Backport pull request #15254 from jellyfin/release-10.11.z

Update password reset to always return the same response structure Original-merge: 4ad31418753840ca76c52fc2aa56fa1a4235ca87 Merged-by: crobibero <cody@robibe.ro> Backported-by: Joshua M. Boniface <joshua@boniface.me>
author: thornbill <thornbill@users.noreply.github.com> 2025-11-02 21:58:42 -0500
committer: Joshua M. Boniface <joshua@boniface.me> 2025-11-02 21:58:42 -0500
commit: 1ccd10863e24485978a2f5fd7650b2bcf42168d3 (patch)
tree: a873a6328861c1031fe7a7042674836ade24e406 /Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
parent: 4258df4485c928e5a128bfb7c0149ba51b7b33af (diff)
1 files changed, 23 insertions, 17 deletions
diff --git a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
index f20fb2d92..49a9fda94 100644
--- a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.IO;
 using System.Security.Cryptography;
 using System.Text.Json;
@@ -92,33 +93,38 @@ namespace Jellyfin.Server.Implementations.Users
         }
 
         /// <inheritdoc />
-        public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
+        public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User? user, string enteredUsername, bool isInNetwork)
         {
-            byte[] bytes = new byte[4];
-            RandomNumberGenerator.Fill(bytes);
-            string pin = BitConverter.ToString(bytes);
-
             DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
-            string filePath = _passwordResetFileBase + user.Id + ".json";
-            SerializablePasswordReset spr = new SerializablePasswordReset
-            {
-                ExpirationDate = expireTime,
-                Pin = pin,
-                PinFile = filePath,
-                UserName = user.Username
-            };
+            var usernameHash = enteredUsername.ToUpperInvariant().GetMD5().ToString("N", CultureInfo.InvariantCulture);
+            var pinFile = _passwordResetFileBase + usernameHash + ".json";
 
-            FileStream fileStream = AsyncFile.Create(filePath);
-            await using (fileStream.ConfigureAwait(false))
+            if (user is not null && isInNetwork)
             {
-                await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
+                byte[] bytes = new byte[4];
+                RandomNumberGenerator.Fill(bytes);
+                string pin = BitConverter.ToString(bytes);
+
+                SerializablePasswordReset spr = new SerializablePasswordReset
+                {
+                    ExpirationDate = expireTime,
+                    Pin = pin,
+                    PinFile = pinFile,
+                    UserName = user.Username
+                };
+
+                FileStream fileStream = AsyncFile.Create(pinFile);
+                await using (fileStream.ConfigureAwait(false))
+                {
+                    await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
+                }
             }
 
             return new ForgotPasswordResult
             {
                 Action = ForgotPasswordAction.PinCode,
                 PinExpirationDate = expireTime,
-                PinFile = filePath
+                PinFile = pinFile
             };
         }
author	thornbill <thornbill@users.noreply.github.com>	2025-11-02 21:58:42 -0500
committer	Joshua M. Boniface <joshua@boniface.me>	2025-11-02 21:58:42 -0500
commit	1ccd10863e24485978a2f5fd7650b2bcf42168d3 (patch)
tree	a873a6328861c1031fe7a7042674836ade24e406 /Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
parent	4258df4485c928e5a128bfb7c0149ba51b7b33af (diff)