AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bugfixes (#2862)

Browse source 
Co-authored-by: Robbie Davis <robbie@therobbiedavis.com>
This commit is contained in:
Joe Milazzo 2024-04-14 06:58:22 -05:00 committed by GitHub
parent 5a7fd25548
commit 8f4e1fbb36
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 92 additions and 1287 deletions
Download patch file Download diff file Expand all files Collapse all files

1
API/Controllers/AccountController.cs
View file

@ -82,6 +82,7 @@ public class AccountController : BaseApiController
{
var user = await _userManager.Users.SingleOrDefaultAsync(x => x.UserName == resetPasswordDto.UserName);
if (user == null) return Ok(); // Don't report BadRequest as that would allow brute forcing to find accounts on system
_logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
if (User.IsInRole(PolicyConstants.ReadOnlyRole))
return BadRequest(await _localizationService.Translate(User.GetUserId(), "permission-denied"));