< Summary - Jellyfin

Information
Class: Jellyfin.Server.Implementations.Users.DefaultPasswordResetProvider
Assembly: Jellyfin.Server.Implementations
File(s): /srv/git/jellyfin/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
Line coverage
66%
Covered lines: 4
Uncovered lines: 2
Coverable lines: 6
Total lines: 139
Line coverage: 66.6%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 8/13/2025 - 12:11:40 AM Line coverage: 66.6% (4/6) Total lines: 13311/4/2025 - 12:11:59 AM Line coverage: 66.6% (4/6) Total lines: 139

Metrics

MethodBranch coverage Crap Score Cyclomatic complexity Line coverage
.ctor(...)100%11100%
get_Name()100%210%
get_IsEnabled()100%210%

File(s)

/srv/git/jellyfin/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs

#LineLine coverage
 1using System;
 2using System.Collections.Generic;
 3using System.Globalization;
 4using System.IO;
 5using System.Security.Cryptography;
 6using System.Text.Json;
 7using System.Threading.Tasks;
 8using Jellyfin.Database.Implementations.Entities;
 9using MediaBrowser.Common;
 10using MediaBrowser.Common.Extensions;
 11using MediaBrowser.Controller.Authentication;
 12using MediaBrowser.Controller.Configuration;
 13using MediaBrowser.Controller.Library;
 14using MediaBrowser.Model.IO;
 15using MediaBrowser.Model.Users;
 16
 17namespace Jellyfin.Server.Implementations.Users
 18{
 19    /// <summary>
 20    /// The default password reset provider.
 21    /// </summary>
 22    public class DefaultPasswordResetProvider : IPasswordResetProvider
 23    {
 24        private const string BaseResetFileName = "passwordreset";
 25
 26        private readonly IApplicationHost _appHost;
 27
 28        private readonly string _passwordResetFileBase;
 29        private readonly string _passwordResetFileBaseDir;
 30
 31        /// <summary>
 32        /// Initializes a new instance of the <see cref="DefaultPasswordResetProvider"/> class.
 33        /// </summary>
 34        /// <param name="configurationManager">The configuration manager.</param>
 35        /// <param name="appHost">The application host.</param>
 36        public DefaultPasswordResetProvider(IServerConfigurationManager configurationManager, IApplicationHost appHost)
 37        {
 2138            _passwordResetFileBaseDir = configurationManager.ApplicationPaths.ProgramDataPath;
 2139            _passwordResetFileBase = Path.Combine(_passwordResetFileBaseDir, BaseResetFileName);
 2140            _appHost = appHost;
 41            // TODO: Remove the circular dependency on UserManager
 2142        }
 43
 44        /// <inheritdoc />
 045        public string Name => "Default Password Reset Provider";
 46
 47        /// <inheritdoc />
 048        public bool IsEnabled => true;
 49
 50        /// <inheritdoc />
 51        public async Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
 52        {
 53            var userManager = _appHost.Resolve<IUserManager>();
 54            var usersReset = new List<string>();
 55            foreach (var resetFile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{BaseResetFileName}*"))
 56            {
 57                SerializablePasswordReset spr;
 58                var str = AsyncFile.OpenRead(resetFile);
 59                await using (str.ConfigureAwait(false))
 60                {
 61                    spr = await JsonSerializer.DeserializeAsync<SerializablePasswordReset>(str).ConfigureAwait(false)
 62                        ?? throw new ResourceNotFoundException($"Provided path ({resetFile}) is not valid.");
 63                }
 64
 65                if (spr.ExpirationDate < DateTime.UtcNow)
 66                {
 67                    File.Delete(resetFile);
 68                }
 69                else if (string.Equals(
 70                    spr.Pin.Replace("-", string.Empty, StringComparison.Ordinal),
 71                    pin.Replace("-", string.Empty, StringComparison.Ordinal),
 72                    StringComparison.Ordinal))
 73                {
 74                    var resetUser = userManager.GetUserByName(spr.UserName)
 75                        ?? throw new ResourceNotFoundException($"User with a username of {spr.UserName} not found");
 76
 77                    await userManager.ChangePassword(resetUser, pin).ConfigureAwait(false);
 78                    usersReset.Add(resetUser.Username);
 79                    File.Delete(resetFile);
 80                }
 81            }
 82
 83            if (usersReset.Count < 1)
 84            {
 85                throw new ResourceNotFoundException($"No Users found with a password reset request matching pin {pin}");
 86            }
 87
 88            return new PinRedeemResult
 89            {
 90                Success = true,
 91                UsersReset = usersReset.ToArray()
 92            };
 93        }
 94
 95        /// <inheritdoc />
 96        public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User? user, string enteredUsername, bool isIn
 97        {
 98            DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
 99            var usernameHash = enteredUsername.ToUpperInvariant().GetMD5().ToString("N", CultureInfo.InvariantCulture);
 100            var pinFile = _passwordResetFileBase + usernameHash + ".json";
 101
 102            if (user is not null && isInNetwork)
 103            {
 104                byte[] bytes = new byte[4];
 105                RandomNumberGenerator.Fill(bytes);
 106                string pin = BitConverter.ToString(bytes);
 107
 108                SerializablePasswordReset spr = new SerializablePasswordReset
 109                {
 110                    ExpirationDate = expireTime,
 111                    Pin = pin,
 112                    PinFile = pinFile,
 113                    UserName = user.Username
 114                };
 115
 116                FileStream fileStream = AsyncFile.Create(pinFile);
 117                await using (fileStream.ConfigureAwait(false))
 118                {
 119                    await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
 120                }
 121            }
 122
 123            return new ForgotPasswordResult
 124            {
 125                Action = ForgotPasswordAction.PinCode,
 126                PinExpirationDate = expireTime,
 127                PinFile = pinFile
 128            };
 129        }
 130
 131#nullable disable
 132        private class SerializablePasswordReset : PasswordPinCreationResult
 133        {
 134            public string Pin { get; set; }
 135
 136            public string UserName { get; set; }
 137        }
 138    }
 139}
Generated by: ReportGenerator 5.4.18.0
11/21/2025 - 12:09:55 AM
GitHub | reportgenerator.io

Methods/Properties

.ctor(MediaBrowser.Controller.Configuration.IServerConfigurationManager,MediaBrowser.Common.IApplicationHost)
get_Name()
get_IsEnabled()