Option to use HTTP basic authentication

2025-07-06 05:01:14 -07:00 · 2016-05-22 14:23:55 -07:00 · 2016-05-22 14:23:55 -07:00 · 16cbfed20b
commit 16cbfed20b
parent f6a3bc57e2
5 changed files with 48 additions and 10 deletions
--- a/PlexPy.py
+++ b/PlexPy.py
@ -214,6 +214,7 @@ def main():
        'https_key': plexpy.CONFIG.HTTPS_KEY,
        'http_username': plexpy.CONFIG.HTTP_USERNAME,
        'http_password': plexpy.CONFIG.HTTP_PASSWORD,
+        'http_basic_auth': plexpy.CONFIG.HTTP_BASIC_AUTH
    }
    webstart.initialize(web_config)

--- a/data/interfaces/default/settings.html
+++ b/data/interfaces/default/settings.html
@ -528,10 +528,17 @@
                            <label>
                                <input type="checkbox" name="http_hash_password" id="http_hash_password" value="1" ${config['http_hash_password']} data-parsley-trigger="change"> Hash Password in the Config File
                            </label>
+                            <span id="hashPasswordCheck" style="color: #eb8600; padding-left: 10px;"></span>
                            <p class="help-block">Store a hashed password in the config file.<br />Warning: Your password cannot be recovered if forgotten!</p>
                        </div>
                        <input type="text" id="http_hashed_password" name="http_hashed_password" value="${config['http_hashed_password']}" style="display: none;" data-parsley-trigger="change" data-parsley-type="integer" data-parsley-range="[0, 1]" 
                               data-parsley-errors-container="#http_hash_password_error" data-parsley-error-message="Cannot un-hash password, please set a new password." data-parsley-no-focus required>
+                        <div class="checkbox">
+                            <label>
+                                <input type="checkbox" class="auth-settings" name="http_basic_auth" id="http_basic_auth" value="1" ${config['http_basic_auth']} data-parsley-trigger="change"> Use Basic Authentication
+                            </label>
+                            <p class="help-block">Use basic HTTP authentication instead of the HTML login form.</p>
+                        </div>


                        <div class="padded-header">
@ -566,7 +573,7 @@
                                    </div>
                                </div>
                            </div>
-                            <p class="help-block">Current API key: <strong><br/>${config['api_key']}</strong></p>
+                            <p class="help-block">Current API key: <strong> ${config['api_key']}</strong></p>
                        </div>

                        <p><input type="button" class="btn btn-bright save-button" value="Save" data-success="Changes saved successfully"></p>
@ -2570,7 +2577,11 @@ $(document).ready(function() {
    });

    function allowGuestAccessCheck () {
-        if ($('#http_username').val() == '' || $('#http_password').val() == '') {
+        if ($("#http_basic_auth").is(":checked")) {
+            $("#allow_guest_access").attr("disabled", true);
+            $("#allow_guest_access").attr("checked", false);
+            $("#allowGuestCheck").html("Guest access cannot be enabled with basic authentication.");
+        } else if ($('#http_username').val() == '' || $('#http_password').val() == '') {
            $("#allow_guest_access").attr("disabled", true);
            $("#allow_guest_access").attr("checked", false);
            $("#allowGuestCheck").html("You must set an admin password above to allow guest access.");
@ -2581,18 +2592,30 @@ $(document).ready(function() {
    }
    allowGuestAccessCheck();

-    $('#http_username, #http_password').change(function () {
+    $('#http_username, #http_password, #http_basic_auth').change(function () {
        allowGuestAccessCheck();
    });

-
-    $("#http_hash_password").click(function(){
+    function hashPasswordCheck () {
+        if ($("#http_basic_auth").is(":checked")) {
+            $("#http_hash_password").attr("checked", false);
+            $("#http_hash_password").attr("disabled", true);
+            $("#hashPasswordCheck").html("Password cannot be hashed with basic authentication.");
+        } else {
+            $("#http_hash_password").attr("disabled", false);
+            $("#hashPasswordCheck").html("");
+        }
        if (!($("#http_hash_password").is(":checked")) && $("#http_hashed_password").val() == "1" && $("#http_password").val() == "    ") {
            $("#http_hashed_password").val(-1);
        } else if ($("#http_hash_password").is(":checked") && $("#http_hashed_password").val() == "-1" && $("#http_password").val() == "    ") {
            $("#http_hashed_password").val(1);
            $("#http_hash_password_error").html("");
        }
+    }
+    hashPasswordCheck();
+
+    $('#http_password, #http_hash_password, #http_basic_auth').change(function () {
+        hashPasswordCheck();
    });

    $('#http_password').change(function () {
--- a/plexpy/config.py
+++ b/plexpy/config.py
@ -185,6 +185,7 @@ _CONFIG_DEFINITIONS = {
    'HTTPS_KEY': (str, 'General', ''),
    'HTTPS_DOMAIN': (str, 'General', 'localhost'),
    'HTTPS_IP': (str, 'General', '127.0.0.1'),
+    'HTTP_BASIC_AUTH': (int, 'General', 0),
    'HTTP_ENVIRONMENT': (str, 'General', 'production'),
    'HTTP_HASH_PASSWORD': (int, 'General', 0),
    'HTTP_HASHED_PASSWORD': (int, 'General', 0),
--- a/plexpy/webserve.py
+++ b/plexpy/webserve.py
@ -2247,6 +2247,7 @@ class WebInterface(object):

        config = {
            "allow_guest_access": checked(plexpy.CONFIG.ALLOW_GUEST_ACCESS),
+            "http_basic_auth": checked(plexpy.CONFIG.HTTP_BASIC_AUTH),
            "http_hash_password": checked(plexpy.CONFIG.HTTP_HASH_PASSWORD),
            "http_hashed_password": plexpy.CONFIG.HTTP_HASHED_PASSWORD,
            "http_host": plexpy.CONFIG.HTTP_HOST,
@ -2367,7 +2368,7 @@ class WebInterface(object):
            "ip_logging_enable", "movie_logging_enable", "tv_logging_enable", "music_logging_enable",
            "notify_consecutive", "notify_upload_posters", "notify_recently_added", "notify_recently_added_grandparent",
            "monitor_pms_updates", "monitor_remote_access", "get_file_sizes", "log_blacklist", "http_hash_password",
-            "allow_guest_access", "cache_images", "http_proxy"
+            "allow_guest_access", "cache_images", "http_proxy", "http_basic_auth"
        ]
        for checked_config in checked_configs:
            if checked_config not in kwargs:
--- a/plexpy/webstart.py
+++ b/plexpy/webstart.py
@ -66,7 +66,12 @@ def initialize(options):

    if options['http_password']:
        logger.info(u"PlexPy WebStart :: Web server authentication is enabled, username is '%s'", options['http_username'])
+        if options['http_basic_auth']:
+            auth_enabled = session_enabled = False
+            basic_auth_enabled = True
+        else:
            options_dict['tools.sessions.on'] = auth_enabled = session_enabled = True
+            basic_auth_enabled = False
            cherrypy.tools.auth = cherrypy.Tool('before_handler', webauth.check_auth)
    else:
        auth_enabled = session_enabled = False
@ -88,7 +93,14 @@ def initialize(options):
                                      'application/javascript'],
            'tools.auth.on': auth_enabled,
            'tools.sessions.on': session_enabled,
-            'tools.sessions.timeout': 30 * 24 * 60  # 30 days
+            'tools.sessions.timeout': 30 * 24 * 60,  # 30 days
+            'tools.auth_basic.on': basic_auth_enabled,
+            'tools.auth_basic.realm': 'PlexPy web server',
+            'tools.auth_basic.checkpassword': cherrypy.lib.auth_basic.checkpassword_dict({
+                options['http_username']: options['http_password']})
+        },
+        '/api': {
+            'tools.auth_basic.on': False
        },
        '/interfaces': {
            'tools.staticdir.on': True,
@ -199,7 +211,7 @@ def initialize(options):
            'tools.expires.secs': 60 * 60 * 24 * 30,  # 30 days
            'tools.auth.on': False,
            'tools.sessions.on': False
-        },
+        }
    }

    # Prevent time-outs