From 29ef02af9a1c2f2ff51b5cd34a9074943cdc1d1f Mon Sep 17 00:00:00 2001
From: cvium <clausvium@gmail.com>
Date: Fri, 26 May 2023 21:50:51 +0200
Subject: [PATCH] do not allow empty admin password during wizard

---
 Jellyfin.Api/Controllers/StartupController.cs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Jellyfin.Api/Controllers/StartupController.cs b/Jellyfin.Api/Controllers/StartupController.cs
index aab390d1f9..1098733b2c 100644
--- a/Jellyfin.Api/Controllers/StartupController.cs
+++ b/Jellyfin.Api/Controllers/StartupController.cs
@@ -131,6 +131,10 @@ public class StartupController : BaseJellyfinApiController
     public async Task<ActionResult> UpdateStartupUser([FromBody] StartupUserDto startupUserDto)
     {
         var user = _userManager.Users.First();
+        if (string.IsNullOrWhiteSpace(startupUserDto.Password))
+        {
+            return BadRequest("Password must not be empty");
+        }
 
         if (startupUserDto.Name is not null)
         {