Rollback changes in IUserManager

2 years ago · 81e535fc62
parent f9d26ea1bc
commit 81e535fc62
3 changed files with 6 additions and 9 deletions
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@ -256,7 +256,7 @@ namespace Jellyfin.Api.Controllers
        /// <response code="404">User not found.</response>
        /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
        [HttpPost("{userId}/Password")]
-        [Authorize(Policy = Policies.IgnoreParentalControl)]
+        [Authorize(Policy = Policies.DefaultAuthorization)]
        [ProducesResponseType(StatusCodes.Status204NoContent)]
        [ProducesResponseType(StatusCodes.Status403Forbidden)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
@ -282,15 +282,14 @@ namespace Jellyfin.Api.Controllers
            }
            else
            {
-                if (HttpContext.User.IsInRole(UserRoles.Administrator))
+                if (!HttpContext.User.IsInRole(UserRoles.Administrator))
                {
                    var success = await _userManager.AuthenticateUser(
                        user.Username,
                        request.CurrentPw,
                        request.CurrentPw,
                        HttpContext.GetNormalizedRemoteIp().ToString(),
-                        false,
+                        false).ConfigureAwait(false);
                        ignoreParentalSchedule: true).ConfigureAwait(false);
                    if (success == null)
                    {
--- a/Jellyfin.Server.Implementations/Users/UserManager.cs
+++ b/Jellyfin.Server.Implementations/Users/UserManager.cs
@ -382,8 +382,7 @@ namespace Jellyfin.Server.Implementations.Users
            string password,
            string passwordSha1,
            string remoteEndPoint,
-            bool isUserSession,
+            bool isUserSession)
            bool ignoreParentalSchedule = false)
        {
            if (string.IsNullOrWhiteSpace(username))
            {
@ -459,7 +458,7 @@ namespace Jellyfin.Server.Implementations.Users
                throw new SecurityException("Forbidden.");
            }
-            if (!ignoreParentalSchedule && !user.IsParentalScheduleAllowed())
+            if (!user.IsParentalScheduleAllowed())
            {
                _logger.LogInformation(
                    "Authentication request for {UserName} is not allowed at this time due parental restrictions (IP: {IP}).",
--- a/MediaBrowser.Controller/Library/IUserManager.cs
+++ b/MediaBrowser.Controller/Library/IUserManager.cs
@ -138,9 +138,8 @@ namespace MediaBrowser.Controller.Library
        /// <param name="passwordSha1">Hash of password.</param>
        /// <param name="remoteEndPoint">Remove endpoint to use.</param>
        /// <param name="isUserSession">Specifies if a user session.</param>
        /// <param name="ignoreParentalSchedule">Ignore parental control schedule during authentication.</param>
        /// <returns>User wrapped in awaitable task.</returns>
-        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession, bool ignoreParentalSchedule = false);
+        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
        /// <summary>
        /// Starts the forgot password process.