AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: error when resetting password of a non admin user (#252)

Browse source 
Fixes #246
This commit is contained in:
Leonardo Dias 2021-06-03 14:17:57 -03:00 committed by GitHub
parent 03c9b7a11d
commit b38ea8186e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
API/Controllers/AccountController.cs
View file

@ -45,9 +45,9 @@ namespace API.Controllers
{
_logger.LogInformation("{UserName} is changing {ResetUser}'s password", User.GetUsername(), resetPasswordDto.UserName);
var user = await _userManager.Users.SingleAsync(x => x.UserName == resetPasswordDto.UserName);
var isAdmin = await _userManager.IsInRoleAsync(user, PolicyConstants.AdminRole);
if (resetPasswordDto.UserName != User.GetUsername() && !isAdmin) return Unauthorized("You are not permitted to this operation.");
if (resetPasswordDto.UserName != User.GetUsername() && !User.IsInRole(PolicyConstants.AdminRole))
return Unauthorized("You are not permitted to this operation.");
// Validate Password
foreach (var validator in _userManager.PasswordValidators)