mirror of
https://github.com/jellyfin/jellyfin.git
synced 2024-11-15 18:08:53 -07:00
Merge pull request #3187 from jellyfin/revert-2492-fix-api-private-data-leak
Revert "Fix emby/user/public API leaking sensitive data"
This commit is contained in:
commit
b33fa06efa
@ -608,31 +608,6 @@ namespace Emby.Server.Implementations.Library
|
||||
return dto;
|
||||
}
|
||||
|
||||
public PublicUserDto GetPublicUserDto(User user, string remoteEndPoint = null)
|
||||
{
|
||||
if (user == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(user));
|
||||
}
|
||||
|
||||
IAuthenticationProvider authenticationProvider = GetAuthenticationProvider(user);
|
||||
bool hasConfiguredPassword = authenticationProvider.HasPassword(user);
|
||||
bool hasConfiguredEasyPassword = !string.IsNullOrEmpty(authenticationProvider.GetEasyPasswordHash(user));
|
||||
|
||||
bool hasPassword = user.Configuration.EnableLocalPassword &&
|
||||
!string.IsNullOrEmpty(remoteEndPoint) &&
|
||||
_networkManager.IsInLocalNetwork(remoteEndPoint) ? hasConfiguredEasyPassword : hasConfiguredPassword;
|
||||
|
||||
PublicUserDto dto = new PublicUserDto
|
||||
{
|
||||
Name = user.Name,
|
||||
HasPassword = hasPassword,
|
||||
HasConfiguredPassword = hasConfiguredPassword,
|
||||
};
|
||||
|
||||
return dto;
|
||||
}
|
||||
|
||||
public UserDto GetOfflineUserDto(User user)
|
||||
{
|
||||
var dto = GetUserDto(user);
|
||||
|
@ -35,7 +35,7 @@ namespace MediaBrowser.Api
|
||||
}
|
||||
|
||||
[Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
|
||||
public class GetPublicUsers : IReturn<PublicUserDto[]>
|
||||
public class GetPublicUsers : IReturn<UserDto[]>
|
||||
{
|
||||
}
|
||||
|
||||
@ -266,38 +266,22 @@ namespace MediaBrowser.Api
|
||||
_authContext = authContext;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the public available Users information
|
||||
/// </summary>
|
||||
/// <param name="request">The request.</param>
|
||||
/// <returns>System.Object.</returns>
|
||||
public object Get(GetPublicUsers request)
|
||||
{
|
||||
var result = _userManager
|
||||
.Users
|
||||
.Where(item => !item.Policy.IsDisabled);
|
||||
|
||||
if (ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
|
||||
// If the startup wizard hasn't been completed then just return all users
|
||||
if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
|
||||
{
|
||||
var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
|
||||
result = result.Where(item => !item.Policy.IsHidden);
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(deviceId))
|
||||
return Get(new GetUsers
|
||||
{
|
||||
result = result.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
|
||||
IsDisabled = false
|
||||
});
|
||||
}
|
||||
|
||||
if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
|
||||
return Get(new GetUsers
|
||||
{
|
||||
result = result.Where(i => i.Policy.EnableRemoteAccess);
|
||||
}
|
||||
}
|
||||
|
||||
return ToOptimizedResult(result
|
||||
.OrderBy(u => u.Name)
|
||||
.Select(i => _userManager.GetPublicUserDto(i, Request.RemoteIp))
|
||||
.ToArray()
|
||||
);
|
||||
IsHidden = false,
|
||||
IsDisabled = false
|
||||
}, true, true);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
|
@ -143,14 +143,6 @@ namespace MediaBrowser.Controller.Library
|
||||
/// <returns>UserDto.</returns>
|
||||
UserDto GetUserDto(User user, string remoteEndPoint = null);
|
||||
|
||||
/// <summary>
|
||||
/// Gets the user public dto.
|
||||
/// </summary>
|
||||
/// <param name="user">Ther user.</param>\
|
||||
/// <param name="remoteEndPoint">The remote end point.</param>
|
||||
/// <returns>A public UserDto, aka a UserDto stripped of personal data.</returns>
|
||||
PublicUserDto GetPublicUserDto(User user, string remoteEndPoint = null);
|
||||
|
||||
/// <summary>
|
||||
/// Authenticates the user.
|
||||
/// </summary>
|
||||
|
@ -1,48 +0,0 @@
|
||||
using System;
|
||||
|
||||
namespace MediaBrowser.Model.Dto
|
||||
{
|
||||
/// <summary>
|
||||
/// Class PublicUserDto. Its goal is to show only public information about a user
|
||||
/// </summary>
|
||||
public class PublicUserDto : IItemDto
|
||||
{
|
||||
/// <summary>
|
||||
/// Gets or sets the name.
|
||||
/// </summary>
|
||||
/// <value>The name.</value>
|
||||
public string Name { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the primary image tag.
|
||||
/// </summary>
|
||||
/// <value>The primary image tag.</value>
|
||||
public string PrimaryImageTag { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a value indicating whether this instance has password.
|
||||
/// </summary>
|
||||
/// <value><c>true</c> if this instance has password; otherwise, <c>false</c>.</value>
|
||||
public bool HasPassword { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a value indicating whether this instance has configured password.
|
||||
/// Note that in this case this method should not be here, but it is necessary when changing password at the
|
||||
/// first login.
|
||||
/// </summary>
|
||||
/// <value><c>true</c> if this instance has configured password; otherwise, <c>false</c>.</value>
|
||||
public bool HasConfiguredPassword { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the primary image aspect ratio.
|
||||
/// </summary>
|
||||
/// <value>The primary image aspect ratio.</value>
|
||||
public double? PrimaryImageAspectRatio { get; set; }
|
||||
|
||||
/// <inheritdoc />
|
||||
public override string ToString()
|
||||
{
|
||||
return Name ?? base.ToString();
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user