Revert "Don't set a default reset provider"

This reverts commit c230d49d7c. This reenables an edge case where an admin might want to reset, with the default auth provider, the password of an externally-provided user so they could "unlock" the account while it was failing. There might be minor security implications to this, but the malicious actor would need FS access to do it (as they would with any password resets) so it's probably best to keep it as-is. Removing this in the first place was due to a misunderstanding anyways so no harm.
2024-07-08 23:00:51 +02:00 · 2019-06-09 15:27:38 -04:00 · 2019-06-09 15:27:38 -04:00 · 2946ae1009
parent 4b8f735cb8
commit 2946ae1009
1 changed files with 5 additions and 0 deletions
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
                providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
            }

+            if (providers.Length == 0)
+            {
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
+            }
+
            return providers;
        }