Backport pull request #8013 from jellyfin/release-10.8.z

Fix password change during parental control schedule Authored-by: David Ullmer <davidullmer@outlook.de> Merged-by: Bond-009 <bond.009@outlook.com> Original-merge: 84a1674f39
2 years ago · b7206b4816
parent 81e164ebc8
commit b7206b4816
1 changed files with 12 additions and 9 deletions
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@ -282,16 +282,19 @@ namespace Jellyfin.Api.Controllers
            }
            else
            {
-                var success = await _userManager.AuthenticateUser(
-                    user.Username,
-                    request.CurrentPw,
-                    request.CurrentPw,
-                    HttpContext.GetNormalizedRemoteIp().ToString(),
-                    false).ConfigureAwait(false);
-
-                if (success == null)
+                if (!HttpContext.User.IsInRole(UserRoles.Administrator))
                {
-                    return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    var success = await _userManager.AuthenticateUser(
+                        user.Username,
+                        request.CurrentPw,
+                        request.CurrentPw,
+                        HttpContext.GetNormalizedRemoteIp().ToString(),
+                        false).ConfigureAwait(false);
+
+                    if (success == null)
+                    {
+                        return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    }
                }

                await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);