From 48f846da4086fd0da081e839cf08e4087f1fc40e Mon Sep 17 00:00:00 2001
From: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>
Date: Wed, 24 Jun 2020 14:04:07 -0700
Subject: [PATCH] Expire the previous JWT on update if HTTP root is set
* Required for Tautulli/Tautulli-Issues#255
---
data/interfaces/default/login.html | 2 +-
plexpy/config.py | 8 +++++++-
plexpy/webauth.py | 6 +++++-
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/data/interfaces/default/login.html b/data/interfaces/default/login.html
index 99e906da..897195f5 100644
--- a/data/interfaces/default/login.html
+++ b/data/interfaces/default/login.html
@@ -24,7 +24,7 @@
-
diff --git a/plexpy/config.py b/plexpy/config.py
index 0ae289da..6bba8648 100644
--- a/plexpy/config.py
+++ b/plexpy/config.py
@@ -943,4 +943,10 @@ class Config(object):
if plexpy.DOCKER:
self.PLEXPY_AUTO_UPDATE = 0
- self.CONFIG_VERSION == 15
+ self.CONFIG_VERSION = 15
+
+ if self.CONFIG_VERSION == 15:
+ if self.HTTP_ROOT and self.HTTP_ROOT != '/':
+ self.JWT_UPDATE_SECRET = True
+
+ self.CONFIG_VERSION = 16
diff --git a/plexpy/webauth.py b/plexpy/webauth.py
index 5bffda96..e93aefb1 100644
--- a/plexpy/webauth.py
+++ b/plexpy/webauth.py
@@ -296,10 +296,14 @@ class AuthController(object):
self.on_logout(payload['user'], payload['user_group'])
jwt_cookie = str(JWT_COOKIE_NAME + plexpy.CONFIG.PMS_UUID)
- cherrypy.response.cookie[jwt_cookie] = 'expire'
+ cherrypy.response.cookie[jwt_cookie] = ''
cherrypy.response.cookie[jwt_cookie]['expires'] = 0
cherrypy.response.cookie[jwt_cookie]['path'] = plexpy.HTTP_ROOT.rstrip('/') or '/'
+ if plexpy.HTTP_ROOT != '/':
+ # Aslo expire the JWT on the root path
+ cherrypy.response.headers['Set-Cookie'] = jwt_cookie + '=""; expires=Thu, 01 Jan 1970 12:00:00 GMT; path=/'
+
cherrypy.request.login = None
if redirect_uri: