Fixed a bug with previous hotfix which prevented registration for new users. (#899)

2025-08-07 09:01:25 -04:00 · 2022-01-05 14:59:29 -08:00 · 2022-01-05 14:59:29 -08:00 · 7fb41f0945
commit 7fb41f0945
parent a6d8c833e6
2 changed files with 14 additions and 4 deletions
--- a/API/Controllers/AccountController.cs
+++ b/API/Controllers/AccountController.cs
@ -13,7 +13,6 @@ using API.Interfaces.Services;
 using API.Services;
 using AutoMapper;
 using Kavita.Common;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@ -79,7 +78,6 @@ namespace API.Controllers
        /// </summary>
        /// <param name="registerDto"></param>
        /// <returns></returns>
-        [Authorize(Policy = "RequireAdminRole")]
        [HttpPost("register")]
        public async Task<ActionResult<UserDto>> Register(RegisterDto registerDto)
        {
@ -90,6 +88,17 @@ namespace API.Controllers
                    return BadRequest("Username is taken.");
                }

+                // If we are registering an admin account, ensure there are no existing admins or user registering is an admin
+                if (registerDto.IsAdmin)
+                {
+                    var firstTimeFlow = !(await _userManager.GetUsersInRoleAsync("Admin")).Any();
+                    if (!firstTimeFlow && !await _unitOfWork.UserRepository.IsUserAdmin(
+                            await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername())))
+                    {
+                        return BadRequest("You are not permitted to create an admin account");
+                    }
+                }
+
                var user = _mapper.Map<AppUser>(registerDto);
                user.UserPreferences ??= new AppUserPreferences();
                user.ApiKey = HashUtil.ApiKey();
@ -105,6 +114,7 @@ namespace API.Controllers

                if (!result.Succeeded) return BadRequest(result.Errors);

+
                var role = registerDto.IsAdmin ? PolicyConstants.AdminRole : PolicyConstants.PlebRole;
                var roleResult = await _userManager.AddToRoleAsync(user, role);

--- a/Kavita.Common/Kavita.Common.csproj
+++ b/Kavita.Common/Kavita.Common.csproj
@ -4,7 +4,7 @@
        <TargetFramework>net5.0</TargetFramework>
        <Company>kavitareader.com</Company>
        <Product>Kavita</Product>
-        <AssemblyVersion>0.4.9.1</AssemblyVersion>
+        <AssemblyVersion>0.4.9.2</AssemblyVersion>
        <NeutralLanguage>en</NeutralLanguage>
    </PropertyGroup>

@ -18,4 +18,4 @@
    </ItemGroup>


-</Project>
+</Project>