3 년 전 · 5f3dbd8294
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -282,17 +282,20 @@ namespace Jellyfin.Api.Controllers
 
				             }
			
 
				             else
			
 
				             {
			
 
				-                var success = await _userManager.AuthenticateUser(
			
 
				-                    user.Username,
			
 
				-                    request.CurrentPw,
			
 
				-                    request.CurrentPw,
			
 
				-                    HttpContext.GetNormalizedRemoteIp().ToString(),
			
 
				-                    false,
			
 
				-                    ignoreParentalSchedule: true).ConfigureAwait(false);
			
 
				-
			
 
				-                if (success == null)
			
 
				+                if (await RequestHelpers.IsUserAdministrator(_authContext, HttpContext.Request).ConfigureAwait(false))
			
 
				                 {
			
 
				-                    return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
			
 
				+                    var success = await _userManager.AuthenticateUser(
			
 
				+                        user.Username,
			
 
				+                        request.CurrentPw,
			
 
				+                        request.CurrentPw,
			
 
				+                        HttpContext.GetNormalizedRemoteIp().ToString(),
			
 
				+                        false,
			
 
				+                        ignoreParentalSchedule: true).ConfigureAwait(false);
			
 
				+
			
 
				+                    if (success == null)
			
 
				+                    {
			
 
				+                        return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
			
 
				+                    }
			
 
				                 }
			
 
				 
			
 
				                 await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
			
--- a/Jellyfin.Api/Helpers/RequestHelpers.cs
+++ b/Jellyfin.Api/Helpers/RequestHelpers.cs
@@ -76,6 +76,18 @@ namespace Jellyfin.Api.Helpers
 
				             return true;
			
 
				         }
			
 
				 
			
 
				+        /// <summary>
			
 
				+        /// Checks if the user is administrator.
			
 
				+        /// </summary>
			
 
				+        /// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
			
 
				+        /// <param name="requestContext">The <see cref="HttpRequest"/>.</param>
			
 
				+        /// <returns>A <see cref="bool"/> whether the user can update the entry.</returns>
			
 
				+        internal static async Task<bool> IsUserAdministrator(IAuthorizationContext authContext, HttpRequest requestContext)
			
 
				+        {
			
 
				+            var auth = await authContext.GetAuthorizationInfo(requestContext).ConfigureAwait(false);
			
 
				+            return auth.User.HasPermission(PermissionKind.IsAdministrator);
			
 
				+        }
			
 
				+
			
 
				         internal static async Task<SessionInfo> GetSession(ISessionManager sessionManager, IAuthorizationContext authContext, HttpRequest request)
			
 
				         {
			
 
				             var authorization = await authContext.GetAuthorizationInfo(request).ConfigureAwait(false);