Revert "Fix emby/user/public API leaking sensitive data"

author: Joshua M. Boniface <joshua@boniface.me> 2020-05-26 12:14:40 -0400
committer: GitHub <noreply@github.com> 2020-05-26 12:14:40 -0400
commit: 0be3dfe7c53d8c3bb43c28ea02c8a594bcb903b2 (patch)
tree: 23177b8121dde236e129566d655c36806fb960a5 /MediaBrowser.Api/UserService.cs
parent: 976ae36bea0768f0e363bf0c5091b0853cc81c4d (diff)
1 files changed, 11 insertions, 27 deletions
diff --git a/MediaBrowser.Api/UserService.cs b/MediaBrowser.Api/UserService.cs
index 7d4d5fcf9..78fc6c694 100644
--- a/MediaBrowser.Api/UserService.cs
+++ b/MediaBrowser.Api/UserService.cs
@@ -35,7 +35,7 @@ namespace MediaBrowser.Api
     }
 
     [Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
-    public class GetPublicUsers : IReturn<PublicUserDto[]>
+    public class GetPublicUsers : IReturn<UserDto[]>
     {
     }
 
@@ -266,38 +266,22 @@ namespace MediaBrowser.Api
             _authContext = authContext;
         }
 
-        /// <summary>
-        /// Gets the public available Users information
-        /// </summary>
-        /// <param name="request">The request.</param>
-        /// <returns>System.Object.</returns>
         public object Get(GetPublicUsers request)
         {
-            var result = _userManager
-                .Users
-                .Where(item => !item.Policy.IsDisabled);
-
-            if (ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
+            // If the startup wizard hasn't been completed then just return all users
+            if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
             {
-                var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
-                result = result.Where(item => !item.Policy.IsHidden);
-
-                if (!string.IsNullOrWhiteSpace(deviceId))
+                return Get(new GetUsers
                 {
-                    result = result.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
-                }
-
-                if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
-                {
-                    result = result.Where(i => i.Policy.EnableRemoteAccess);
-                }
+                    IsDisabled = false
+                });
             }
 
-            return ToOptimizedResult(result
-                    .OrderBy(u => u.Name)
-                    .Select(i => _userManager.GetPublicUserDto(i, Request.RemoteIp))
-                    .ToArray()
-                );
+            return Get(new GetUsers
+            {
+                IsHidden = false,
+                IsDisabled = false
+            }, true, true);
         }
 
         /// <summary>
author	Joshua M. Boniface <joshua@boniface.me>	2020-05-26 12:14:40 -0400
committer	GitHub <noreply@github.com>	2020-05-26 12:14:40 -0400
commit	0be3dfe7c53d8c3bb43c28ea02c8a594bcb903b2 (patch)
tree	23177b8121dde236e129566d655c36806fb960a5 /MediaBrowser.Api/UserService.cs
parent	976ae36bea0768f0e363bf0c5091b0853cc81c4d (diff)