2 files changed, 13 insertions, 15 deletions

diff --git a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
index c99c5e4ef..5e84255f9 100644
--- a/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
+++ b/Jellyfin.Server.Implementations/Users/DefaultPasswordResetProvider.cs
@@ -10,6 +10,7 @@ using MediaBrowser.Common.Extensions;
 using MediaBrowser.Controller.Authentication;
 using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Library;
+using MediaBrowser.Model.IO;
 using MediaBrowser.Model.Users;
 
 namespace Jellyfin.Server.Implementations.Users
@@ -53,7 +54,7 @@ namespace Jellyfin.Server.Implementations.Users
             foreach (var resetFile in Directory.EnumerateFiles(_passwordResetFileBaseDir, $"{BaseResetFileName}*"))
             {
                 SerializablePasswordReset spr;
-                await using (var str = File.OpenRead(resetFile))
+                await using (var str = AsyncFile.OpenRead(resetFile))
                 {
                     spr = await JsonSerializer.DeserializeAsync<SerializablePasswordReset>(str).ConfigureAwait(false)
                         ?? throw new ResourceNotFoundException($"Provided path ({resetFile}) is not valid.");
@@ -92,13 +93,9 @@ namespace Jellyfin.Server.Implementations.Users
         /// <inheritdoc />
         public async Task<ForgotPasswordResult> StartForgotPasswordProcess(User user, bool isInNetwork)
         {
-            string pin;
-            using (var cryptoRandom = RandomNumberGenerator.Create())
-            {
-                byte[] bytes = new byte[4];
-                cryptoRandom.GetBytes(bytes);
-                pin = BitConverter.ToString(bytes);
-            }
+            byte[] bytes = new byte[4];
+            RandomNumberGenerator.Fill(bytes);
+            string pin = BitConverter.ToString(bytes);
 
             DateTime expireTime = DateTime.UtcNow.AddMinutes(30);
             string filePath = _passwordResetFileBase + user.Id + ".json";
@@ -110,10 +107,9 @@ namespace Jellyfin.Server.Implementations.Users
                 UserName = user.Username
             };
 
-            await using (FileStream fileStream = File.OpenWrite(filePath))
+            await using (FileStream fileStream = AsyncFile.OpenWrite(filePath))
             {
                 await JsonSerializer.SerializeAsync(fileStream, spr).ConfigureAwait(false);
-                await fileStream.FlushAsync().ConfigureAwait(false);
             }
 
             user.EasyPassword = pin;
@@ -122,6 +118,7 @@ namespace Jellyfin.Server.Implementations.Users
             {
                 Action = ForgotPasswordAction.PinCode,
                 PinExpirationDate = expireTime,
+                PinFile = filePath
             };
         }
 
diff --git a/Jellyfin.Server.Implementations/Users/UserManager.cs b/Jellyfin.Server.Implementations/Users/UserManager.cs
index 02377bfd7..8ca6e8d21 100644
--- a/Jellyfin.Server.Implementations/Users/UserManager.cs
+++ b/Jellyfin.Server.Implementations/Users/UserManager.cs
@@ -530,11 +530,7 @@ namespace Jellyfin.Server.Implementations.Users
                 }
             }
 
-            return new PinRedeemResult
-            {
-                Success = false,
-                UsersReset = Array.Empty<string>()
-            };
+            return new PinRedeemResult();
         }
 
         /// <inheritdoc />
@@ -701,6 +697,11 @@ namespace Jellyfin.Server.Implementations.Users
         /// <inheritdoc/>
         public async Task ClearProfileImageAsync(User user)
         {
+            if (user.ProfileImage == null)
+            {
+                return;
+            }
+
             await using var dbContext = _dbProvider.CreateContext();
             dbContext.Remove(user.ProfileImage);
             await dbContext.SaveChangesAsync().ConfigureAwait(false);