Merge pull request #14950 from nielsvanvelzen/security-remove-has-password

Deprecate HasPassword property on UserDto
author: Niels van Velzen <nielsvanvelzen@users.noreply.github.com> 2025-11-27 16:31:05 +0100
committer: GitHub <noreply@github.com> 2025-11-27 16:31:05 +0100
commit: 19c232809ed3b2f0a740239a863b66bebe41e32f (patch)
tree: 2d349a8b7c408b9cf6b102d7af61b19c8393a623 /Jellyfin.Server.Implementations
parent: 301f65af483d349bcbc76866a5e6ad17588dbd76 (diff)
parent: d43db230fa1ff6f371a9ab16063152f5b632e2e9 (diff)
3 files changed, 1 insertions, 14 deletions
diff --git a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
index 35c43b176..446849b6f 100644
--- a/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultAuthenticationProvider.cs
@@ -59,7 +59,7 @@ namespace Jellyfin.Server.Implementations.Users
             }
 
             // As long as jellyfin supports password-less users, we need this little block here to accommodate
-            if (!HasPassword(resolvedUser) && string.IsNullOrEmpty(password))
+            if (string.IsNullOrEmpty(resolvedUser.Password) && string.IsNullOrEmpty(password))
             {
                 return Task.FromResult(new ProviderAuthenticationResult
                 {
@@ -94,10 +94,6 @@ namespace Jellyfin.Server.Implementations.Users
         }
 
         /// <inheritdoc />
-        public bool HasPassword(User user)
-            => !string.IsNullOrEmpty(user?.Password);
-
-        /// <inheritdoc />
         public Task ChangePassword(User user, string newPassword)
         {
             if (string.IsNullOrEmpty(newPassword))
diff --git a/Jellyfin.Server.Implementations/Users/InvalidAuthProvider.cs b/Jellyfin.Server.Implementations/Users/InvalidAuthProvider.cs
index caf9d5bd9..56b8a7fc4 100644
--- a/Jellyfin.Server.Implementations/Users/InvalidAuthProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/InvalidAuthProvider.cs
@@ -22,12 +22,6 @@ namespace Jellyfin.Server.Implementations.Users
         }
 
         /// <inheritdoc />
-        public bool HasPassword(User user)
-        {
-            return true;
-        }
-
-        /// <inheritdoc />
         public Task ChangePassword(User user, string newPassword)
         {
             return Task.CompletedTask;
diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs
index b534ccd1b..63d962ad9 100644
--- a/Jellyfin.Server.Implementations/Users/UserManager.cs
+++ b/Jellyfin.Server.Implementations/Users/UserManager.cs
@@ -306,15 +306,12 @@ namespace Jellyfin.Server.Implementations.Users
         /// <inheritdoc/>
         public UserDto GetUserDto(User user, string? remoteEndPoint = null)
         {
-            var hasPassword = GetAuthenticationProvider(user).HasPassword(user);
             var castReceiverApplications = _serverConfigurationManager.Configuration.CastReceiverApplications;
             return new UserDto
             {
                 Name = user.Username,
                 Id = user.Id,
                 ServerId = _appHost.SystemId,
-                HasPassword = hasPassword,
-                HasConfiguredPassword = hasPassword,
                 EnableAutoLogin = user.EnableAutoLogin,
                 LastLoginDate = user.LastLoginDate,
                 LastActivityDate = user.LastActivityDate,
author	Niels van Velzen <nielsvanvelzen@users.noreply.github.com>	2025-11-27 16:31:05 +0100
committer	GitHub <noreply@github.com>	2025-11-27 16:31:05 +0100
commit	19c232809ed3b2f0a740239a863b66bebe41e32f (patch)
tree	2d349a8b7c408b9cf6b102d7af61b19c8393a623 /Jellyfin.Server.Implementations
parent	301f65af483d349bcbc76866a5e6ad17588dbd76 (diff)
parent	d43db230fa1ff6f371a9ab16063152f5b632e2e9 (diff)