open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow administrator to always change password

Browse Source
pull/8013/head
David Ullmer 2 years ago
parent 7efa4e38c1
commit 5f3dbd8294
No known key found for this signature in database
GPG Key ID: 4AEABE3359D5883C
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File

23
Jellyfin.Api/Controllers/UserController.cs
Unescape View File

@ -282,17 +282,20 @@ namespace Jellyfin.Api.Controllers
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false,
ignoreParentalSchedule: true).ConfigureAwait(false);
if (success == null)
if (await RequestHelpers.IsUserAdministrator(_authContext, HttpContext.Request).ConfigureAwait(false))
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false,
ignoreParentalSchedule: true).ConfigureAwait(false);
if (success == null)
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
}
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);

12
Jellyfin.Api/Helpers/RequestHelpers.cs
Unescape View File

@ -76,6 +76,18 @@ namespace Jellyfin.Api.Helpers
return true;
}
/// <summary>
/// Checks if the user is administrator.
/// </summary>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="requestContext">The <see cref="HttpRequest"/>.</param>
/// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
internal static async Task<bool> IsUserAdministrator(IAuthorizationContext authContext, HttpRequest requestContext)
{
var auth = await authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
return auth.User.HasPermission(PermissionKind.IsAdministrator);
}
internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
{
var authorization = await authContext.GetAuthorizationInfo(request).ConfigureAwait(false);

Write Preview
Loading…
Cancel
Save