Invalidate temporary mobile app token after 5 minutes

This commit is contained in:
JonnyWong16 2020-04-12 21:20:14 -07:00
parent b7d03a4f31
commit 400a189455
No known key found for this signature in database
GPG key ID: B1F1F9807184697A
3 changed files with 24 additions and 5 deletions

View file

@ -120,7 +120,7 @@ class API2:
self._api_app = True
if plexpy.CONFIG.API_ENABLED and not self._api_msg or self._api_cmd in ('get_apikey', 'docs', 'docs_md'):
if self._api_apikey == plexpy.CONFIG.API_KEY or (self._api_app and self._api_apikey == mobile_app.TEMP_DEVICE_TOKEN):
if self._api_apikey == plexpy.CONFIG.API_KEY or (self._api_app and self._api_apikey == mobile_app.get_temp_device_token()):
self._api_authenticated = True
elif self._api_app and mobile_app.get_mobile_device_by_token(self._api_apikey):
@ -404,7 +404,7 @@ class API2:
if result:
self._api_msg = 'Device registration successful.'
self._api_result_type = 'success'
mobile_app.TEMP_DEVICE_TOKEN = None
mobile_app.set_temp_device_token(None)
else:
self._api_msg = 'Device registartion failed: database error.'
self._api_result_type = 'error'

View file

@ -14,6 +14,7 @@
# along with Tautulli. If not, see <http://www.gnu.org/licenses/>.
import time
import threading
import plexpy
import database
@ -22,6 +23,24 @@ import logger
TEMP_DEVICE_TOKEN = None
INVALIDATE_TIMER = None
def set_temp_device_token(token=None):
global TEMP_DEVICE_TOKEN
TEMP_DEVICE_TOKEN = token
if TEMP_DEVICE_TOKEN is not None:
global INVALIDATE_TIMER
if INVALIDATE_TIMER:
INVALIDATE_TIMER.cancel()
invalidate_time = 5 * 60 # 5 minutes
INVALIDATE_TIMER = threading.Timer(invalidate_time, set_temp_device_token, args=[None])
INVALIDATE_TIMER.start()
def get_temp_device_token():
return TEMP_DEVICE_TOKEN
def get_mobile_devices(device_id=None, device_token=None):

View file

@ -3587,12 +3587,12 @@ class WebInterface(object):
@requireAuth(member_of("admin"))
def verify_mobile_device(self, device_token='', cancel=False, **kwargs):
if helpers.bool_true(cancel):
mobile_app.TEMP_DEVICE_TOKEN = None
mobile_app.set_temp_device_token(None)
return {'result': 'error', 'message': 'Device registration cancelled.'}
result = mobile_app.get_mobile_device_by_token(device_token)
if result:
mobile_app.TEMP_DEVICE_TOKEN = None
mobile_app.set_temp_device_token(None)
return {'result': 'success', 'message': 'Device registered successfully.', 'data': result}
else:
return {'result': 'error', 'message': 'Device not registered.'}
@ -3879,7 +3879,7 @@ class WebInterface(object):
logger._BLACKLIST_WORDS.add(apikey)
if helpers.bool_true(device):
mobile_app.TEMP_DEVICE_TOKEN = apikey
mobile_app.set_temp_device_token(apikey)
return apikey