aboutsummaryrefslogtreecommitdiff
path: root/Jellyfin.Api/Controllers/UserController.cs
diff options
context:
space:
mode:
Diffstat (limited to 'Jellyfin.Api/Controllers/UserController.cs')
-rw-r--r--Jellyfin.Api/Controllers/UserController.cs23
1 files changed, 13 insertions, 10 deletions
diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 6d15d9185..d1109bebc 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -282,16 +282,19 @@ namespace Jellyfin.Api.Controllers
}
else
{
- var success = await _userManager.AuthenticateUser(
- user.Username,
- request.CurrentPw,
- request.CurrentPw,
- HttpContext.GetNormalizedRemoteIp().ToString(),
- false).ConfigureAwait(false);
-
- if (success == null)
+ if (!HttpContext.User.IsInRole(UserRoles.Administrator))
{
- return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+ var success = await _userManager.AuthenticateUser(
+ user.Username,
+ request.CurrentPw,
+ request.CurrentPw,
+ HttpContext.GetNormalizedRemoteIp().ToString(),
+ false).ConfigureAwait(false);
+
+ if (success == null)
+ {
+ return StatusCode(StatusCodes.Status403Forbidden, "Invalid user or password entered.");
+ }
}
await _userManager.ChangePassword(user, request.NewPw).ConfigureAwait(false);
@@ -499,7 +502,7 @@ namespace Jellyfin.Api.Controllers
if (isLocal)
{
- _logger.LogWarning("Password reset proccess initiated from outside the local network with IP: {IP}", ip);
+ _logger.LogWarning("Password reset process initiated from outside the local network with IP: {IP}", ip);
}
var result = await _userManager.StartForgotPasswordProcess(forgotPasswordRequest.EnteredUsername, isLocal).ConfigureAwait(false);
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-07 01:16:12 +0000