alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-04-21 17:44:43 +01:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Fix emby/user/public API leaking private data

Browse Source 
This commit fixes the emby/user/public API that was returning more data
than necessary. Now only the following information are returned:
- the account name
- the primary image tag
- the field hasPassword
- the field hasConfiguredPassword, useful for the first wizard only
(see
https://github.com/jellyfin/jellyfin/issues/880#issuecomment-465370051)
- the primary image aspect ratio

A new DTO class, PrivateUserDTO has been created, and the route has been
modified in order to return that data object.
This commit is contained in:
Davide Polonio
2020-03-01 21:38:34 +01:00
parent 03a294a706
commit 5d760b7ee8
4 changed files with 106 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
MediaBrowser.Controller/Library/IUserManager.cs
View File

@@ -143,6 +143,14 @@ namespace MediaBrowser.Controller.Library
/// <returns>UserDto.</returns>
UserDto GetUserDto(User user, string remoteEndPoint = null);
/// <summary>
/// Gets the user public dto.
/// </summary>
/// <param name="user">Ther user.</param>\
/// <param name="remoteEndPoint">The remote end point.</param>
/// <returns>A public UserDto, aka a UserDto stripped of personal data.</returns>
PublicUserDto GetPublicUserDto(User user, string remoteEndPoint = null);
/// <summary>
/// Authenticates the user.
/// </summary>