yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added security logic previously added to PasswordChanger

Browse Source
This commit is contained in:
Emma Garland
2021-03-15 09:01:10 +00:00
parent aa4947913e
commit 5c6b8fe2bc
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Globalization;
using System.IO;
using System.Linq;
@@ -722,6 +723,11 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
return new ValidationErrorResult("The current user is not authorized");
}
if (!currentUser.IsAdmin() && found.IsAdmin())
{
return new ValidationErrorResult("The current user cannot change the password for the specified user");
}
Attempt<PasswordChangedModel> passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _userManager);
if (passwordChangeResult.Success)