From e79f5d8226a0b1f9857671c04541ab936137d5b6 Mon Sep 17 00:00:00 2001
From: Claus Vium <cvium@users.noreply.github.com>
Date: Thu, 2 Feb 2023 15:25:48 +0100
Subject: [PATCH] fix: require current password when admin changes their own
 password (#9238)

Fixes https://github.com/jellyfin/jellyfin/issues/9208
---
 Jellyfin.Api/Controllers/UserController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 568224a424..06f2227b83 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -277,7 +277,7 @@ namespace Jellyfin.Api.Controllers
             }
             else
             {
-                if (!User.IsInRole(UserRoles.Administrator))
+                if (!User.IsInRole(UserRoles.Administrator) || User.GetUserId().Equals(userId))
                 {
                     var success = await _userManager.AuthenticateUser(
                         user.Username,