From 2946ae10092cddadade4c84cfa000129bf117e03 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 9 Jun 2019 15:27:38 -0400
Subject: [PATCH] Revert "Don't set a default reset provider"

This reverts commit c230d49d7c37d4fbe77676b835c3afd6c8cb56e7.

This reenables an edge case where an admin might want to reset, with
the default auth provider, the password of an externally-provided
user so they could "unlock" the account while it was failing. There
might be minor security implications to this, but the malicious
actor would need FS access to do it (as they would with any password
resets) so it's probably best to keep it as-is.

Removing this in the first place was due to a misunderstanding
anyways so no harm.
---
 Emby.Server.Implementations/Library/UserManager.cs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Emby.Server.Implementations/Library/UserManager.cs b/Emby.Server.Implementations/Library/UserManager.cs
index 16becbd526..ff375e5900 100644
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -422,6 +422,11 @@ namespace Emby.Server.Implementations.Library
                 providers = providers.Where(i => string.Equals(passwordResetProviderId, GetPasswordResetProviderId(i), StringComparison.OrdinalIgnoreCase)).ToArray();
             }
 
+            if (providers.Length == 0)
+            {
+                providers = new IPasswordResetProvider[] { _defaultPasswordResetProvider };
+            }
+
             return providers;
         }