From 7efa4e38c1c7aa3d234aad929bf6184a408d1428 Mon Sep 17 00:00:00 2001
From: David Ullmer <davidullmer@outlook.de>
Date: Sun, 26 Jun 2022 12:43:17 +0200
Subject: [PATCH] Fix password change during parental schedule

---
 Jellyfin.Api/Controllers/UserController.cs           | 5 +++--
 Jellyfin.Server.Implementations/Users/UserManager.cs | 5 +++--
 MediaBrowser.Controller/Library/IUserManager.cs      | 3 ++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 6d15d91858..6fb295eb89 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -256,7 +256,7 @@ namespace Jellyfin.Api.Controllers
         /// <response code="404">User not found.</response>
         /// <returns>A <see cref="NoContentResult"/> indicating success or a <see cref="ForbidResult"/> or a <see cref="NotFoundResult"/> on failure.</returns>
         [HttpPost("{userId}/Password")]
-        [Authorize(Policy = Policies.DefaultAuthorization)]
+        [Authorize(Policy = Policies.IgnoreParentalControl)]
         [ProducesResponseType(StatusCodes.Status204NoContent)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -287,7 +287,8 @@ namespace Jellyfin.Api.Controllers
                     request.CurrentPw,
                     request.CurrentPw,
                     HttpContext.GetNormalizedRemoteIp().ToString(),
-                    false).ConfigureAwait(false);
+                    false,
+                    ignoreParentalSchedule: true).ConfigureAwait(false);
 
                 if (success == null)
                 {
diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs
index 2100fa6d59..09ee7fc6e6 100644
--- a/Jellyfin.Server.Implementations/Users/UserManager.cs
+++ b/Jellyfin.Server.Implementations/Users/UserManager.cs
@@ -382,7 +382,8 @@ namespace Jellyfin.Server.Implementations.Users
             string password,
             string passwordSha1,
             string remoteEndPoint,
-            bool isUserSession)
+            bool isUserSession,
+            bool ignoreParentalSchedule = false)
         {
             if (string.IsNullOrWhiteSpace(username))
             {
@@ -458,7 +459,7 @@ namespace Jellyfin.Server.Implementations.Users
                 throw new SecurityException("Forbidden.");
             }
 
-            if (!user.IsParentalScheduleAllowed())
+            if (!ignoreParentalSchedule && !user.IsParentalScheduleAllowed())
             {
                 _logger.LogInformation(
                     "Authentication request for {UserName} is not allowed at this time due parental restrictions (IP: {IP}).",
diff --git a/MediaBrowser.Controller/Library/IUserManager.cs b/MediaBrowser.Controller/Library/IUserManager.cs
index 993e3e18f9..7884362635 100644
--- a/MediaBrowser.Controller/Library/IUserManager.cs
+++ b/MediaBrowser.Controller/Library/IUserManager.cs
@@ -138,8 +138,9 @@ namespace MediaBrowser.Controller.Library
         /// <param name="passwordSha1">Hash of password.</param>
         /// <param name="remoteEndPoint">Remove endpoint to use.</param>
         /// <param name="isUserSession">Specifies if a user session.</param>
+        /// <param name="ignoreParentalSchedule">Ignore parental control schedule during authentication.</param>
         /// <returns>User wrapped in awaitable task.</returns>
-        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession);
+        Task<User> AuthenticateUser(string username, string password, string passwordSha1, string remoteEndPoint, bool isUserSession, bool ignoreParentalSchedule = false);
 
         /// <summary>
         /// Starts the forgot password process.