From 57d8452e2a093c733d25d662e72f43a4c4c55eea Mon Sep 17 00:00:00 2001 From: cvium Date: Fri, 26 May 2023 19:52:27 +0200 Subject: [PATCH 1/2] refactor: admin users must have a non-empty password --- Jellyfin.Server.Implementations/Users/UserManager.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs index c4756433e0..04c3d8a70d 100644 --- a/Jellyfin.Server.Implementations/Users/UserManager.cs +++ b/Jellyfin.Server.Implementations/Users/UserManager.cs @@ -278,6 +278,10 @@ namespace Jellyfin.Server.Implementations.Users public async Task ChangePassword(User user, string newPassword) { ArgumentNullException.ThrowIfNull(user); + if (user.HasPermission(PermissionKind.IsAdministrator) && string.IsNullOrWhiteSpace(newPassword)) + { + throw new ArgumentException("Admin user passwords must not be empty", nameof(newPassword)); + } await GetAuthenticationProvider(user).ChangePassword(user, newPassword).ConfigureAwait(false); await UpdateUserAsync(user).ConfigureAwait(false); From 29ef02af9a1c2f2ff51b5cd34a9074943cdc1d1f Mon Sep 17 00:00:00 2001 From: cvium Date: Fri, 26 May 2023 21:50:51 +0200 Subject: [PATCH 2/2] do not allow empty admin password during wizard --- Jellyfin.Api/Controllers/StartupController.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs index aab390d1f9..1098733b2c 100644 --- a/Jellyfin.Api/Controllers/StartupController.cs +++ b/Jellyfin.Api/Controllers/StartupController.cs @@ -131,6 +131,10 @@ public class StartupController : BaseJellyfinApiController public async Task UpdateStartupUser([FromBody] StartupUserDto startupUserDto) { var user = _userManager.Users.First(); + if (string.IsNullOrWhiteSpace(startupUserDto.Password)) + { + return BadRequest("Password must not be empty"); + } if (startupUserDto.Name is not null) {