github-mirrors/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-04-24 05:57:20 -04:00
Code Issues Projects Releases Packages Wiki Activity

Allow administrator to always change password

Browse source
This commit is contained in:
David Ullmer 2022-07-04 18:16:36 +02:00
parent 7efa4e38c1
commit 5f3dbd8294
No known key found for this signature in database
GPG key ID: 4AEABE3359D5883C
2 changed files with 25 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

23
Jellyfin.Api/Controllers/UserController.cs
View file

@ -282,17 +282,20 @@ namespace Jellyfin.Api.Controllers
}
else
{
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false,
ignoreParentalSchedule: true).ConfigureAwait(false);
if (success == null)
if (await RequestHelpers.IsUserAdministrator(_authContext, HttpContext.Request).ConfigureAwait(false))
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
var success = await _userManager.AuthenticateUser(
user.Username,
request.CurrentPw,
request.CurrentPw,
HttpContext.GetNormalizedRemoteIp().ToString(),
false,
ignoreParentalSchedule: true).ConfigureAwait(false);
if (success == null)
{
return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
}
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);

12
Jellyfin.Api/Helpers/RequestHelpers.cs
View file

@ -76,6 +76,18 @@ namespace Jellyfin.Api.Helpers
return true;
}
/// <summary>
/// Checks if the user is administrator.
/// </summary>
/// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
/// <param name="requestContext">The <see cref="HttpRequest"/>.</param>
/// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
internal static async Task<bool> IsUserAdministrator(IAuthorizationContext authContext, HttpRequest requestContext)
{
var auth = await authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
return auth.User.HasPermission(PermissionKind.IsAdministrator);
}
internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
{
var authorization = await authContext.GetAuthorizationInfo(request).ConfigureAwait(false);