search

Cloud9Developer / Jellyfin-Newsletter-Plugin

GNU General Public License v3.0
74 stars 9 forks source link

HTTP endpoints do not have authentication #67

Closed StefanAbl closed 3 months ago

StefanAbl commented 9 months ago

The endpoints for sending a test mail or a newsletter e-mail or exposed without authentication. This allows for spamming users with test e-mails.

https://github.com/Cloud9Developer/Jellyfin-Newsletter-Plugin/blob/2a624b9e5cbfe26aa0f6a19c8921d517d2049ce3/Jellyfin.Plugin.Newsletters/Emails/smtp.cs#L79

It would be greatly appreciated if you could add authentication to those endpoints.

jumoog commented 3 months ago

was fixed in https://github.com/Cloud9Developer/Jellyfin-Newsletter-Plugin/commit/4f9f9256d882286c845ce502465dc141a44596e9

jumoog commented 3 months ago

only jellyfin admins can use the endpoints now

StefanAbl commented 3 months ago

Very nice, thank you