Merge pull request #2492 from Polpetta/fix-api-private-data-leak

Fix emby/user/public API leaking sensitive data
2025-12-24 01:34:45 +03:00 · 2020-05-07 14:52:10 +02:00
parent 41b667c137 5c6339d8fd
commit 62da4d0e5c
4 changed files with 108 additions and 11 deletions
--- a/Emby.Server.Implementations/Library/UserManager.cs
+++ b/Emby.Server.Implementations/Library/UserManager.cs
@@ -608,6 +608,31 @@ namespace Emby.Server.Implementations.Library
            return dto;
        }

+        public PublicUserDto GetPublicUserDto(User user, string remoteEndPoint = null)
+        {
+            if (user == null)
+            {
+                throw new ArgumentNullException(nameof(user));
+            }
+
+            IAuthenticationProvider authenticationProvider = GetAuthenticationProvider(user);
+            bool hasConfiguredPassword = authenticationProvider.HasPassword(user);
+            bool hasConfiguredEasyPassword = !string.IsNullOrEmpty(authenticationProvider.GetEasyPasswordHash(user));
+
+            bool hasPassword = user.Configuration.EnableLocalPassword &&
+                !string.IsNullOrEmpty(remoteEndPoint) &&
+                _networkManager.IsInLocalNetwork(remoteEndPoint) ? hasConfiguredEasyPassword : hasConfiguredPassword;
+
+            PublicUserDto dto = new PublicUserDto
+            {
+                Name = user.Name,
+                HasPassword = hasPassword,
+                HasConfiguredPassword = hasConfiguredPassword,
+            };
+
+            return dto;
+        }
+
        public UserDto GetOfflineUserDto(User user)
        {
            var dto = GetUserDto(user);