From 62ee9d8cdbf227c4f6c6b3899fe5e8d5fd7e8a1a Mon Sep 17 00:00:00 2001
From: Jamie <tidusjar@gmail.com>
Date: Thu, 18 Jan 2018 08:23:45 +0000
Subject: [PATCH] Hide the password field if it's not needed #1815

---
 .../Authentication/OmbiUserManager.cs         | 32 ++++++++++++-------
 src/Ombi/ClientApp/app/auth/auth.service.ts   |  4 +++
 .../ClientApp/app/login/login.component.html  |  4 +--
 .../ClientApp/app/login/login.component.ts    | 30 +++++++++++------
 src/Ombi/Controllers/SettingsController.cs    |  1 +
 src/Ombi/Controllers/TokenController.cs       | 21 ++++++++++++
 6 files changed, 68 insertions(+), 24 deletions(-)

diff --git a/src/Ombi.Core/Authentication/OmbiUserManager.cs b/src/Ombi.Core/Authentication/OmbiUserManager.cs
index 522ffb899..b9453749d 100644
--- a/src/Ombi.Core/Authentication/OmbiUserManager.cs
+++ b/src/Ombi.Core/Authentication/OmbiUserManager.cs
@@ -64,19 +64,11 @@ namespace Ombi.Core.Authentication
 
         public override async Task<bool> CheckPasswordAsync(OmbiUser user, string password)
         {
-            var authSettings = await _authSettings.GetSettingsAsync();
-            if (authSettings.AllowNoPassword)
+            var requiresPassword = await RequiresPassword(user);
+            if (!requiresPassword)
             {
-                // Check their roles
-                var roles = await GetRolesAsync(user);
-                if (roles.Contains(OmbiRoles.Admin) || roles.Contains(OmbiRoles.PowerUser))
-                {
-                    // Do nothing, let it continue to check the password
-                }
-                else
-                {
-                    return true;
-                }
+                // Let them through!
+                return true;
             }
             if (user.UserType == UserType.LocalUser)
             {
@@ -93,6 +85,22 @@ namespace Ombi.Core.Authentication
             return false;
         }
 
+        public async Task<bool> RequiresPassword(OmbiUser user)
+        {
+            var authSettings = await _authSettings.GetSettingsAsync();
+            if (authSettings.AllowNoPassword)
+            {
+                var roles = await GetRolesAsync(user);
+                if (roles.Contains(OmbiRoles.Admin) || roles.Contains(OmbiRoles.PowerUser))
+                {
+                    // We require a password
+                    return true;
+                }
+                return false;
+            }
+            return true;
+        }
+
         /// <summary>
         /// Sign the user into plex and make sure we can get the authentication token.
         /// <remarks>We do not check if the user is in the owners "friends" since they must have a local user account to get this far</remarks>
diff --git a/src/Ombi/ClientApp/app/auth/auth.service.ts b/src/Ombi/ClientApp/app/auth/auth.service.ts
index 6249edc5b..b9899c9a4 100644
--- a/src/Ombi/ClientApp/app/auth/auth.service.ts
+++ b/src/Ombi/ClientApp/app/auth/auth.service.ts
@@ -18,6 +18,10 @@ export class AuthService extends ServiceHelpers {
         return this.http.post(`${this.url}/`, JSON.stringify(login), {headers: this.headers});
     }
 
+    public requiresPassword(login: IUserLogin): Observable<boolean> {
+        return this.http.post<boolean>(`${this.url}/requirePassword`, JSON.stringify(login), {headers: this.headers});
+    }
+
     public loggedIn() {    
         const token: string = this.jwtHelperService.tokenGetter();
         
diff --git a/src/Ombi/ClientApp/app/login/login.component.html b/src/Ombi/ClientApp/app/login/login.component.html
index a000971ce..80c48cabd 100644
--- a/src/Ombi/ClientApp/app/login/login.component.html
+++ b/src/Ombi/ClientApp/app/login/login.component.html
@@ -12,11 +12,11 @@ include the remember me checkbox
             <div *ngIf="customizationSettings.logo"><img id="profile-img" class="center" [src]="customizationSettings.logo" /></div>
             <p id="profile-name" class="profile-name-card"></p>
 
-            <form class="form-signin" novalidate [formGroup]="form" (ngSubmit)="onSubmit(form)">
+            <form *ngIf="authenticationSettings" class="form-signin" novalidate [formGroup]="form" (ngSubmit)="onSubmit(form)">
                 
                
                 <input type="email" id="inputEmail" class="form-control" formControlName="username" [attr.placeholder]="'Login.UsernamePlaceholder' | translate" autofocus>
-                <input type="password" id="inputPassword" class="form-control" formControlName="password" [attr.placeholder]="'Login.PasswordPlaceholder' | translate">
+                <input *ngIf="!authenticationSettings.allowNoPassword" type="password" id="inputPassword" class="form-control" formControlName="password" [attr.placeholder]="'Login.PasswordPlaceholder' | translate">
                 <div class="form-group">
                     <div class="checkbox">
                         <input type="checkbox" id="RememberMe" formControlName="rememberMe" >
diff --git a/src/Ombi/ClientApp/app/login/login.component.ts b/src/Ombi/ClientApp/app/login/login.component.ts
index 4f12bba03..357a8ca9f 100644
--- a/src/Ombi/ClientApp/app/login/login.component.ts
+++ b/src/Ombi/ClientApp/app/login/login.component.ts
@@ -5,7 +5,7 @@ import { TranslateService } from "@ngx-translate/core";
 
 import { PlatformLocation } from "@angular/common";
 import { AuthService } from "../auth/auth.service";
-import { ICustomizationSettings } from "../interfaces";
+import { IAuthenticationSettings, ICustomizationSettings } from "../interfaces";
 import { NotificationService } from "../services";
 import { SettingsService } from "../services";
 import { StatusService } from "../services";
@@ -21,6 +21,7 @@ export class LoginComponent implements OnInit {
 
     public form: FormGroup;
     public customizationSettings: ICustomizationSettings;
+    public authenticationSettings: IAuthenticationSettings;
     public background: any;
     public landingFlag: boolean;
     public baseUrl: string;
@@ -61,6 +62,7 @@ export class LoginComponent implements OnInit {
     }
 
     public ngOnInit() {
+        this.settingsService.getAuthentication().subscribe(x => this.authenticationSettings = x);
         this.settingsService.getCustomization().subscribe(x => this.customizationSettings = x);
         this.images.getRandomBackground().subscribe(x => {
             this.background = this.sanitizer.bypassSecurityTrustStyle("linear-gradient(-10deg, transparent 20%, rgba(0,0,0,0.7) 20.0%, rgba(0,0,0,0.7) 80.0%, transparent 80%),url(" + x.url + ")");
@@ -80,16 +82,24 @@ export class LoginComponent implements OnInit {
             return;
         }
         const value = form.value;
-        this.authService.login({ password: value.password, username: value.username, rememberMe:value.rememberMe })
-            .subscribe(x => {
-                localStorage.setItem("id_token", x.access_token);
+        const user = { password: value.password, username: value.username, rememberMe:value.rememberMe };
+        this.authService.requiresPassword(user).subscribe(x => {
+            if(x && this.authenticationSettings.allowNoPassword) {
+                // Looks like this user requires a password
+                this.authenticationSettings.allowNoPassword = false;
+                return;
+            }
+            this.authService.login(user)
+                .subscribe(x => {
+                    localStorage.setItem("id_token", x.access_token);
 
-                if (this.authService.loggedIn()) {
-                    this.router.navigate(["search"]);
-                } else {
-                    this.notify.error(this.errorBody);
-                }
+                    if (this.authService.loggedIn()) {
+                        this.router.navigate(["search"]);
+                    } else {
+                        this.notify.error(this.errorBody);
+                    }
 
-            }, err => this.notify.error(this.errorBody));
+                }, err => this.notify.error(this.errorBody));
+        });
     }
 }
diff --git a/src/Ombi/Controllers/SettingsController.cs b/src/Ombi/Controllers/SettingsController.cs
index 02c1f1314..d1522e361 100644
--- a/src/Ombi/Controllers/SettingsController.cs
+++ b/src/Ombi/Controllers/SettingsController.cs
@@ -317,6 +317,7 @@ namespace Ombi.Controllers
         /// </summary>
         /// <returns></returns>
         [HttpGet("authentication")]
+        [AllowAnonymous]
         public async Task<AuthenticationSettings> AuthenticationsSettings()
         {
             return await Get<AuthenticationSettings>();
diff --git a/src/Ombi/Controllers/TokenController.cs b/src/Ombi/Controllers/TokenController.cs
index a8d47f524..93e8a025e 100644
--- a/src/Ombi/Controllers/TokenController.cs
+++ b/src/Ombi/Controllers/TokenController.cs
@@ -15,6 +15,7 @@ using Ombi.Models;
 using Ombi.Models.Identity;
 using Ombi.Store.Entities;
 using Ombi.Store.Repository;
+using StackExchange.Profiling.Helpers;
 
 namespace Ombi.Controllers
 {
@@ -129,6 +130,26 @@ namespace Ombi.Controllers
             throw new NotImplementedException();
         }
 
+        [HttpPost("requirePassword")]
+        public async Task<bool> DoesUserRequireAPassword([FromBody] UserAuthModel model)
+        {
+            var user = await _userManager.FindByNameAsync(model.Username);
+
+            if (user == null)
+            {
+                // Could this be an email login?
+                user = await _userManager.FindByEmailAsync(model.Username);
+
+                if (user == null)
+                {
+                    return true;
+                }
+            }
+
+            var requires = await _userManager.RequiresPassword(user);
+            return requires;
+        }
+
         public class TokenRefresh
         {
             public string Token { get; set; }