administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-01-26 22:18:30 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

don't require old password for users with admin role when changing passwords

Browse Source
This commit is contained in:
Josh Hawkins 2025-12-16 06:19:48 -06:00
parent ae0c1ca941
commit 918373cb69
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
frigate/api/auth.py
View File

@ -893,13 +893,9 @@ async def update_password(
except DoesNotExist: except DoesNotExist:
return JSONResponse(content={"message": "User not found"}, status_code=404) return JSONResponse(content={"message": "User not found"}, status_code=404)
# Require old_password when: # Require old_password when non-admin user is changing any password
# 1. Non-admin user is changing another user's password (admin only action) # Admin users changing passwords do NOT need to provide the current password
# 2. Any user is changing their own password if current_role != "admin":
is_changing_own_password = current_username == username
is_non_admin = current_role != "admin"
if is_changing_own_password or is_non_admin:
if not body.old_password: if not body.old_password:
return JSONResponse( return JSONResponse(
content={"message": "Current password is required"}, content={"message": "Current password is required"},