alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-04-08 11:22:23 +01:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Revert "Fix emby/user/public API leaking sensitive data"

Browse Source
This commit is contained in:
Joshua M. Boniface
2020-05-26 12:14:40 -04:00
committed by GitHub
parent 976ae36bea
commit 0be3dfe7c5
4 changed files with 11 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
MediaBrowser.Api/UserService.cs
View File

@@ -35,7 +35,7 @@ namespace MediaBrowser.Api
}
[Route("/Users/Public", "GET", Summary = "Gets a list of publicly visible users for display on a login screen.")]
public class GetPublicUsers : IReturn<PublicUserDto[]>
public class GetPublicUsers : IReturn<UserDto[]>
{
}
@@ -266,38 +266,22 @@ namespace MediaBrowser.Api
_authContext = authContext;
}
/// <summary>
/// Gets the public available Users information
/// </summary>
/// <param name="request">The request.</param>
/// <returns>System.Object.</returns>
public object Get(GetPublicUsers request)
{
var result = _userManager
.Users
.Where(item => !item.Policy.IsDisabled);
if (ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
// If the startup wizard hasn't been completed then just return all users
if (!ServerConfigurationManager.Configuration.IsStartupWizardCompleted)
{
var deviceId = _authContext.GetAuthorizationInfo(Request).DeviceId;
result = result.Where(item => !item.Policy.IsHidden);
if (!string.IsNullOrWhiteSpace(deviceId))
return Get(new GetUsers
{
result = result.Where(i => _deviceManager.CanAccessDevice(i, deviceId));
}
if (!_networkManager.IsInLocalNetwork(Request.RemoteIp))
{
result = result.Where(i => i.Policy.EnableRemoteAccess);
}
IsDisabled = false
});
}
return ToOptimizedResult(result
.OrderBy(u => u.Name)
.Select(i => _userManager.GetPublicUserDto(i, Request.RemoteIp))
.ToArray()
);
return Get(new GetUsers
{
IsHidden = false,
IsDisabled = false
}, true, true);
}
/// <summary>