From b7206b4816b5faf697035d2a80554069e452edfb Mon Sep 17 00:00:00 2001 From: Joshua Boniface Date: Wed, 20 Jul 2022 19:29:06 -0400 Subject: [PATCH] Backport pull request #8013 from jellyfin/release-10.8.z Fix password change during parental control schedule Authored-by: David Ullmer Merged-by: Bond-009 Original-merge: 84a1674f391d344c251c2c949cb227a9318536eb --- Jellyfin.Api/Controllers/UserController.cs | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs index 6d15d91858..82c8563a80 100644 --- a/Jellyfin.Api/Controllers/UserController.cs +++ b/Jellyfin.Api/Controllers/UserController.cs @@ -282,16 +282,19 @@ namespace Jellyfin.Api.Controllers } else { - var success = await _userManager.AuthenticateUser( - user.Username, - request.CurrentPw, - request.CurrentPw, - HttpContext.GetNormalizedRemoteIp().ToString(), - false).ConfigureAwait(false); - - if (success == null) + if (!HttpContext.User.IsInRole(UserRoles.Administrator)) { - return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered."); + var success = await _userManager.AuthenticateUser( + user.Username, + request.CurrentPw, + request.CurrentPw, + HttpContext.GetNormalizedRemoteIp().ToString(), + false).ConfigureAwait(false); + + if (success == null) + { + return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered."); + } } await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);