (!success
&& _networkManager.IsInLocalNetwork(remoteEndPoint)
&& user?.EnableLocalPassword == true
&& !string.IsNullOrEmpty(user.EasyPassword))
{
// Check easy password
var passwordHash = PasswordHash.Parse(user.EasyPassword);
success = _cryptoProvider.Verify(passwordHash, password);
}
return (authenticationProvider, username, success); return (authenticationProvider, username, success);
} }

View File

@ -127,7 +127,6 @@ namespace Jellyfin.Server.Migrations.Routines
RememberSubtitleSelections = config.RememberSubtitleSelections, RememberSubtitleSelections = config.RememberSubtitleSelections,
SubtitleLanguagePreference = config.SubtitleLanguagePreference, SubtitleLanguagePreference = config.SubtitleLanguagePreference,
Password = mockup.Password, Password = mockup.Password,
EasyPassword = mockup.EasyPassword,
LastLoginDate = mockup.LastLoginDate, LastLoginDate = mockup.LastLoginDate,
LastActivityDate = mockup.LastActivityDate LastActivityDate = mockup.LastActivityDate
}; };

View File

@ -96,13 +96,6 @@ namespace MediaBrowser.Controller.Library
/// <returns>Task.</returns> /// <returns>Task.</returns>
Task ResetPassword(User user); Task ResetPassword(User user);
/// <summary>
/// Resets the easy password.
/// </summary>
/// <param name="user">The user.</param>
/// <returns>Task.</returns>
Task ResetEasyPassword(User user);
/// <summary> /// <summary>
/// Changes the password. /// Changes the password.
/// </summary> /// </summary>
@ -111,15 +104,6 @@ namespace MediaBrowser.Controller.Library
/// <returns>Awaitable task.</returns> /// <returns>Awaitable task.</returns>
Task ChangePassword(User user, string newPassword); Task ChangePassword(User user, string newPassword);
/// <summary>
/// Changes the easy password.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="newPassword">New password to use.</param>
/// <param name="newPasswordSha1">Hash of new password.</param>
/// <returns>Task.</returns>
Task ChangeEasyPassword(User user, string newPassword, string newPasswordSha1);
/// <summary> /// <summary>
/// Gets the user dto. /// Gets the user dto.
/// </summary> /// </summary>

View File

@ -66,6 +66,7 @@ namespace MediaBrowser.Model.Dto
/// Gets or sets a value indicating whether this instance has configured easy password. /// Gets or sets a value indicating whether this instance has configured easy password.
/// </summary> /// </summary>
/// <value><c>true</c> if this instance has configured easy password; otherwise, <c>false</c>.</value> /// <value><c>true</c> if this instance has configured easy password; otherwise, <c>false</c>.</value>
[Obsolete("Easy Password has been replaced with Quick Connect")]
public bool HasConfiguredEasyPassword { get; set; } public bool HasConfiguredEasyPassword { get; set; }
/// <summary> /// <summary>