Sākums Izpētīt Palīdzība
Pierakstīties
mirrors
/
jellyfin
spogulis no https://github.com/jellyfin/jellyfin
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

Revert "Don't set a default reset provider"

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7.

This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.

Removing this in the first place was due to a misunderstanding
anyways so no harm.
Joshua M. Boniface 6 gadi atpakaļ
vecāks
4b8f735cb8
revīzija
2946ae1009
1 mainītis faili ar 5 papildinājumiem un 0 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 5 0
      Emby.Server.Implementations/Library/UserManager.cs

+ 5 - 0
Emby.Server.Implementations/Library/UserManager.cs
Parādīt failu 

@@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
 
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
 
             }
 
 
+            if (providers.Length == 0)
 
+            {
 
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
 
+            }
 
+
 
             return providers;
 
         }