using System; using System.Collections; using System.Collections.Generic; using System.Globalization; using System.IO; using System.Threading.Tasks; using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Extensions; using MediaBrowser.Controller; using MediaBrowser.Controller.Authentication; using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Entities; using MediaBrowser.Controller.Library; using MediaBrowser.Model.Serialization; using MediaBrowser.Model.Users; using ServiceStack; using TvDbSharper.Dto; namespace Emby.Server.Implementations.Library { public class DefaultPasswordResetProvider : IPasswordResetProvider { public string Name => "Default Password Reset Provider"; public bool IsEnabled => true; private readonly string _passwordResetFileBase; private readonly string _passwordResetFileBaseDir; private readonly string _passwordResetFileBaseName = "passwordreset"; private IJsonSerializer _jsonSerializer; private IUserManager _userManager; public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IJsonSerializer jsonSerializer, IUserManager userManager) { _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath; _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, _passwordResetFileBaseName); _jsonSerializer = jsonSerializer; _userManager = userManager; } public async Task RedeemPasswordResetPin(string pin) { HashSet usersreset = new HashSet(); foreach (var resetfile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{_passwordResetFileBaseName}*")) { var spr = (SerializablePasswordReset) _jsonSerializer.DeserializeFromFile(typeof(SerializablePasswordReset), resetfile); if (spr.ExpirationDate > DateTime.Now) { File.Delete(resetfile); } else { if (spr.Pin == pin) { var resetUser = _userManager.GetUserByName(spr.UserName); if (!string.IsNullOrEmpty(resetUser.Password)) { await _userManager.ChangePassword(resetUser, pin).ConfigureAwait(false); usersreset.Add(resetUser.Name); } } } } if (usersreset.Count < 1) { throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}"); } else { return new PinRedeemResult { Success = true, UsersReset = usersreset.ToArray() }; } throw new System.NotImplementedException(); } public async Task StartForgotPasswordProcess(MediaBrowser.Controller.Entities.User user, bool isInNetwork) { string pin = new Random().Next(99999999).ToString("00000000",CultureInfo.InvariantCulture); DateTime expireTime = DateTime.Now.AddMinutes(30); string filePath = _passwordResetFileBase + user.Name.ToLowerInvariant() + ".json"; SerializablePasswordReset spr = new SerializablePasswordReset { ExpirationDate = expireTime, Pin = pin, PinFile = filePath, UserName = user.Name }; try { await Task.Run(() => File.WriteAllText(filePath, _jsonSerializer.SerializeToString(spr))).ConfigureAwait(false); } catch (Exception e) { throw new Exception($"Error serializing or writing password reset for {user.Name} to location:{filePath}", e); } return new ForgotPasswordResult { Action = ForgotPasswordAction.PinCode, PinExpirationDate = expireTime, PinFile = filePath }; } private class SerializablePasswordReset : PasswordPinCreationResult { public string Pin { get; set; } public string UserName { get; set; } } } }