jellyfin/MediaBrowser.Server.Implementations/Library/UserManager.cs

770 lines
26 KiB
C#
Raw Normal View History

2014-11-11 21:51:40 -07:00
using MediaBrowser.Common.Events;
2013-02-20 18:33:05 -07:00
using MediaBrowser.Common.Extensions;
2014-08-15 09:35:41 -07:00
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
2013-03-03 22:43:06 -07:00
using MediaBrowser.Controller.Configuration;
2014-10-13 21:22:17 -07:00
using MediaBrowser.Controller.Connect;
2014-08-15 09:35:41 -07:00
using MediaBrowser.Controller.Drawing;
using MediaBrowser.Controller.Dto;
2013-02-20 18:33:05 -07:00
using MediaBrowser.Controller.Entities;
using MediaBrowser.Controller.Library;
2014-11-14 19:31:03 -07:00
using MediaBrowser.Controller.Net;
using MediaBrowser.Controller.Persistence;
using MediaBrowser.Controller.Providers;
2014-06-21 22:52:31 -07:00
using MediaBrowser.Model.Configuration;
2014-10-15 20:26:39 -07:00
using MediaBrowser.Model.Connect;
2014-08-15 09:35:41 -07:00
using MediaBrowser.Model.Dto;
using MediaBrowser.Model.Entities;
2014-05-08 13:09:53 -07:00
using MediaBrowser.Model.Events;
using MediaBrowser.Model.Logging;
2014-06-21 22:52:31 -07:00
using MediaBrowser.Model.Serialization;
using MediaBrowser.Model.Users;
2013-02-20 18:33:05 -07:00
using System;
using System.Collections.Generic;
using System.Globalization;
2013-07-08 09:13:21 -07:00
using System.IO;
2013-02-20 18:33:05 -07:00
using System.Linq;
using System.Security.Cryptography;
using System.Text;
2013-02-20 18:33:05 -07:00
using System.Threading;
using System.Threading.Tasks;
namespace MediaBrowser.Server.Implementations.Library
2013-02-20 18:33:05 -07:00
{
/// <summary>
/// Class UserManager
/// </summary>
public class UserManager : IUserManager
2013-02-20 18:33:05 -07:00
{
/// <summary>
/// Gets the users.
/// </summary>
/// <value>The users.</value>
2013-12-26 07:20:30 -07:00
public IEnumerable<User> Users { get; private set; }
2013-03-15 22:52:33 -07:00
2013-02-21 14:39:53 -07:00
/// <summary>
/// The _logger
/// </summary>
private readonly ILogger _logger;
2013-03-03 22:43:06 -07:00
/// <summary>
/// Gets or sets the configuration manager.
/// </summary>
/// <value>The configuration manager.</value>
private IServerConfigurationManager ConfigurationManager { get; set; }
/// <summary>
/// Gets the active user repository
/// </summary>
/// <value>The user repository.</value>
private IUserRepository UserRepository { get; set; }
2014-08-10 15:13:17 -07:00
public event EventHandler<GenericEventArgs<User>> UserPasswordChanged;
2014-06-21 22:52:31 -07:00
private readonly IXmlSerializer _xmlSerializer;
2014-08-15 09:35:41 -07:00
private readonly INetworkManager _networkManager;
private readonly Func<IImageProcessor> _imageProcessorFactory;
private readonly Func<IDtoService> _dtoServiceFactory;
2014-10-13 21:22:17 -07:00
private readonly Func<IConnectManager> _connectFactory;
private readonly IServerApplicationHost _appHost;
2014-08-15 09:35:41 -07:00
2013-02-20 18:33:05 -07:00
/// <summary>
/// Initializes a new instance of the <see cref="UserManager" /> class.
/// </summary>
2013-02-21 14:39:53 -07:00
/// <param name="logger">The logger.</param>
2013-03-03 22:43:06 -07:00
/// <param name="configurationManager">The configuration manager.</param>
2013-12-26 07:20:30 -07:00
/// <param name="userRepository">The user repository.</param>
public UserManager(ILogger logger, IServerConfigurationManager configurationManager, IUserRepository userRepository, IXmlSerializer xmlSerializer, INetworkManager networkManager, Func<IImageProcessor> imageProcessorFactory, Func<IDtoService> dtoServiceFactory, Func<IConnectManager> connectFactory, IServerApplicationHost appHost)
2013-02-20 18:33:05 -07:00
{
2013-02-21 14:39:53 -07:00
_logger = logger;
UserRepository = userRepository;
2014-06-21 22:52:31 -07:00
_xmlSerializer = xmlSerializer;
2014-08-15 09:35:41 -07:00
_networkManager = networkManager;
_imageProcessorFactory = imageProcessorFactory;
_dtoServiceFactory = dtoServiceFactory;
2014-10-13 21:22:17 -07:00
_connectFactory = connectFactory;
2014-10-23 21:54:35 -07:00
_appHost = appHost;
2013-03-03 22:43:06 -07:00
ConfigurationManager = configurationManager;
2013-12-26 07:20:30 -07:00
Users = new List<User>();
DeletePinFile();
2013-02-20 18:33:05 -07:00
}
#region UserUpdated Event
/// <summary>
/// Occurs when [user updated].
/// </summary>
public event EventHandler<GenericEventArgs<User>> UserUpdated;
2014-06-21 22:52:31 -07:00
public event EventHandler<GenericEventArgs<User>> UserConfigurationUpdated;
2014-09-14 11:47:48 -07:00
2013-02-20 18:33:05 -07:00
/// <summary>
/// Called when [user updated].
/// </summary>
/// <param name="user">The user.</param>
private void OnUserUpdated(User user)
2013-02-20 18:33:05 -07:00
{
2014-05-13 17:46:45 -07:00
EventHelper.FireEventIfNotNull(UserUpdated, this, new GenericEventArgs<User> { Argument = user }, _logger);
2013-02-20 18:33:05 -07:00
}
#endregion
#region UserDeleted Event
/// <summary>
/// Occurs when [user deleted].
/// </summary>
public event EventHandler<GenericEventArgs<User>> UserDeleted;
/// <summary>
/// Called when [user deleted].
/// </summary>
/// <param name="user">The user.</param>
private void OnUserDeleted(User user)
2013-02-20 18:33:05 -07:00
{
2013-02-21 14:39:53 -07:00
EventHelper.QueueEventIfNotNull(UserDeleted, this, new GenericEventArgs<User> { Argument = user }, _logger);
2013-02-20 18:33:05 -07:00
}
#endregion
/// <summary>
/// Gets a User by Id
/// </summary>
/// <param name="id">The id.</param>
/// <returns>User.</returns>
/// <exception cref="System.ArgumentNullException"></exception>
public User GetUserById(Guid id)
{
if (id == Guid.Empty)
{
throw new ArgumentNullException("id");
}
return Users.FirstOrDefault(u => u.Id == id);
}
2013-03-15 22:52:33 -07:00
2014-09-14 08:10:51 -07:00
/// <summary>
/// Gets the user by identifier.
/// </summary>
/// <param name="id">The identifier.</param>
/// <returns>User.</returns>
public User GetUserById(string id)
{
return GetUserById(new Guid(id));
}
2014-09-14 11:47:48 -07:00
public User GetUserByName(string name)
{
if (string.IsNullOrWhiteSpace(name))
{
throw new ArgumentNullException("name");
}
return Users.FirstOrDefault(u => string.Equals(u.Name, name, StringComparison.OrdinalIgnoreCase));
}
2013-12-26 07:20:30 -07:00
public async Task Initialize()
{
Users = await LoadUsers().ConfigureAwait(false);
}
2014-10-16 21:52:41 -07:00
public Task<bool> AuthenticateUser(string username, string passwordSha1, string remoteEndPoint)
{
return AuthenticateUser(username, passwordSha1, null, remoteEndPoint);
}
public async Task<bool> AuthenticateUser(string username, string passwordSha1, string passwordMd5, string remoteEndPoint)
2013-02-20 18:33:05 -07:00
{
2014-07-02 11:34:08 -07:00
if (string.IsNullOrWhiteSpace(username))
2013-02-20 18:33:05 -07:00
{
2014-07-02 11:34:08 -07:00
throw new ArgumentNullException("username");
2013-02-20 18:33:05 -07:00
}
2014-10-19 20:04:45 -07:00
var user = Users.FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
if (user == null)
{
2014-11-14 19:31:03 -07:00
throw new SecurityException("Invalid username or password entered.");
2014-10-19 20:04:45 -07:00
}
2014-07-02 11:34:08 -07:00
2013-07-08 09:13:21 -07:00
if (user.Configuration.IsDisabled)
{
2014-11-14 19:31:03 -07:00
throw new SecurityException(string.Format("The {0} account is currently disabled. Please consult with your administrator.", user.Name));
2013-07-08 09:13:21 -07:00
}
2014-10-16 21:52:41 -07:00
var success = false;
// Authenticate using local credentials if not a guest
if (!user.ConnectLinkType.HasValue || user.ConnectLinkType.Value != UserLinkType.Guest)
{
success = string.Equals(GetPasswordHash(user), passwordSha1.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
if (!success && _networkManager.IsInLocalNetwork(remoteEndPoint) && user.Configuration.EnableLocalPassword)
{
success = string.Equals(GetLocalPasswordHash(user), passwordSha1.Replace("-", string.Empty), StringComparison.OrdinalIgnoreCase);
}
}
2013-02-20 18:33:05 -07:00
2014-10-16 21:52:41 -07:00
// Maybe user accidently entered connect credentials. let's be flexible
if (!success && user.ConnectLinkType.HasValue && !string.IsNullOrWhiteSpace(passwordMd5))
2014-08-15 09:35:41 -07:00
{
2014-10-16 21:52:41 -07:00
try
{
await _connectFactory().Authenticate(user.ConnectUserName, passwordMd5).ConfigureAwait(false);
success = true;
}
catch
{
}
2014-08-15 09:35:41 -07:00
}
2013-02-20 18:33:05 -07:00
// Update LastActivityDate and LastLoginDate, then save
if (success)
{
user.LastActivityDate = user.LastLoginDate = DateTime.UtcNow;
await UpdateUser(user).ConfigureAwait(false);
}
2013-02-21 14:39:53 -07:00
_logger.Info("Authentication request for {0} {1}.", user.Name, (success ? "has succeeded" : "has been denied"));
2013-02-20 18:33:05 -07:00
return success;
}
2014-08-15 09:35:41 -07:00
private string GetPasswordHash(User user)
{
return string.IsNullOrEmpty(user.Password)
? GetSha1String(string.Empty)
: user.Password;
}
private string GetLocalPasswordHash(User user)
{
return string.IsNullOrEmpty(user.LocalPassword)
? GetSha1String(string.Empty)
: user.LocalPassword;
}
private bool IsPasswordEmpty(string passwordHash)
{
return string.Equals(passwordHash, GetSha1String(string.Empty), StringComparison.OrdinalIgnoreCase);
}
2013-03-12 22:19:03 -07:00
/// <summary>
/// Gets the sha1 string.
/// </summary>
/// <param name="str">The STR.</param>
/// <returns>System.String.</returns>
private static string GetSha1String(string str)
{
using (var provider = SHA1.Create())
{
var hash = provider.ComputeHash(Encoding.UTF8.GetBytes(str));
return BitConverter.ToString(hash).Replace("-", string.Empty);
}
}
2013-02-20 18:33:05 -07:00
/// <summary>
/// Loads the users from the repository
/// </summary>
/// <returns>IEnumerable{User}.</returns>
2013-12-26 07:20:30 -07:00
private async Task<IEnumerable<User>> LoadUsers()
2013-02-20 18:33:05 -07:00
{
var users = UserRepository.RetrieveAllUsers().ToList();
2013-02-20 18:33:05 -07:00
// There always has to be at least one user.
if (users.Count == 0)
{
var name = Environment.UserName;
2014-10-15 20:26:39 -07:00
var user = InstantiateNewUser(name, false);
2013-02-20 18:33:05 -07:00
2013-12-06 13:07:34 -07:00
user.DateLastSaved = DateTime.UtcNow;
2013-12-26 07:20:30 -07:00
await UserRepository.SaveUser(user, CancellationToken.None).ConfigureAwait(false);
2013-02-20 18:33:05 -07:00
users.Add(user);
2014-09-14 08:10:51 -07:00
user.Configuration.IsAdministrator = true;
user.Configuration.EnableRemoteControlOfOtherUsers = true;
2014-09-14 08:10:51 -07:00
UpdateConfiguration(user, user.Configuration);
2013-02-20 18:33:05 -07:00
}
return users;
}
2014-08-15 09:35:41 -07:00
public UserDto GetUserDto(User user, string remoteEndPoint = null)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
var passwordHash = GetPasswordHash(user);
var hasConfiguredDefaultPassword = !IsPasswordEmpty(passwordHash);
var hasPassword = user.Configuration.EnableLocalPassword && !string.IsNullOrEmpty(remoteEndPoint) && _networkManager.IsInLocalNetwork(remoteEndPoint) ?
!IsPasswordEmpty(GetLocalPasswordHash(user)) :
hasConfiguredDefaultPassword;
var dto = new UserDto
{
Id = user.Id.ToString("N"),
Name = user.Name,
HasPassword = hasPassword,
HasConfiguredPassword = hasConfiguredDefaultPassword,
LastActivityDate = user.LastActivityDate,
LastLoginDate = user.LastLoginDate,
2014-09-14 11:47:48 -07:00
Configuration = user.Configuration,
ConnectLinkType = user.ConnectLinkType,
ConnectUserId = user.ConnectUserId,
2014-10-23 21:54:35 -07:00
ConnectUserName = user.ConnectUserName,
ServerId = _appHost.SystemId
2014-08-15 09:35:41 -07:00
};
var image = user.GetImageInfo(ImageType.Primary, 0);
if (image != null)
{
dto.PrimaryImageTag = GetImageCacheTag(user, image);
try
{
_dtoServiceFactory().AttachPrimaryImageAspectRatio(dto, user);
}
catch (Exception ex)
{
// Have to use a catch-all unfortunately because some .net image methods throw plain Exceptions
_logger.ErrorException("Error generating PrimaryImageAspectRatio for {0}", ex, user.Name);
}
}
return dto;
}
private string GetImageCacheTag(BaseItem item, ItemImageInfo image)
{
try
{
return _imageProcessorFactory().GetImageCacheTag(item, image);
}
catch (Exception ex)
{
_logger.ErrorException("Error getting {0} image info for {1}", ex, image.Type, image.Path);
return null;
}
}
2013-02-20 18:33:05 -07:00
/// <summary>
/// Refreshes metadata for each user
/// </summary>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>Task.</returns>
public Task RefreshUsersMetadata(CancellationToken cancellationToken)
2013-02-20 18:33:05 -07:00
{
var tasks = Users.Select(user => user.RefreshMetadata(new MetadataRefreshOptions(), cancellationToken)).ToList();
2013-02-20 18:33:05 -07:00
return Task.WhenAll(tasks);
}
/// <summary>
/// Renames the user.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="newName">The new name.</param>
/// <returns>Task.</returns>
/// <exception cref="System.ArgumentNullException">user</exception>
/// <exception cref="System.ArgumentException"></exception>
public async Task RenameUser(User user, string newName)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (string.IsNullOrEmpty(newName))
{
throw new ArgumentNullException("newName");
}
if (Users.Any(u => u.Id != user.Id && u.Name.Equals(newName, StringComparison.OrdinalIgnoreCase)))
2013-02-20 18:33:05 -07:00
{
throw new ArgumentException(string.Format("A user with the name '{0}' already exists.", newName));
}
if (user.Name.Equals(newName, StringComparison.Ordinal))
{
throw new ArgumentException("The new and old names must be different.");
}
await user.Rename(newName);
OnUserUpdated(user);
}
/// <summary>
/// Updates the user.
/// </summary>
/// <param name="user">The user.</param>
/// <exception cref="System.ArgumentNullException">user</exception>
/// <exception cref="System.ArgumentException"></exception>
public async Task UpdateUser(User user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
if (user.Id == Guid.Empty || !Users.Any(u => u.Id.Equals(user.Id)))
2013-02-20 18:33:05 -07:00
{
throw new ArgumentException(string.Format("User with name '{0}' and Id {1} does not exist.", user.Name, user.Id));
}
user.DateModified = DateTime.UtcNow;
2013-12-06 13:07:34 -07:00
user.DateLastSaved = DateTime.UtcNow;
2013-02-20 18:33:05 -07:00
await UserRepository.SaveUser(user, CancellationToken.None).ConfigureAwait(false);
2013-02-20 18:33:05 -07:00
OnUserUpdated(user);
}
2013-07-06 19:01:14 -07:00
public event EventHandler<GenericEventArgs<User>> UserCreated;
2013-12-26 07:20:30 -07:00
2014-03-25 14:13:55 -07:00
private readonly SemaphoreSlim _userListLock = new SemaphoreSlim(1, 1);
2013-02-20 18:33:05 -07:00
/// <summary>
/// Creates the user.
/// </summary>
/// <param name="name">The name.</param>
/// <returns>User.</returns>
/// <exception cref="System.ArgumentNullException">name</exception>
/// <exception cref="System.ArgumentException"></exception>
public async Task<User> CreateUser(string name)
{
2014-07-26 10:30:15 -07:00
if (string.IsNullOrWhiteSpace(name))
2013-02-20 18:33:05 -07:00
{
throw new ArgumentNullException("name");
}
if (Users.Any(u => u.Name.Equals(name, StringComparison.OrdinalIgnoreCase)))
2013-02-20 18:33:05 -07:00
{
throw new ArgumentException(string.Format("A user with the name '{0}' already exists.", name));
}
2014-03-25 14:13:55 -07:00
await _userListLock.WaitAsync(CancellationToken.None).ConfigureAwait(false);
2013-02-20 18:33:05 -07:00
2014-03-25 14:13:55 -07:00
try
{
2014-10-15 20:26:39 -07:00
var user = InstantiateNewUser(name, true);
2013-02-20 18:33:05 -07:00
2014-03-25 14:13:55 -07:00
var list = Users.ToList();
list.Add(user);
Users = list;
2013-12-26 07:20:30 -07:00
2014-03-25 14:13:55 -07:00
user.DateLastSaved = DateTime.UtcNow;
2013-02-20 18:33:05 -07:00
2014-03-25 14:13:55 -07:00
await UserRepository.SaveUser(user, CancellationToken.None).ConfigureAwait(false);
2013-12-26 07:20:30 -07:00
2014-03-25 14:13:55 -07:00
EventHelper.QueueEventIfNotNull(UserCreated, this, new GenericEventArgs<User> { Argument = user }, _logger);
return user;
}
finally
{
_userListLock.Release();
}
2013-02-20 18:33:05 -07:00
}
/// <summary>
/// Deletes the user.
/// </summary>
/// <param name="user">The user.</param>
/// <returns>Task.</returns>
/// <exception cref="System.ArgumentNullException">user</exception>
/// <exception cref="System.ArgumentException"></exception>
public async Task DeleteUser(User user)
{
if (user == null)
{
throw new ArgumentNullException("user");
}
2014-10-13 21:22:17 -07:00
if (user.ConnectLinkType.HasValue)
{
await _connectFactory().RemoveConnect(user.Id.ToString("N")).ConfigureAwait(false);
}
var allUsers = Users.ToList();
if (allUsers.FirstOrDefault(u => u.Id == user.Id) == null)
2013-02-20 18:33:05 -07:00
{
throw new ArgumentException(string.Format("The user cannot be deleted because there is no user with the Name {0} and Id {1}.", user.Name, user.Id));
}
if (allUsers.Count == 1)
{
throw new ArgumentException(string.Format("The user '{0}' cannot be deleted because there must be at least one user in the system.", user.Name));
}
if (user.Configuration.IsAdministrator && allUsers.Count(i => i.Configuration.IsAdministrator) == 1)
2013-02-20 18:33:05 -07:00
{
throw new ArgumentException(string.Format("The user '{0}' cannot be deleted because there must be at least one admin user in the system.", user.Name));
2013-02-20 18:33:05 -07:00
}
2014-03-25 14:13:55 -07:00
await _userListLock.WaitAsync(CancellationToken.None).ConfigureAwait(false);
2014-02-20 22:04:11 -07:00
try
{
2014-03-25 14:13:55 -07:00
await UserRepository.DeleteUser(user, CancellationToken.None).ConfigureAwait(false);
var path = user.ConfigurationFilePath;
try
{
File.Delete(path);
}
catch (IOException ex)
{
_logger.ErrorException("Error deleting file {0}", ex, path);
}
// Force this to be lazy loaded again
Users = await LoadUsers().ConfigureAwait(false);
OnUserDeleted(user);
2014-02-20 22:04:11 -07:00
}
2014-03-25 14:13:55 -07:00
finally
{
2014-03-25 14:13:55 -07:00
_userListLock.Release();
}
2013-02-20 18:33:05 -07:00
}
2013-03-12 22:19:03 -07:00
/// <summary>
/// Resets the password by clearing it.
/// </summary>
/// <returns>Task.</returns>
public Task ResetPassword(User user)
{
2014-11-05 12:28:41 -07:00
return ChangePassword(user, GetSha1String(string.Empty));
2013-03-12 22:19:03 -07:00
}
/// <summary>
/// Changes the password.
/// </summary>
/// <param name="user">The user.</param>
2014-11-05 12:28:41 -07:00
/// <param name="newPasswordSha1">The new password sha1.</param>
2013-03-12 22:19:03 -07:00
/// <returns>Task.</returns>
2014-11-05 12:28:41 -07:00
/// <exception cref="System.ArgumentNullException">
/// user
/// or
/// newPassword
/// </exception>
/// <exception cref="System.ArgumentException">Passwords for guests cannot be changed.</exception>
public async Task ChangePassword(User user, string newPasswordSha1)
2013-03-12 22:19:03 -07:00
{
if (user == null)
{
throw new ArgumentNullException("user");
}
2014-11-05 12:28:41 -07:00
if (string.IsNullOrWhiteSpace(newPasswordSha1))
{
throw new ArgumentNullException("newPasswordSha1");
}
2013-03-12 22:19:03 -07:00
2014-10-15 20:26:39 -07:00
if (user.ConnectLinkType.HasValue && user.ConnectLinkType.Value == UserLinkType.Guest)
{
throw new ArgumentException("Passwords for guests cannot be changed.");
}
2014-11-05 12:28:41 -07:00
user.Password = newPasswordSha1;
2013-03-12 22:19:03 -07:00
2014-08-10 15:13:17 -07:00
await UpdateUser(user).ConfigureAwait(false);
EventHelper.FireEventIfNotNull(UserPasswordChanged, this, new GenericEventArgs<User>(user), _logger);
2013-03-12 22:19:03 -07:00
}
2013-02-20 18:33:05 -07:00
/// <summary>
/// Instantiates the new user.
/// </summary>
/// <param name="name">The name.</param>
2014-10-15 20:26:39 -07:00
/// <param name="checkId">if set to <c>true</c> [check identifier].</param>
2013-02-20 18:33:05 -07:00
/// <returns>User.</returns>
2014-10-15 20:26:39 -07:00
private User InstantiateNewUser(string name, bool checkId)
2013-02-20 18:33:05 -07:00
{
2014-10-15 20:26:39 -07:00
var id = ("MBUser" + name).GetMD5();
if (checkId && Users.Select(i => i.Id).Contains(id))
{
id = Guid.NewGuid();
}
2014-10-13 21:22:17 -07:00
2013-02-20 18:33:05 -07:00
return new User
{
Name = name,
2014-10-15 20:26:39 -07:00
Id = id,
2013-02-20 18:33:05 -07:00
DateCreated = DateTime.UtcNow,
2014-09-14 08:10:51 -07:00
DateModified = DateTime.UtcNow,
UsesIdForConfigurationPath = true
2013-02-20 18:33:05 -07:00
};
}
2013-07-06 19:01:14 -07:00
2014-06-21 22:52:31 -07:00
public void UpdateConfiguration(User user, UserConfiguration newConfiguration)
{
var xmlPath = user.ConfigurationFilePath;
Directory.CreateDirectory(Path.GetDirectoryName(xmlPath));
_xmlSerializer.SerializeToFile(newConfiguration, xmlPath);
2013-07-06 19:01:14 -07:00
2014-06-21 22:52:31 -07:00
EventHelper.FireEventIfNotNull(UserConfigurationUpdated, this, new GenericEventArgs<User> { Argument = user }, _logger);
}
private string PasswordResetFile
{
get { return Path.Combine(ConfigurationManager.ApplicationPaths.ProgramDataPath, "passwordreset.txt"); }
}
private string _lastPin;
private PasswordPinCreationResult _lastPasswordPinCreationResult;
private int _pinAttempts;
private PasswordPinCreationResult CreatePasswordResetPin()
{
var num = new Random().Next(1, 9999);
var path = PasswordResetFile;
var pin = num.ToString("0000", CultureInfo.InvariantCulture);
_lastPin = pin;
var time = TimeSpan.FromMinutes(5);
var expiration = DateTime.UtcNow.Add(time);
var text = new StringBuilder();
var info = _appHost.GetSystemInfo();
var localAddress = info.LocalAddress ?? string.Empty;
text.AppendLine("Use your web browser to visit:");
text.AppendLine(string.Empty);
text.AppendLine(localAddress + "/mediabrowser/web/forgotpasswordpin.html");
text.AppendLine(string.Empty);
text.AppendLine("Enter the following pin code:");
text.AppendLine(string.Empty);
text.AppendLine(pin);
text.AppendLine(string.Empty);
text.AppendLine("The pin code will expire at " + expiration.ToLocalTime().ToShortDateString() + " " + expiration.ToLocalTime().ToShortTimeString());
File.WriteAllText(path, text.ToString(), Encoding.UTF8);
var result = new PasswordPinCreationResult
{
PinFile = path,
ExpirationDate = expiration
};
_lastPasswordPinCreationResult = result;
_pinAttempts = 0;
return result;
}
public ForgotPasswordResult StartForgotPasswordProcess(string enteredUsername, bool isInNetwork)
{
DeletePinFile();
var user = string.IsNullOrWhiteSpace(enteredUsername) ?
null :
GetUserByName(enteredUsername);
if (user != null && user.ConnectLinkType.HasValue && user.ConnectLinkType.Value == UserLinkType.Guest)
{
throw new ArgumentException("Unable to process forgot password request for guests.");
}
var action = ForgotPasswordAction.InNetworkRequired;
string pinFile = null;
DateTime? expirationDate = null;
if (user != null && !user.Configuration.IsAdministrator)
{
action = ForgotPasswordAction.ContactAdmin;
}
else
{
if (isInNetwork)
{
action = ForgotPasswordAction.PinCode;
}
var result = CreatePasswordResetPin();
pinFile = result.PinFile;
expirationDate = result.ExpirationDate;
}
return new ForgotPasswordResult
{
Action = action,
PinFile = pinFile,
PinExpirationDate = expirationDate
};
}
public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
{
DeletePinFile();
var usersReset = new List<string>();
var valid = !string.IsNullOrWhiteSpace(_lastPin) &&
string.Equals(_lastPin, pin, StringComparison.OrdinalIgnoreCase) &&
_lastPasswordPinCreationResult != null &&
_lastPasswordPinCreationResult.ExpirationDate > DateTime.UtcNow;
if (valid)
{
_lastPin = null;
_lastPasswordPinCreationResult = null;
var users = Users.Where(i => !i.ConnectLinkType.HasValue || i.ConnectLinkType.Value != UserLinkType.Guest)
.ToList();
foreach (var user in users)
{
await ResetPassword(user).ConfigureAwait(false);
usersReset.Add(user.Name);
}
}
else
{
_pinAttempts++;
if (_pinAttempts >= 3)
{
_lastPin = null;
_lastPasswordPinCreationResult = null;
}
}
return new PinRedeemResult
{
Success = valid,
UsersReset = usersReset.ToArray()
};
}
private void DeletePinFile()
{
try
{
File.Delete(PasswordResetFile);
}
catch
{
}
}
class PasswordPinCreationResult
{
public string PinFile { get; set; }
public DateTime ExpirationDate { get; set; }
}
2013-02-20 18:33:05 -07:00
}
}