Merge pull request #9821 from cvium/admin_must_have_pw

This commit is contained in:
Cody Robibero 2023-05-29 18:38:01 -06:00 committed by GitHub
commit d8f0933f33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions

View File

@ -131,6 +131,10 @@ public class StartupController : BaseJellyfinApiController
public async Task<ActionResult> UpdateStartupUser([FromBody] StartupUserDto startupUserDto) public async Task<ActionResult> UpdateStartupUser([FromBody] StartupUserDto startupUserDto)
{ {
var user = _userManager.Users.First(); var user = _userManager.Users.First();
if (string.IsNullOrWhiteSpace(startupUserDto.Password))
{
return BadRequest("Password must not be empty");
}
if (startupUserDto.Name is not null) if (startupUserDto.Name is not null)
{ {

View File

@ -272,6 +272,10 @@ namespace Jellyfin.Server.Implementations.Users
public async Task ChangePassword(User user, string newPassword) public async Task ChangePassword(User user, string newPassword)
{ {
ArgumentNullException.ThrowIfNull(user); ArgumentNullException.ThrowIfNull(user);
if (user.HasPermission(PermissionKind.IsAdministrator) && string.IsNullOrWhiteSpace(newPassword))
{
throw new ArgumentException("Admin user passwords must not be empty", nameof(newPassword));
}
await GetAuthenticationProvider(user).ChangePassword(user, newPassword).ConfigureAwait(false); await GetAuthenticationProvider(user).ChangePassword(user, newPassword).ConfigureAwait(false);
await UpdateUserAsync(user).ConfigureAwait(false); await UpdateUserAsync(user).ConfigureAwait(false);