fix: replace NotImplementedException in ChangePassword, add null guard on stream#2
Conversation
|
I double checked other implementation, including this official plugin: clearly seems to be fine with returning exception. There seems to be a benefit in not returning "CompletedTask" back to the client if the task failed, as we wouldn't want the client to think they made a change. I'm pretty sure that jellyfin would catch and log the exception at a higher level. Does this actually solve a real issue? |
…d on stream ChangePassword threw NotImplementedException which could crash admin workflows (e.g. password reset attempt on an HttpAuth account). Replaced with a log message and Task.CompletedTask since password management is handled entirely by the reverse proxy. GetManifestResourceStream can return null if the embedded resource is missing (broken build, namespace mismatch). Added an early return with NotFound() to fail explicitly rather than passing null to File(). Ref: UlysseM#1
801b9b5 to
2ac186c
Compare
|
Fair point — you're right that returning The only thing I'd push back on gently: Would you be open to changing just the exception type, keeping a short log so it's diagnosable in traces? _logger.LogDebug("ChangePassword is not supported for HttpAuth users — passwords are managed by the reverse proxy.");
throw new NotSupportedException("Password changes are not supported for HttpAuth users.");If you'd rather keep Also rebased on main — the null guard in |
Two small defensive fixes found during a code review (see #1 for the full context).
Changes
1.
ChangePassword— replaceNotImplementedExceptionwith a no-opIAuthenticationProvider.ChangePasswordwas throwingNotImplementedException. If Jellyfin ever calls this on an HttpAuth account (e.g. an admin attempting a password reset), it raises an unhandled exception and may crash the calling workflow silently.Since password management is entirely handled by the reverse proxy in this plugin's model, the correct behaviour is to do nothing and log a message explaining why.
2.
InjectAuthController.Login— null guard onGetManifestResourceStreamAssembly.GetManifestResourceStreamreturnsnullwhen the embedded resource is not found (namespace mismatch, broken build, etc.). PassingnulltoFile()throws aNullReferenceException. An explicitNotFound()makes the failure visible and diagnosable.Notes