Home Explore Help
Sign In
mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Revert "Don't set a default reset provider"

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7.

This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.

Removing this in the first place was due to a misunderstanding
anyways so no harm.
Joshua M. Boniface 6 years ago
parent
4b8f735cb8
commit
2946ae1009
1 changed files with 5 additions and 0 deletions
Unified View Show Diff Stats
  1. 5 0
      Emby.Server.Implementations/Library/UserManager.cs

+ 5 - 0
Emby.Server.Implementations/Library/UserManager.cs
View File 

@@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
 
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
 
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
 
             }
 
             }
 
 
 
+            if (providers.Length == 0)
 
+            {
 
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
 
+            }
 
+
 
             return providers;
 
             return providers;
 
         }
 
         }