github/plexpy
1
0
Fork 0
mirror of https://github.com/Tautulli/Tautulli.git synced 2025-08-19 21:03:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Always hash http password

Browse source
This commit is contained in:
JonnyWong16 2021-06-15 21:09:37 -07:00
commit b0a395ad0b
No known key found for this signature in database
GPG key ID: B1F1F9807184697A
6 changed files with 21 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

8
plexpy/api2.py
View file

@ -647,13 +647,7 @@ General optional parameters:
data = None
apikey = hashlib.sha224(str(random.getrandbits(256)).encode('utf-8')).hexdigest()[0:32]
if plexpy.CONFIG.HTTP_USERNAME and plexpy.CONFIG.HTTP_PASSWORD:
authenticated = False
if plexpy.CONFIG.HTTP_HASHED_PASSWORD and \
username == plexpy.CONFIG.HTTP_USERNAME and check_hash(password, plexpy.CONFIG.HTTP_PASSWORD):
authenticated = True
elif not plexpy.CONFIG.HTTP_HASHED_PASSWORD and \
username == plexpy.CONFIG.HTTP_USERNAME and password == plexpy.CONFIG.HTTP_PASSWORD:
authenticated = True
authenticated = username == plexpy.CONFIG.HTTP_USERNAME and check_hash(password, plexpy.CONFIG.HTTP_PASSWORD)
if authenticated:
if plexpy.CONFIG.API_KEY:

15
plexpy/config.py
View file

@ -24,6 +24,7 @@ import time
import threading
from configobj import ConfigObj, ParseError
from hashing_passwords import make_hash
import plexpy
if plexpy.PYTHON2:
@ -124,8 +125,8 @@ _CONFIG_DEFINITIONS = {
'HTTPS_IP': (str, 'General', '127.0.0.1'),
'HTTP_BASIC_AUTH': (int, 'General', 0),
'HTTP_ENVIRONMENT': (str, 'General', 'production'),
'HTTP_HASH_PASSWORD': (int, 'General', 0),
'HTTP_HASHED_PASSWORD': (int, 'General', 0),
'HTTP_HASH_PASSWORD': (int, 'General', 1),
'HTTP_HASHED_PASSWORD': (int, 'General', 1),
'HTTP_HOST': (str, 'General', '0.0.0.0'),
'HTTP_PASSWORD': (str, 'General', ''),
'HTTP_PORT': (int, 'General', 8181),
@ -569,3 +570,13 @@ class Config(object):
int(self.CHECK_GITHUB_INTERVAL // 60)
+ (self.CHECK_GITHUB_INTERVAL % 60 > 0)
)
self.CONFIG_VERSION = 19
if self.CONFIG_VERSION == 19:
if not self.HTTP_HASHED_PASSWORD:
self.HTTP_PASSWORD = make_hash(self.HTTP_PASSWORD)
self.HTTP_HASH_PASSWORD = 1
self.HTTP_HASHED_PASSWORD = 1
self.CONFIG_VERSION = 20

7
plexpy/webauth.py
View file

@ -132,12 +132,7 @@ def check_credentials(username=None, password=None, token=None, admin_login='0',
if username and password:
if plexpy.CONFIG.HTTP_PASSWORD:
user_details = {'user_id': None, 'username': username}
if plexpy.CONFIG.HTTP_HASHED_PASSWORD and \
username == plexpy.CONFIG.HTTP_USERNAME and check_hash(password, plexpy.CONFIG.HTTP_PASSWORD):
return True, user_details, 'admin'
elif not plexpy.CONFIG.HTTP_HASHED_PASSWORD and \
username == plexpy.CONFIG.HTTP_USERNAME and password == plexpy.CONFIG.HTTP_PASSWORD:
if username == plexpy.CONFIG.HTTP_USERNAME and check_hash(password, plexpy.CONFIG.HTTP_PASSWORD):
return True, user_details, 'admin'
if plexpy.CONFIG.HTTP_PLEX_ADMIN or (not admin_login == '1' and plexpy.CONFIG.ALLOW_GUEST_ACCESS):

31
plexpy/webserve.py
View file

@ -3133,8 +3133,6 @@ class WebInterface(object):
"allow_guest_access": checked(plexpy.CONFIG.ALLOW_GUEST_ACCESS),
"history_table_activity": checked(plexpy.CONFIG.HISTORY_TABLE_ACTIVITY),
"http_basic_auth": checked(plexpy.CONFIG.HTTP_BASIC_AUTH),
"http_hash_password": checked(plexpy.CONFIG.HTTP_HASH_PASSWORD),
"http_hashed_password": plexpy.CONFIG.HTTP_HASHED_PASSWORD,
"http_host": plexpy.CONFIG.HTTP_HOST,
"http_username": plexpy.CONFIG.HTTP_USERNAME,
"http_port": plexpy.CONFIG.HTTP_PORT,
@ -3271,7 +3269,7 @@ class WebInterface(object):
"notify_group_recently_added_grandparent", "notify_group_recently_added_parent",
"notify_new_device_initial_only",
"notify_server_update_repeat", "notify_plexpy_update_repeat",
"monitor_pms_updates", "get_file_sizes", "log_blacklist", "http_hash_password",
"monitor_pms_updates", "get_file_sizes", "log_blacklist",
"allow_guest_access", "cache_images", "http_proxy", "http_basic_auth", "notify_concurrent_by_ip",
"history_table_activity", "plexpy_auto_update",
"themoviedb_lookup", "tvmaze_lookup", "musicbrainz_lookup", "http_plex_admin",
@ -3285,29 +3283,12 @@ class WebInterface(object):
kwargs[checked_config] = 1
# If http password exists in config, do not overwrite when blank value received
if kwargs.get('http_password'):
if kwargs['http_password'] == ' ' and plexpy.CONFIG.HTTP_PASSWORD != '':
if kwargs.get('http_hash_password') and not plexpy.CONFIG.HTTP_HASHED_PASSWORD:
kwargs['http_password'] = make_hash(plexpy.CONFIG.HTTP_PASSWORD)
kwargs['http_hashed_password'] = 1
else:
kwargs['http_password'] = plexpy.CONFIG.HTTP_PASSWORD
elif kwargs['http_password'] and kwargs.get('http_hash_password'):
kwargs['http_password'] = make_hash(kwargs['http_password'])
kwargs['http_hashed_password'] = 1
# Flag to refresh JWT uuid to log out clients
kwargs['jwt_update_secret'] = True and not first_run
elif not kwargs.get('http_hash_password'):
kwargs['http_hashed_password'] = 0
# Flag to refresh JWT uuid to log out clients
kwargs['jwt_update_secret'] = True and not first_run
if kwargs.get('http_password') != ' ':
kwargs['http_password'] = make_hash(kwargs['http_password'])
# Flag to refresh JWT uuid to log out clients
kwargs['jwt_update_secret'] = True and not first_run
else:
kwargs['http_hashed_password'] = 0
kwargs['http_password'] = plexpy.CONFIG.HTTP_PASSWORD
for plain_config, use_config in [(x[4:], x) for x in kwargs if x.startswith('use_')]:
# the use prefix is fairly nice in the html, but does not match the actual config