From 15f90ea433e14380cf4943339742737f2110c3a7 Mon Sep 17 00:00:00 2001
From: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>
Date: Tue, 9 Mar 2021 23:09:57 -0800
Subject: [PATCH] Improve temporary device token flow

---
 .../default/mobile_devices_table.html         |  9 ++++-
 plexpy/api2.py                                |  4 +-
 plexpy/mobile_app.py                          | 38 ++++++++++---------
 plexpy/webserve.py                            |  8 ++--
 4 files changed, 33 insertions(+), 26 deletions(-)

diff --git a/data/interfaces/default/mobile_devices_table.html b/data/interfaces/default/mobile_devices_table.html
index c3a16c8c..de66760f 100644
--- a/data/interfaces/default/mobile_devices_table.html
+++ b/data/interfaces/default/mobile_devices_table.html
@@ -98,7 +98,9 @@ DOCUMENTATION :: END
                         $.ajax({
                             url: 'verify_mobile_device',
                             type: 'GET',
-                            data: { device_token: token },
+                            data: {
+                                device_token: token
+                            },
                             success: function (data) {
                                 if (data.result === 'success') {
                                     verifiedDevice = true;
@@ -135,7 +137,10 @@ DOCUMENTATION :: END
             $.ajax({
                 url: 'verify_mobile_device',
                 type: 'GET',
-                data: { cancel: true },
+                data: {
+                    device_token: $('#api_qr_token').val(),
+                    cancel: true
+                },
                 success: function (data) {
                     showMsg('<i class="fa fa-times"></i> ' + data.message, false, true, 5000, false);
                 }
diff --git a/plexpy/api2.py b/plexpy/api2.py
index 99a0c0cc..c04ae83b 100644
--- a/plexpy/api2.py
+++ b/plexpy/api2.py
@@ -146,7 +146,7 @@ class API2(object):
             if not self._api_app and self._api_apikey == plexpy.CONFIG.API_KEY:
                 self._api_authenticated = True
 
-            elif self._api_app and self._api_apikey == mobile_app.get_temp_device_token() and \
+            elif self._api_app and mobile_app.get_temp_device_token(self._api_apikey) and \
                     self._api_cmd == 'register_device':
                 self._api_authenticated = True
 
@@ -469,7 +469,7 @@ class API2(object):
             self._api_msg = 'Device registration successful.'
             self._api_result_type = 'success'
 
-            mobile_app.set_temp_device_token(True)
+            mobile_app.set_temp_device_token(self._api_apikey, success=True)
 
             plex_server = plextv.get_server_resources(return_info=True)
             tautulli = plexpy.get_tautulli_info()
diff --git a/plexpy/mobile_app.py b/plexpy/mobile_app.py
index 209e9a00..e925db67 100644
--- a/plexpy/mobile_app.py
+++ b/plexpy/mobile_app.py
@@ -32,32 +32,34 @@ else:
     from plexpy import logger
 
 
-TEMP_DEVICE_TOKEN = None
-INVALIDATE_TIMER = None
-
 _ONESIGNAL_APP_ID = '3b4b666a-d557-4b92-acdf-e2c8c4b95357'
 
+TEMP_DEVICE_TOKENS = {}
 
-def set_temp_device_token(token=None):
-    global TEMP_DEVICE_TOKEN
-    TEMP_DEVICE_TOKEN = token
 
-    if TEMP_DEVICE_TOKEN:
-        logger._BLACKLIST_WORDS.add(TEMP_DEVICE_TOKEN)
-    else:
-        logger._BLACKLIST_WORDS.discard(TEMP_DEVICE_TOKEN)
+def set_temp_device_token(token=None, remove=False, add=False, success=False):
+    global TEMP_DEVICE_TOKENS
 
-    if TEMP_DEVICE_TOKEN is not None:
-        global INVALIDATE_TIMER
-        if INVALIDATE_TIMER:
-            INVALIDATE_TIMER.cancel()
+    if token in TEMP_DEVICE_TOKENS and success:
+        if isinstance(TEMP_DEVICE_TOKENS[token], threading.Timer):
+            TEMP_DEVICE_TOKENS[token].cancel()
+        TEMP_DEVICE_TOKENS[token] = True
+
+    elif token in TEMP_DEVICE_TOKENS and remove:
+        if isinstance(TEMP_DEVICE_TOKENS[token], threading.Timer):
+            TEMP_DEVICE_TOKENS[token].cancel()
+        del TEMP_DEVICE_TOKENS[token]
+        logger._BLACKLIST_WORDS.discard(token)
+
+    elif token not in TEMP_DEVICE_TOKENS and add:
         invalidate_time = 5 * 60  # 5 minutes
-        INVALIDATE_TIMER = threading.Timer(invalidate_time, set_temp_device_token, args=[None])
-        INVALIDATE_TIMER.start()
+        TEMP_DEVICE_TOKENS[token] = threading.Timer(invalidate_time, set_temp_device_token, args=[token, True])
+        TEMP_DEVICE_TOKENS[token].start()
+        logger._BLACKLIST_WORDS.add(token)
 
 
-def get_temp_device_token():
-    return TEMP_DEVICE_TOKEN
+def get_temp_device_token(token=None):
+    return TEMP_DEVICE_TOKENS.get(token)
 
 
 def get_mobile_devices(device_id=None, device_token=None):
diff --git a/plexpy/webserve.py b/plexpy/webserve.py
index f0fe2bdf..a5ffe41d 100644
--- a/plexpy/webserve.py
+++ b/plexpy/webserve.py
@@ -3804,12 +3804,12 @@ class WebInterface(object):
     @requireAuth(member_of("admin"))
     def verify_mobile_device(self, device_token='', cancel=False, **kwargs):
         if helpers.bool_true(cancel):
-            mobile_app.set_temp_device_token(None)
+            mobile_app.set_temp_device_token(device_token, remove=True)
             return {'result': 'error', 'message': 'Device registration cancelled.'}
 
-        result = mobile_app.get_temp_device_token()
+        result = mobile_app.get_temp_device_token(device_token)
         if result is True:
-            mobile_app.set_temp_device_token(None)
+            mobile_app.set_temp_device_token(device_token, remove=True)
             return {'result': 'success', 'message': 'Device registered successfully.', 'data': result}
         else:
             return {'result': 'error', 'message': 'Device not registered.'}
@@ -4254,7 +4254,7 @@ class WebInterface(object):
         logger._BLACKLIST_WORDS.add(apikey)
 
         if helpers.bool_true(device):
-            mobile_app.set_temp_device_token(apikey)
+            mobile_app.set_temp_device_token(apikey, add=True)
 
         return apikey