Merge pull request #3316 from aled/check-stored-password-exists

Fix server error when user enters a password, but none is set.
2024-07-09 23:30:50 +02:00 · 2020-06-19 16:59:35 +02:00 · 2020-06-19 16:59:35 +02:00 · cae3ed8aeb
parent fbefddbb81 991b6fb739
commit cae3ed8aeb
1 changed files with 19 additions and 15 deletions
--- a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
@ -63,25 +63,29 @@ namespace Jellyfin.Server.Implementations.Users
                });
            }

-            byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
-
-            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
-            if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
-                || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
+            // Handle the case when the stored password is null, but the user tried to login with a password
+            if (resolvedUser.Password != null)
            {
-                byte[] calculatedHash = _cryptographyProvider.ComputeHash(
-                    readyHash.Id,
-                    passwordBytes,
-                    readyHash.Salt.ToArray());
+                byte[] passwordBytes = Encoding.UTF8.GetBytes(password);

-                if (readyHash.Hash.SequenceEqual(calculatedHash))
+                PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
+                if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
+                    || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
                {
-                    success = true;
+                    byte[] calculatedHash = _cryptographyProvider.ComputeHash(
+                        readyHash.Id,
+                        passwordBytes,
+                        readyHash.Salt.ToArray());
+
+                    if (readyHash.Hash.SequenceEqual(calculatedHash))
+                    {
+                        success = true;
+                    }
+                }
+                else
+                {
+                    throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
                }
-            }
-            else
-            {
-                throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
            }

            if (!success)