fixes #941 - Rework password recovery and remove IsLocal checks

MediaBrowser.Api/UserService.cs

@@ -12,6 +12,7 @@ using ServiceStack;
 using ServiceStack.Text.Controller;
 using System;
 using System.Collections.Generic;
+using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
 
@@ -175,6 +176,20 @@ namespace MediaBrowser.Api
         public string Name { get; set; }
     }
 
+    [Route("/Users/ForgotPassword", "POST", Summary = "Initiates the forgot password process for a local user")]
+    public class ForgotPassword : IReturn<ForgotPasswordResult>
+    {
+        [ApiMember(Name = "EnteredUsername", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
+        public string EnteredUsername { get; set; }
+    }
+
+    [Route("/Users/ForgotPassword/Pin", "POST", Summary = "Redeems a forgot password pin")]
+    public class ForgotPasswordPin : IReturn<PinRedeemResult>
+    {
+        [ApiMember(Name = "Pin", IsRequired = false, DataType = "string", ParameterType = "body", Verb = "POST")]
+        public string Pin { get; set; }
+    }
+
     /// <summary>
     /// Class UsersService
     /// </summary>
@@ -217,34 +232,15 @@ namespace MediaBrowser.Api
                 });
             }
 
-            var authInfo = AuthorizationContext.GetAuthorizationInfo(Request);
-            var isDashboard = string.Equals(authInfo.Client, "Dashboard", StringComparison.OrdinalIgnoreCase);
-
-            if (Request.IsLocal && isDashboard)
-            {
-                var users = _userManager.Users
-                    .Where(i => !i.Configuration.IsDisabled && !(i.ConnectLinkType.HasValue && i.ConnectLinkType.Value == UserLinkType.Guest))
-                    .ToList();
-
-                return ToOptimizedResult(users);
-            }
-
-            // TODO: Uncomment this once all clients can handle an empty user list.
-            return Get(new GetUsers
-            {
-                IsHidden = false,
-                IsDisabled = false
-            });
-
-            //// TODO: Add or is authenticated
+            // TODO: Uncomment once clients can handle an empty user list (and below)
             //if (Request.IsLocal || IsInLocalNetwork(Request.RemoteIp))
-            //{
-            //    return Get(new GetUsers
-            //    {
-            //        IsHidden = false,
-            //        IsDisabled = false
-            //    });
-            //}
+            {
+                return Get(new GetUsers
+                {
+                    IsHidden = false,
+                    IsDisabled = false
+                });
+            }
 
             //// Return empty when external
             //return ToOptimizedResult(new List<UserDto>());
@@ -379,7 +375,7 @@ namespace MediaBrowser.Api
                 RemoteEndPoint = Request.RemoteIp,
                 Username = request.Username
 
-            }, Request.IsLocal).ConfigureAwait(false);
+            }).ConfigureAwait(false);
 
             return ToOptimizedResult(result);
         }
@@ -419,7 +415,7 @@ namespace MediaBrowser.Api
                 await _userManager.ChangePassword(user, request.NewPassword).ConfigureAwait(false);
             }
         }
-        
+
         /// <summary>
         /// Posts the specified request.
         /// </summary>
@@ -510,5 +506,22 @@ namespace MediaBrowser.Api
 
             return ToOptimizedResult(result);
         }
+
+        /// <summary>
+        /// Posts the specified request.
+        /// </summary>
+        /// <param name="request">The request.</param>
+        /// <returns>System.Object.</returns>
+        public object Post(ForgotPassword request)
+        {
+            var isLocal = Request.IsLocal || _networkManager.IsInLocalNetwork(Request.RemoteIp);
+
+            return _userManager.StartForgotPasswordProcess(request.EnteredUsername, isLocal);
+        }
+
+        public object Post(ForgotPasswordPin request)
+        {
+            return _userManager.RedeemPasswordResetPin(request.Pin);
+        }
     }
 }