Начало Каталог Помощ
Вход
mirrors
/
jellyfin
огледало от https://github.com/jellyfin/jellyfin
2
0
Разклонения 0
Файлове Задачи 0 Уики
Преглед на файлове

Revert "Don't set a default reset provider"

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7.

This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.

Removing this in the first place was due to a misunderstanding
anyways so no harm.
Joshua M. Boniface преди 6 години
родител
4b8f735cb8
ревизия
2946ae1009
променени са 1 файла, в които са добавени 5 реда и са изтрити 0 реда
Обединен изглед Покажи статистика за разликите
  1. 5 0
      Emby.Server.Implementations/Library/UserManager.cs

+ 5 - 0
Emby.Server.Implementations/Library/UserManager.cs
Целия файл 

@@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
 
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
 
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
 
             }
 
             }
 
 
 
+            if (providers.Length == 0)
 
+            {
 
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
 
+            }
 
+
 
             return providers;
 
             return providers;
 
         }
 
         }