You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm not sure I understand but I'm guessing what you want is when the user with no password tries to log in, not allow him to be logged in?
You could do that by going into jellyseerr settings and turning off enable new jellyfin login. And if the user already exists you can remove him from jellyseerr. That way that user won't be able to log in, and you can have everyone else imported using the import user button and for that user you can have a local user in jellyseerr.
Previously we had it so that even if you did not have a password you could not log in to jellyseerr with no password, but due to popular request we added in the ability to log in to jellyseerr without password.
My problem was that using an external Url lets say jellyseerr.domain.com, I should not be able to login with my username "NoPassword", since jellyfin (jellyfin.domain.com) would not allow it, because that user is local only.
Ohh I think I get it. Currently it does not validate whether the user is local or remote. Have to try and see how to implement that through api
Let me change the tag to feature request
Meanwhile you can use my suggestion where new jellyfin log in is disabled and removing that user from jellyseerr user list and just creating a local user for that user only
Fallenbagel
changed the title
Login possible with local user when using external URL
[Feature Request] Validate whether the user is a local network user and only allow log in locally
Jun 3, 2022
Description
I can login with an user that is only for local use only using external URL.
Jellyseerr was set up using jellyfin local ip.
"Allow remote connections to this server" is uncheck in jellyfin config for the user.
I'm running the develop branch on docker and have set the external URL to fix profile picture and play on jellyfin button.
This is a security concern for my use case since that user doesn't have a password.
What I would like:
Possible quick fix:
Use external URL for the login process, that would resolve my security concern but not allow local user when on local network.
I will add a password to the user for now!
Version
5298e5f
Steps to Reproduce
Code of Conduct
The text was updated successfully, but these errors were encountered: