jellyfin · crobibero · Feb 15, 2022 · Feb 8, 2022
diff --git a/LDAP-Auth/Api/LdapController.cs b/LDAP-Auth/Api/LdapController.cs
@@ -60,6 +60,7 @@ public IActionResult TestServerBind([FromBody] ServerConnectionInfo body)
             configuration.LdapBindUser = body.LdapBindUser;
             configuration.LdapBindPassword = body.LdapBindPassword;
             configuration.LdapBaseDn = body.LdapBaseDn;
+            configuration.PasswordResetUrl = body.PasswordResetUrl;
             LdapPlugin.Instance.UpdateConfiguration(configuration);
 
             return Ok(_ldapAuthenticationProvider.TestServerBind());

diff --git a/LDAP-Auth/Api/Models/ServerConnectionInfo.cs b/LDAP-Auth/Api/Models/ServerConnectionInfo.cs
@@ -53,5 +53,10 @@ public class ServerConnectionInfo
         /// </summary>
         [Required]
         public string LdapBaseDn { get; set; }
+
+        /// <summary>
+        /// Gets or sets the password reset url.
+        /// </summary>
+        public string PasswordResetUrl { get; set; }
     }
 }
diff --git a/LDAP-Auth/Config/PluginConfiguration.cs b/LDAP-Auth/Config/PluginConfiguration.cs
@@ -109,5 +109,10 @@ public PluginConfiguration()
         /// Gets or sets a list of folder Ids which are enabled for access by default.
         /// </summary>
         public string[] EnabledFolders { get; set; }
+
+        /// <summary>
+        /// Gets or sets the password reset url.
+        /// </summary>
+        public string PasswordResetUrl { get; set; }
     }
 }
diff --git a/LDAP-Auth/Config/configPage.html b/LDAP-Auth/Config/configPage.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en">
+<html lang="en" xmlns="http://www.w3.org/1999/html">
 <head>
     <title>LDAP</title>
 </head>
@@ -45,6 +45,15 @@ <h2 class="sectionTitle">LDAP Settings:</h2>
                                     </label>
                                     <div class="fieldDescription checkboxFieldDescription">Skip verification of connection certificate when using SSL/STARTTLS.</div>
                                 </div>
+                                <div class="inputContainer fldExternalAddressFilter">
+                                    <input is="emby-input" type="text" id="txtLdapPasswordResetUrl" label="Password Reset Url:" />
+                                    <div class="fieldDescription">
+                                        The url for password reset.
+                                        </br>Placeholders:
+                                        </br>- $userId
+                                        </br>- $userName
+                                    </div>
+                                </div>
                                 <div class="inputContainer fldExternalAddressFilter">
                                     <input is="emby-input" type="text" id="txtLdapBindUser" label="LDAP Bind User:" />
                                     <div class="fieldDescription">A bind user for LDAP search queries, required if your LDAP doesn't support anonymous bind.</div>
@@ -168,6 +177,7 @@ <h2>${HeaderLibraryAccess}</h2>
                 txtLdapUsernameAttribute: document.querySelector("#txtLdapUsernameAttribute"),
                 chkEnableAllFolders: document.querySelector('#chkEnableAllFolders'),
                 folderAccessList: document.querySelector('.folderAccess'),
+                txtPasswordResetUrl: document.querySelector("#txtLdapPasswordResetUrl")
             };
 
             document.querySelector('.esqConfigurationPage').addEventListener("pageshow", function () {
@@ -196,6 +206,7 @@ <h2>${HeaderLibraryAccess}</h2>
                     LdapConfigurationPage.chkEnableAllFolders.checked = config.EnableAllFolders;
                     /* Default to empty array if Enabled Folders is not set */
                     config.EnabledFolders = config.EnabledFolders || [];
+                    LdapConfigurationPage.txtPasswordResetUrl.value = config.PasswordResetUrl || '';
                     loadMediaFolders(config).then(() => {
                       Dashboard.hideLoadingMsg();
                     });
@@ -277,6 +288,7 @@ <h2>${HeaderLibraryAccess}</h2>
                     folders = Array.prototype.filter.call(folders, folder => folder.checked)
                       .map(folder => folder.getAttribute("data-id"));
                     config.EnabledFolders = folders;
+                    config.PasswordResetUrl = LdapConfigurationPage.txtPasswordResetUrl;
                     window.ApiClient.updatePluginConfiguration(LdapConfigurationPage.pluginUniqueId, config).then(Dashboard.processPluginConfigurationUpdateResult);
                 });
 
@@ -301,6 +313,7 @@ <h2>${HeaderLibraryAccess}</h2>
                     LdapBindUser: LdapConfigurationPage.txtLdapBindUser.value,
                     LdapBindPassword: LdapConfigurationPage.txtLdapBindPassword.value,
                     LdapBaseDn: LdapConfigurationPage.txtLdapBaseDn.value,
+                    PasswordResetUrl: LdapConfigurationPage.txtPasswordResetUrl.value,
                 }
 
                 const handler = response => response.json().then(res => {

diff --git a/LDAP-Auth/LDAPAuthenticationProviderPlugin.cs b/LDAP-Auth/LDAPAuthenticationProviderPlugin.cs
@@ -8,6 +8,7 @@
 using MediaBrowser.Common;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Library;
+using MediaBrowser.Model.Users;
 using Microsoft.Extensions.Logging;
 using Novell.Directory.Ldap;
 
@@ -16,7 +17,7 @@ namespace Jellyfin.Plugin.LDAP_Auth
     /// <summary>
     /// Ldap Authentication Provider Plugin.
     /// </summary>
-    public class LdapAuthenticationProviderPlugin : IAuthenticationProvider
+    public class LdapAuthenticationProviderPlugin : IAuthenticationProvider, IPasswordResetProvider
     {
         private readonly ILogger<LdapAuthenticationProviderPlugin> _logger;
         private readonly IApplicationHost _applicationHost;
@@ -128,7 +129,9 @@ public async Task<ProviderAuthenticationResult> Authenticate(string username, st
                 if (LdapPlugin.Instance.Configuration.CreateUsersFromLdap)
                 {
                     user = await userManager.CreateUserAsync(ldapUsername).ConfigureAwait(false);
-                    user.AuthenticationProviderId = GetType().FullName;
+                    var providerName = GetType().FullName!;
+                    user.AuthenticationProviderId = providerName;
+                    user.PasswordResetProviderId = providerName;
                     user.SetPermission(PermissionKind.IsAdministrator, ldapIsAdmin);
                     user.SetPermission(PermissionKind.EnableAllFolders, LdapPlugin.Instance.Configuration.EnableAllFolders);
                     if (!LdapPlugin.Instance.Configuration.EnableAllFolders)
@@ -285,6 +288,34 @@ public LdapEntry LocateLdapUser(string username)
             return ldapUser;
         }
 
+        /// <inheritdoc />
+        public Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
+        {
+            var resetUrl = LdapPlugin.Instance.Configuration.PasswordResetUrl;
+            if (string.IsNullOrEmpty(resetUrl))
+            {
+                throw new NotImplementedException();
+            }
+
+            resetUrl = resetUrl
+                .Replace("$userId", user.Id.ToString(), StringComparison.OrdinalIgnoreCase)
+                .Replace("$userName", user.Username, StringComparison.OrdinalIgnoreCase);
+
+            var result = new ForgotPasswordResult
+            {
+                Action = ForgotPasswordAction.PinCode,
+                PinFile = resetUrl
+            };
+
+            return Task.FromResult(result);
+        }
+
+        /// <inheritdoc />
+        public Task<PinRedeemResult> RedeemPasswordResetPin(string pin)
+        {
+            throw new NotImplementedException();
+        }
+
         private LdapAttribute GetAttribute(LdapEntry userEntry, string attr)
         {
             var attributeSet = userEntry.GetAttributeSet();