core: clean up login code (#13861)

2025-01-03 05:36:44 +00:00 · 2023-01-07 14:52:15 +01:00 · 2023-01-07 14:52:15 +01:00 · ad635c442b
commit ad635c442b
parent 1ca2edf9b7
3 changed files with 19 additions and 43 deletions
--- a/src/Jackett.Common/Services/Interfaces/ISecurityService.cs
+++ b/src/Jackett.Common/Services/Interfaces/ISecurityService.cs
@ -4,9 +4,7 @@ namespace Jackett.Common.Services.Interfaces
 {
    public interface ISecurityService
    {
-        bool CheckAuthorised(HttpRequestMessage request);
+        bool CheckAuthorised(string password);
        string HashPassword(string input);
-        void Login(HttpResponseMessage request);
-        void Logout(HttpResponseMessage request);
    }
 }
--- a/src/Jackett.Server/Controllers/UIController.cs
+++ b/src/Jackett.Server/Controllers/UIController.cs
@ -60,10 +60,8 @@ namespace Jackett.Server.Controllers
        [AllowAnonymous]
        public async Task<IActionResult> Dashboard([FromForm] string password)
        {
-            if (password != null && securityService.HashPassword(password) == serverConfig.AdminPassword)
-            {
+            if (securityService.CheckAuthorised(password))
                await MakeUserAuthenticated();
-            }

            return Redirect("Dashboard");
        }
--- a/src/Jackett.Server/Services/SecurityService.cs
+++ b/src/Jackett.Server/Services/SecurityService.cs
@ -1,5 +1,4 @@
 using System.Linq;
-using System.Net.Http;
 using System.Security.Cryptography;
 using System.Text;
 using Jackett.Common.Models.Config;
@ -9,55 +8,36 @@ namespace Jackett.Server.Services
 {
    internal class SecurityService : ISecurityService
    {
-        private const string COOKIENAME = "JACKETT";
        private readonly ServerConfig _serverConfig;

        public SecurityService(ServerConfig sc) => _serverConfig = sc;

+        public bool CheckAuthorised(string password)
+        {
+            if (string.IsNullOrEmpty(_serverConfig.AdminPassword))
+                return true;
+
+            if (!string.IsNullOrEmpty(password) && HashPassword(password) == _serverConfig.AdminPassword)
+                return true;
+
+            return false;
+        }
+
        public string HashPassword(string input)
        {
            if (input == null)
                return null;
-            // Append key as salt
-            input += _serverConfig.APIKey;
-
-            var UE = new UnicodeEncoding();
-            byte[] hashValue;
-            var message = UE.GetBytes(input);

+            var ue = new UnicodeEncoding();
 #pragma warning disable SYSLIB0021
            var hashString = new SHA512Managed();
 #pragma warning restore SYSLIB0021

-            hashValue = hashString.ComputeHash(message);
-            var hex = "";
-            foreach (var x in hashValue)
-            {
-                hex += string.Format("{0:x2}", x);
-            }
-            return hex;
-        }
-
-        public void Login(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=" + _serverConfig.AdminPassword + "; path=/");
-
-        public void Logout(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=; path=/");
-
-        public bool CheckAuthorised(HttpRequestMessage request)
-        {
-            if (string.IsNullOrEmpty(_serverConfig.AdminPassword))
-                return true;
-
-            try
-            {
-                var cookie = request.Headers.GetValues(COOKIENAME).FirstOrDefault();
-                if (cookie != null)
-                {
-                    return cookie == _serverConfig.AdminPassword;
-                }
-            }
-            catch { }
-
-            return false;
+            // Append key as salt
+            input += _serverConfig.APIKey;
+            var message = ue.GetBytes(input);
+            var hashValue = hashString.ComputeHash(message);
+            return hashValue.Aggregate("", (current, x) => current + $"{x:x2}");
        }
    }
 }