af1152b001
Refactored all C# test files to use explicit namespace declarations and moved all using directives inside the namespace block for consistency. Updated assembly info and cache files to reflect the new build. Adjusted MvcTestingAppManifest.json to use fully qualified assembly names. No functional changes; all updates are related to code style, organization, and project metadata.
144 lines
5.5 KiB
C#
144 lines
5.5 KiB
C#
// <copyright file="DefaultPasswordResetProvider.cs" company="PlaceholderCompany">
|
|
// Copyright (c) PlaceholderCompany. All rights reserved.
|
|
// </copyright>
|
|
|
|
namespace Jellyfin.Server.Implementations.Users
|
|
{
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Globalization;
|
|
using System.IO;
|
|
using System.Security.Cryptography;
|
|
using System.Text.Json;
|
|
using System.Threading.Tasks;
|
|
using Jellyfin.Database.Implementations.Entities;
|
|
using MediaBrowser.Common;
|
|
using MediaBrowser.Common.Extensions;
|
|
using MediaBrowser.Controller.Authentication;
|
|
using MediaBrowser.Controller.Configuration;
|
|
using MediaBrowser.Controller.Library;
|
|
using MediaBrowser.Model.IO;
|
|
using MediaBrowser.Model.Users;
|
|
|
|
/// <summary>
|
|
/// The default password reset provider.
|
|
/// </summary>
|
|
public class DefaultPasswordResetProvider : IPasswordResetProvider
|
|
{
|
|
private const string BaseResetFileName = "passwordreset";
|
|
|
|
private readonly IApplicationHost _appHost;
|
|
|
|
private readonly string _passwordResetFileBase;
|
|
private readonly string _passwordResetFileBaseDir;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="DefaultPasswordResetProvider"/> class.
|
|
/// </summary>
|
|
/// <param name="configurationManager">The configuration manager.</param>
|
|
/// <param name="appHost">The application host.</param>
|
|
public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IApplicationHost appHost)
|
|
{
|
|
_passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
|
|
_passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, BaseResetFileName);
|
|
_appHost = appHost;
|
|
// TODO: Remove the circular dependency on UserManager
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public string Name => "Default Password Reset Provider";
|
|
|
|
/// <inheritdoc />
|
|
public bool IsEnabled => true;
|
|
|
|
/// <inheritdoc />
|
|
public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
|
|
{
|
|
var userManager = _appHost.Resolve<IUserManager>();
|
|
var usersReset = new List<string>();
|
|
foreach (var resetFile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{BaseResetFileName}*"))
|
|
{
|
|
SerializablePasswordReset spr;
|
|
var str = AsyncFile.OpenRead(resetFile);
|
|
await using (str.ConfigureAwait(false))
|
|
{
|
|
spr = await JsonSerializer.DeserializeAsync<SerializablePasswordReset>(str).ConfigureAwait(false)
|
|
?? throw new ResourceNotFoundException($"Provided path ({resetFile}) is not valid.");
|
|
}
|
|
|
|
if (spr.ExpirationDate < DateTime.UtcNow)
|
|
{
|
|
File.Delete(resetFile);
|
|
}
|
|
else if (string.Equals(
|
|
spr.Pin.Replace("-", string.Empty, StringComparison.Ordinal),
|
|
pin.Replace("-", string.Empty, StringComparison.Ordinal),
|
|
StringComparison.Ordinal))
|
|
{
|
|
var resetUser = userManager.GetUserByName(spr.UserName)
|
|
?? throw new ResourceNotFoundException($"User with a username of {spr.UserName} not found");
|
|
|
|
await userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
|
|
usersReset.Add(resetUser.Username);
|
|
File.Delete(resetFile);
|
|
}
|
|
}
|
|
|
|
if (usersReset.Count < 1)
|
|
{
|
|
throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
|
|
}
|
|
|
|
return new PinRedeemResult
|
|
{
|
|
Success = true,
|
|
UsersReset = usersReset.ToArray()
|
|
};
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User? user, string enteredUsername, bool isInNetwork)
|
|
{
|
|
DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
|
|
var usernameHash = enteredUsername.ToUpperInvariant().GetMD5().ToString("N", CultureInfo.InvariantCulture);
|
|
var pinFile = _passwordResetFileBase + usernameHash + ".json";
|
|
|
|
if (user is not null && isInNetwork)
|
|
{
|
|
byte[] bytes = new byte[4];
|
|
RandomNumberGenerator.Fill(bytes);
|
|
string pin = BitConverter.ToString(bytes);
|
|
|
|
SerializablePasswordReset spr = new SerializablePasswordReset
|
|
{
|
|
ExpirationDate = expireTime,
|
|
Pin = pin,
|
|
PinFile = pinFile,
|
|
UserName = user.Username
|
|
};
|
|
|
|
FileStream fileStream = AsyncFile.Create(pinFile);
|
|
await using (fileStream.ConfigureAwait(false))
|
|
{
|
|
await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
|
|
}
|
|
}
|
|
|
|
return new ForgotPasswordResult
|
|
{
|
|
Action = ForgotPasswordAction.PinCode,
|
|
PinExpirationDate = expireTime,
|
|
PinFile = pinFile
|
|
};
|
|
}
|
|
|
|
#nullable disable
|
|
private class SerializablePasswordReset : PasswordPinCreationResult
|
|
{
|
|
public string Pin { get; set; }
|
|
|
|
public string UserName { get; set; }
|
|
}
|
|
}
|
|
}
|