From d78a55adb4f66b8a82449216a11657da1388ab12 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sat, 8 Jun 2019 22:54:31 -0400
Subject: [PATCH] Implement InvalidAuthProvider

Implements the InvalidAuthProvider, which acts as a fallback if a
configured authentication provider, e.g. LDAP, is unavailable due
to a load failure or removal. Until the user or the authentication
plugin is corrected, this will cause users with the missing provider
to be locked out, while throwing errors in the logs about the issue.

Fixes #1445 part 2
---
 .../Library/InvalidAuthProvider.cs            | 46 +++++++++++++++++++
 .../Library/UserManager.cs                    | 20 ++++++--
 2 files changed, 61 insertions(+), 5 deletions(-)
 create mode 100644 Emby.Server.Implementations/Library/InvalidAuthProvider.cs

diff --git a/Emby.Server.Implementations/Library/InvalidAuthProvider.cs b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
new file mode 100644
index 0000000000..ee25695621
--- /dev/null
+++ b/Emby.Server.Implementations/Library/InvalidAuthProvider.cs
@@ -0,0 +1,46 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Authentication;
+using MediaBrowser.Controller.Entities;
+
+namespace Emby.Server.Implementations.Library
+{
+    public class InvalidAuthProvider : IAuthenticationProvider
+    {
+        public string Name => "InvalidorMissingAuthenticationProvider";
+
+        public bool IsEnabled => true;
+
+        public Task<ProviderAuthenticationResult> Authenticate(string username, string password)
+        {
+            throw new Exception("User Account cannot login with this provider. The Normal provider for this user cannot be found");
+        }
+
+        public Task<bool> HasPassword(User user)
+        {
+            return Task.FromResult(true);
+        }
+
+        public Task ChangePassword(User user, string newPassword)
+        {
+            return Task.FromResult(true);
+        }
+
+        public void ChangeEasyPassword(User user, string newPassword, string newPasswordHash)
+        {
+            // Nothing here   
+        }
+
+        public string GetPasswordHash(User user)
+        {
+            return "";
+        }
+
+        public string GetEasyPasswordHash(User user)
+        {
+            return "";
+        }
+    }
+}
diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index a0b8d4ba42..ca43f7aaa1 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -79,6 +79,8 @@ namespace Emby.Server.Implementations.Library
         private IAuthenticationProvider[] _authenticationProviders;
         private DefaultAuthenticationProvider _defaultAuthenticationProvider;
 
+        private InvalidAuthProvider _invalidAuthProvider;
+
         private IPasswordResetProvider[] _passwordResetProviders;
         private DefaultPasswordResetProvider _defaultPasswordResetProvider;
 
@@ -141,6 +143,8 @@ namespace Emby.Server.Implementations.Library
 
             _defaultAuthenticationProvider = _authenticationProviders.OfType<DefaultAuthenticationProvider>().First();
 
+            _invalidAuthProvider = _authenticationProviders.OfType<InvalidAuthProvider>().First();
+
             _passwordResetProviders = passwordResetProviders.ToArray();
 
             _defaultPasswordResetProvider = passwordResetProviders.OfType<DefaultPasswordResetProvider>().First();
@@ -307,11 +311,14 @@ namespace Emby.Server.Implementations.Library
                     user = Users
                         .FirstOrDefault(i => string.Equals(username, i.Name, StringComparison.OrdinalIgnoreCase));
 
-                    var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
-                    if (hasNewUserPolicy != null)
+                    if (authenticationProvider.GetType() != typeof(InvalidAuthProvider))
                     {
-                        var policy = hasNewUserPolicy.GetNewUserPolicy();
-                        UpdateUserPolicy(user, policy, true);
+                        var hasNewUserPolicy = authenticationProvider as IHasNewUserPolicy;
+                        if (hasNewUserPolicy != null)
+                        {
+                            var policy = hasNewUserPolicy.GetNewUserPolicy();
+                            UpdateUserPolicy(user, policy, true);
+                        }
                     }
                 }
             }
@@ -400,7 +407,10 @@ namespace Emby.Server.Implementations.Library
 
             if (providers.Length == 0)
             {
-                providers = new IAuthenticationProvider[] { _defaultAuthenticationProvider };
+                // this function used to assign any user without an auth provider to the default.
+                // we're going to have it use a new function now.
+                _logger.LogWarning($"The user {user.Name} was found but no Authentication Provider with ID: {user.Policy.AuthenticationProviderId} was found. Assigning user to InvalidAuthProvider temporarily");
+                providers = new IAuthenticationProvider[] { _invalidAuthProvider };
             }
 
             return providers;