shpaq/sct-overseerr
1
0
Fork 0
mirror of https://github.com/sct/overseerr.git synced 2025-12-30 01:32:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't allow login for unimported Jellyfin users if not set in settings

Browse Source
This commit is contained in:
notfakie
2022-04-28 17:58:05 +12:00
parent 36c3c9d7c6
commit 72ca694f21
1 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/routes/auth.ts
View File

@@ -255,11 +255,33 @@ authRoutes.post('/jellyfin', async (req, res, next) => {
user.username = '';
}
await userRepository.save(user);
} else if (!settings.main.newPlexLogin) {
logger.warn(
'Failed sign-in attempt by unimported Jellyfin user with access to the media server',
{
label: 'API',
ip: req.ip,
jellyfinUserId: account.User.Id,
jellyfinUsername: account.User.Name,
}
);
return next({
status: 403,
message: 'Access denied.',
});
} else {
// Here we check if it's the first user. If it is, we create the user with no check
// and give them admin permissions
const totalUsers = await userRepository.count();
if (totalUsers === 0) {
logger.info(
'Sign-in attempt from Jellyfin user with access to the media server; creating initial admin user for Overseerr',
{
label: 'API',
ip: req.ip,
jellyfinUsername: account.User.Name,
}
);
user = new User({
email: body.email,
jellyfinUsername: account.User.Name,