1 files changed, 18 insertions, 10 deletions

diff --git a/Jellyfin.Api/Controllers/UserController.cs b/Jellyfin.Api/Controllers/UserController.cs
index 43ee309b7..b13db4baa 100644
--- a/Jellyfin.Api/Controllers/UserController.cs
+++ b/Jellyfin.Api/Controllers/UserController.cs
@@ -21,6 +21,7 @@ using MediaBrowser.Model.Users;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
 
 namespace Jellyfin.Api.Controllers
 {
@@ -36,6 +37,7 @@ namespace Jellyfin.Api.Controllers
         private readonly IDeviceManager _deviceManager;
         private readonly IAuthorizationContext _authContext;
         private readonly IServerConfigurationManager _config;
+        private readonly ILogger _logger;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="UserController"/> class.
@@ -46,13 +48,15 @@ namespace Jellyfin.Api.Controllers
         /// <param name="deviceManager">Instance of the <see cref="IDeviceManager"/> interface.</param>
         /// <param name="authContext">Instance of the <see cref="IAuthorizationContext"/> interface.</param>
         /// <param name="config">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+        /// <param name="logger">Instance of the <see cref="ILogger"/> interface.</param>
         public UserController(
             IUserManager userManager,
             ISessionManager sessionManager,
             INetworkManager networkManager,
             IDeviceManager deviceManager,
             IAuthorizationContext authContext,
-            IServerConfigurationManager config)
+            IServerConfigurationManager config,
+            ILogger<UserController> logger)
         {
             _userManager = userManager;
             _sessionManager = sessionManager;
@@ -60,6 +64,7 @@ namespace Jellyfin.Api.Controllers
             _deviceManager = deviceManager;
             _authContext = authContext;
             _config = config;
+            _logger = logger;
         }
 
         /// <summary>
@@ -118,7 +123,7 @@ namespace Jellyfin.Api.Controllers
                 return NotFound("User not found");
             }
 
-            var result = _userManager.GetUserDto(user, HttpContext.GetNormalizedRemoteIp());
+            var result = _userManager.GetUserDto(user, HttpContext.GetNormalizedRemoteIp().ToString());
             return result;
         }
 
@@ -172,11 +177,9 @@ namespace Jellyfin.Api.Controllers
                 return StatusCode(StatusCodes.Status403Forbidden, "Only sha1 password is not allowed.");
             }
 
-            // Password should always be null
             AuthenticateUserByName request = new AuthenticateUserByName
             {
                 Username = user.Username,
-                Password = null,
                 Pw = pw
             };
             return await AuthenticateUserByName(request).ConfigureAwait(false);
@@ -203,8 +206,7 @@ namespace Jellyfin.Api.Controllers
                     DeviceId = auth.DeviceId,
                     DeviceName = auth.Device,
                     Password = request.Pw,
-                    PasswordSha1 = request.Password,
-                    RemoteEndPoint = HttpContext.GetNormalizedRemoteIp(),
+                    RemoteEndPoint = HttpContext.GetNormalizedRemoteIp().ToString(),
                     Username = request.Username
                 }).ConfigureAwait(false);
 
@@ -291,7 +293,7 @@ namespace Jellyfin.Api.Controllers
                     user.Username,
                     request.CurrentPw,
                     request.CurrentPw,
-                    HttpContext.GetNormalizedRemoteIp(),
+                    HttpContext.GetNormalizedRemoteIp().ToString(),
                     false).ConfigureAwait(false);
 
                 if (success == null)
@@ -483,7 +485,7 @@ namespace Jellyfin.Api.Controllers
                 await _userManager.ChangePassword(newUser, request.Password).ConfigureAwait(false);
             }
 
-            var result = _userManager.GetUserDto(newUser, HttpContext.GetNormalizedRemoteIp());
+            var result = _userManager.GetUserDto(newUser, HttpContext.GetNormalizedRemoteIp().ToString());
 
             return result;
         }
@@ -498,8 +500,14 @@ namespace Jellyfin.Api.Controllers
         [ProducesResponseType(StatusCodes.Status200OK)]
         public async Task<ActionResult<ForgotPasswordResult>> ForgotPassword([FromBody, Required] ForgotPasswordDto forgotPasswordRequest)
         {
+            var ip = HttpContext.GetNormalizedRemoteIp();
             var isLocal = HttpContext.IsLocal()
-                          || _networkManager.IsInLocalNetwork(HttpContext.GetNormalizedRemoteIp());
+                          || _networkManager.IsInLocalNetwork(ip);
+
+            if (isLocal)
+            {
+                _logger.LogWarning("Password reset proccess initiated from outside the local network with IP: {IP}", ip);
+            }
 
             var result = await _userManager.StartForgotPasswordProcess(forgotPasswordRequest.EnteredUsername, isLocal).ConfigureAwait(false);
 
@@ -581,7 +589,7 @@ namespace Jellyfin.Api.Controllers
 
             var result = users
                 .OrderBy(u => u.Username)
-                .Select(i => _userManager.GetUserDto(i, HttpContext.GetNormalizedRemoteIp()));
+                .Select(i => _userManager.GetUserDto(i, HttpContext.GetNormalizedRemoteIp().ToString()));
 
             return result;
         }