From c722ad22ece5ee7dd68b41521c2716a50364f42a Mon Sep 17 00:00:00 2001
From: aled <aled@wibblr.com>
Date: Thu, 11 Jun 2020 14:24:50 +0100
Subject: [PATCH] Handle the case when the stored password is null, but the
 user tried to login with a password.

---
 .../Library/DefaultAuthenticationProvider.cs  | 34 +++++++++++--------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
index 02f1506076..7c7bfa1111 100644
--- a/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
+++ b/Emby.Server.Implementations/Library/DefaultAuthenticationProvider.cs
@@ -61,25 +61,29 @@ namespace Emby.Server.Implementations.Library
                 });
             }
 
-            byte[] passwordbytes = Encoding.UTF8.GetBytes(password);
-
-            PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
-            if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
-                || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
+            // Handle the case when the stored password is null, but the user tried to login with a password
+            if (resolvedUser.Password != null)
             {
-                byte[] calculatedHash = _cryptographyProvider.ComputeHash(
-                    readyHash.Id,
-                    passwordbytes,
-                    readyHash.Salt.ToArray());
+                byte[] passwordbytes = Encoding.UTF8.GetBytes(password);
 
-                if (readyHash.Hash.SequenceEqual(calculatedHash))
+                PasswordHash readyHash = PasswordHash.Parse(resolvedUser.Password);
+                if (_cryptographyProvider.GetSupportedHashMethods().Contains(readyHash.Id)
+                    || _cryptographyProvider.DefaultHashMethod == readyHash.Id)
                 {
-                    success = true;
+                    byte[] calculatedHash = _cryptographyProvider.ComputeHash(
+                        readyHash.Id,
+                        passwordbytes,
+                        readyHash.Salt.ToArray());
+
+                    if (readyHash.Hash.SequenceEqual(calculatedHash))
+                    {
+                        success = true;
+                    }
+                }
+                else
+                {
+                    throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
                 }
-            }
-            else
-            {
-                throw new AuthenticationException($"Requested crypto method not available in provider: {readyHash.Id}");
             }
 
             if (!success)