From 970667adca142c9cf5d2fd014ae0b4746fdd8ce2 Mon Sep 17 00:00:00 2001
From: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com>
Date: Sat, 20 Jun 2020 10:58:49 -0700
Subject: [PATCH] Only allow temporary device token access to register app

---
 plexpy/api2.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/plexpy/api2.py b/plexpy/api2.py
index 0d9e61c8..fc2b40a2 100644
--- a/plexpy/api2.py
+++ b/plexpy/api2.py
@@ -136,7 +136,11 @@ class API2(object):
             self._api_app = True
 
         if plexpy.CONFIG.API_ENABLED and not self._api_msg or self._api_cmd in ('get_apikey', 'docs', 'docs_md'):
-            if self._api_apikey == plexpy.CONFIG.API_KEY or (self._api_app and self._api_apikey == mobile_app.get_temp_device_token()):
+            if self._api_apikey == plexpy.CONFIG.API_KEY:
+                self._api_authenticated = True
+
+            elif self._api_app and self._api_apikey == mobile_app.get_temp_device_token() and \
+                    self._api_cmd == 'register_device':
                 self._api_authenticated = True
 
             elif self._api_app and mobile_app.get_mobile_device_by_token(self._api_apikey):