diff --git a/src/Jackett.Common/Services/Interfaces/ISecurityService.cs b/src/Jackett.Common/Services/Interfaces/ISecurityService.cs index ff0f9a6fd..ba03afdc2 100644 --- a/src/Jackett.Common/Services/Interfaces/ISecurityService.cs +++ b/src/Jackett.Common/Services/Interfaces/ISecurityService.cs @@ -4,9 +4,7 @@ namespace Jackett.Common.Services.Interfaces { public interface ISecurityService { - bool CheckAuthorised(HttpRequestMessage request); + bool CheckAuthorised(string password); string HashPassword(string input); - void Login(HttpResponseMessage request); - void Logout(HttpResponseMessage request); } } diff --git a/src/Jackett.Server/Controllers/UIController.cs b/src/Jackett.Server/Controllers/UIController.cs index 484e28559..67c02eb21 100644 --- a/src/Jackett.Server/Controllers/UIController.cs +++ b/src/Jackett.Server/Controllers/UIController.cs @@ -60,10 +60,8 @@ namespace Jackett.Server.Controllers [AllowAnonymous] public async Task Dashboard([FromForm] string password) { - if (password != null && securityService.HashPassword(password) == serverConfig.AdminPassword) - { + if (securityService.CheckAuthorised(password)) await MakeUserAuthenticated(); - } return Redirect("Dashboard"); } diff --git a/src/Jackett.Server/Services/SecurityService.cs b/src/Jackett.Server/Services/SecurityService.cs index 75ae04af1..919699119 100644 --- a/src/Jackett.Server/Services/SecurityService.cs +++ b/src/Jackett.Server/Services/SecurityService.cs @@ -1,5 +1,4 @@ using System.Linq; -using System.Net.Http; using System.Security.Cryptography; using System.Text; using Jackett.Common.Models.Config; @@ -9,55 +8,36 @@ namespace Jackett.Server.Services { internal class SecurityService : ISecurityService { - private const string COOKIENAME = "JACKETT"; private readonly ServerConfig _serverConfig; public SecurityService(ServerConfig sc) => _serverConfig = sc; + public bool CheckAuthorised(string password) + { + if (string.IsNullOrEmpty(_serverConfig.AdminPassword)) + return true; + + if (!string.IsNullOrEmpty(password) && HashPassword(password) == _serverConfig.AdminPassword) + return true; + + return false; + } + public string HashPassword(string input) { if (input == null) return null; - // Append key as salt - input += _serverConfig.APIKey; - - var UE = new UnicodeEncoding(); - byte[] hashValue; - var message = UE.GetBytes(input); + var ue = new UnicodeEncoding(); #pragma warning disable SYSLIB0021 var hashString = new SHA512Managed(); #pragma warning restore SYSLIB0021 - hashValue = hashString.ComputeHash(message); - var hex = ""; - foreach (var x in hashValue) - { - hex += string.Format("{0:x2}", x); - } - return hex; - } - - public void Login(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=" + _serverConfig.AdminPassword + "; path=/"); - - public void Logout(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=; path=/"); - - public bool CheckAuthorised(HttpRequestMessage request) - { - if (string.IsNullOrEmpty(_serverConfig.AdminPassword)) - return true; - - try - { - var cookie = request.Headers.GetValues(COOKIENAME).FirstOrDefault(); - if (cookie != null) - { - return cookie == _serverConfig.AdminPassword; - } - } - catch { } - - return false; + // Append key as salt + input += _serverConfig.APIKey; + var message = ue.GetBytes(input); + var hashValue = hashString.ComputeHash(message); + return hashValue.Aggregate("", (current, x) => current + $"{x:x2}"); } } }