Invalidate temporary mobile app token after 5 minutes

2025-07-11 07:46:07 -07:00 · 2020-04-12 21:20:14 -07:00 · 2020-04-12 21:20:14 -07:00 · 400a189455
commit 400a189455
parent b7d03a4f31
3 changed files with 24 additions and 5 deletions
--- a/plexpy/api2.py
+++ b/plexpy/api2.py
@ -120,7 +120,7 @@ class API2:
            self._api_app = True

        if plexpy.CONFIG.API_ENABLED and not self._api_msg or self._api_cmd in ('get_apikey', 'docs', 'docs_md'):
-            if self._api_apikey == plexpy.CONFIG.API_KEY or (self._api_app and self._api_apikey == mobile_app.TEMP_DEVICE_TOKEN):
+            if self._api_apikey == plexpy.CONFIG.API_KEY or (self._api_app and self._api_apikey == mobile_app.get_temp_device_token()):
                self._api_authenticated = True

            elif self._api_app and mobile_app.get_mobile_device_by_token(self._api_apikey):
@ -404,7 +404,7 @@ class API2:
        if result:
            self._api_msg = 'Device registration successful.'
            self._api_result_type = 'success'
-            mobile_app.TEMP_DEVICE_TOKEN = None
+            mobile_app.set_temp_device_token(None)
        else:
            self._api_msg = 'Device registartion failed: database error.'
            self._api_result_type = 'error'
--- a/plexpy/mobile_app.py
+++ b/plexpy/mobile_app.py
@ -14,6 +14,7 @@
 #  along with Tautulli.  If not, see <http://www.gnu.org/licenses/>.

 import time
+import threading

 import plexpy
 import database
@ -22,6 +23,24 @@ import logger


 TEMP_DEVICE_TOKEN = None
+INVALIDATE_TIMER = None
+
+
+def set_temp_device_token(token=None):
+    global TEMP_DEVICE_TOKEN
+    TEMP_DEVICE_TOKEN = token
+
+    if TEMP_DEVICE_TOKEN is not None:
+        global INVALIDATE_TIMER
+        if INVALIDATE_TIMER:
+            INVALIDATE_TIMER.cancel()
+        invalidate_time = 5 * 60  # 5 minutes
+        INVALIDATE_TIMER = threading.Timer(invalidate_time, set_temp_device_token, args=[None])
+        INVALIDATE_TIMER.start()
+
+
+def get_temp_device_token():
+    return TEMP_DEVICE_TOKEN


 def get_mobile_devices(device_id=None, device_token=None):
--- a/plexpy/webserve.py
+++ b/plexpy/webserve.py
@ -3587,12 +3587,12 @@ class WebInterface(object):
    @requireAuth(member_of("admin"))
    def verify_mobile_device(self, device_token='', cancel=False, **kwargs):
        if helpers.bool_true(cancel):
-            mobile_app.TEMP_DEVICE_TOKEN = None
+            mobile_app.set_temp_device_token(None)
            return {'result': 'error', 'message': 'Device registration cancelled.'}

        result = mobile_app.get_mobile_device_by_token(device_token)
        if result:
-            mobile_app.TEMP_DEVICE_TOKEN = None
+            mobile_app.set_temp_device_token(None)
            return {'result': 'success', 'message': 'Device registered successfully.', 'data': result}
        else:
            return {'result': 'error', 'message': 'Device not registered.'}
@ -3879,7 +3879,7 @@ class WebInterface(object):
        logger._BLACKLIST_WORDS.add(apikey)

        if helpers.bool_true(device):
-            mobile_app.TEMP_DEVICE_TOKEN = apikey
+            mobile_app.set_temp_device_token(apikey)

        return apikey