diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
index e8d47cad52..831391cee6 100644
--- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs
@@ -203,6 +203,7 @@ namespace Emby.Server.Implementations.HttpServer
case DirectoryNotFoundException _:
case FileNotFoundException _:
case ResourceNotFoundException _: return 404;
+ case MethodNotAllowedException _: return 405;
case RemoteServiceUnavailableException _: return 502;
default: return 500;
}
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
index a6849f75f5..497800d263 100644
--- a/MediaBrowser.Api/UserService.cs
+++ b/MediaBrowser.Api/UserService.cs
@@ -379,10 +379,15 @@ namespace MediaBrowser.Api
throw new ResourceNotFoundException("User not found");
}
+ if (!string.IsNullOrEmpty(request.Password) && string.IsNullOrEmpty(request.Pw))
+ {
+ throw new MethodNotAllowedException("Hashed-only passwords are not valid for this API.");
+ }
+
return Post(new AuthenticateUserByName
{
Username = user.Name,
- Password = request.Password,
+ Password = null, // This should always be null
Pw = request.Pw
});
}
diff --git a/MediaBrowser.Common/Extensions/ResourceNotFoundException.cs b/MediaBrowser.Common/Extensions/ResourceNotFoundException.cs
index f62c65fd7f..9f70ae7d89 100644
--- a/MediaBrowser.Common/Extensions/ResourceNotFoundException.cs
+++ b/MediaBrowser.Common/Extensions/ResourceNotFoundException.cs
@@ -26,6 +26,30 @@ namespace MediaBrowser.Common.Extensions
}
}
+ ///
+ /// Class MethodNotAllowedException
+ ///
+ public class MethodNotAllowedException : Exception
+ {
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ public MethodNotAllowedException()
+ {
+
+ }
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// The message.
+ public MethodNotAllowedException(string message)
+ : base(message)
+ {
+
+ }
+ }
+
public class RemoteServiceUnavailableException : Exception
{
public RemoteServiceUnavailableException()