Merge pull request #1 from JinYi-Tsinghua/patch-1

Patch 1
author: JinYi-Tsinghua <109143373+JinYi-Tsinghua@users.noreply.github.com> 2022-08-29 02:32:16 +0000
committer: GitHub <noreply@github.com> 2022-08-29 02:32:16 +0000
commit: f1bfbff9530d6b04518b7a601a1015c7a8d1443e (patch)
tree: eedd01e775ab5b0d2852483584b786dfcac38996 /Jellyfin.Api/Controllers/UserController.cs
parent: a94aec9b326935bc9583f74f3f3c15df0139cf24 (diff)
parent: 2b285b787408417b4ae1f8e3f364b2e5e0a66207 (diff)
1 files changed, 13 insertions, 10 deletions
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 6d15d9185..d1109bebc 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -282,16 +282,19 @@ namespace Jellyfin.Api.Controllers
             }
             else
             {
-                var success = await _userManager.AuthenticateUser(
-                    user.Username,
-                    request.CurrentPw,
-                    request.CurrentPw,
-                    HttpContext.GetNormalizedRemoteIp().ToString(),
-                    false).ConfigureAwait(false);
-
-                if (success == null)
+                if (!HttpContext.User.IsInRole(UserRoles.Administrator))
                 {
-                    return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    var success = await _userManager.AuthenticateUser(
+                        user.Username,
+                        request.CurrentPw,
+                        request.CurrentPw,
+                        HttpContext.GetNormalizedRemoteIp().ToString(),
+                        false).ConfigureAwait(false);
+
+                    if (success == null)
+                    {
+                        return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+                    }
                 }
 
                 await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
@@ -499,7 +502,7 @@ namespace Jellyfin.Api.Controllers
 
             if (isLocal)
             {
-                _logger.LogWarning("Password reset proccess initiated from outside the local network with IP: {IP}", ip);
+                _logger.LogWarning("Password reset process initiated from outside the local network with IP: {IP}", ip);
             }
 
             var result = await _userManager.StartForgotPasswordProcess(forgotPasswordRequest.EnteredUsername, isLocal).ConfigureAwait(false);
author	JinYi-Tsinghua <109143373+JinYi-Tsinghua@users.noreply.github.com>	2022-08-29 02:32:16 +0000
committer	GitHub <noreply@github.com>	2022-08-29 02:32:16 +0000
commit	f1bfbff9530d6b04518b7a601a1015c7a8d1443e (patch)
tree	eedd01e775ab5b0d2852483584b786dfcac38996 /Jellyfin.Api/Controllers/UserController.cs
parent	a94aec9b326935bc9583f74f3f3c15df0139cf24 (diff)
parent	2b285b787408417b4ae1f8e3f364b2e5e0a66207 (diff)