Require authentication for all endpoints except API

* And more minor UI changes
2025-07-12 16:22:57 -07:00 · 2016-04-23 01:02:37 -07:00 · 2016-04-23 01:02:37 -07:00 · e99bc73e46
commit e99bc73e46
parent d8ad9adabd
5 changed files with 147 additions and 22 deletions
--- a/plexpy/webauth.py
+++ b/plexpy/webauth.py
@ -62,7 +62,7 @@ def check_auth(*args, **kwargs):
        else:
            raise cherrypy.HTTPRedirect("auth/login")
    
-def require(*conditions):
+def requireAuth(*conditions):
    """A decorator that appends conditions to the auth.require config
    variable."""
    def decorate(f):
@ -133,8 +133,15 @@ class AuthController(object):

        return serve_template(templatename="login.html", title="Login", username=username, msg=msg)
    
+    @cherrypy.expose
+    def index(self):
+        raise cherrypy.HTTPRedirect("login")
+
    @cherrypy.expose
    def login(self, username=None, password=None, remember_me=0):
+        if not plexpy.CONFIG.HTTP_PASSWORD:
+            raise cherrypy.HTTPRedirect(plexpy.HTTP_ROOT)
+
        if username is None or password is None:
            return self.get_loginform()
        
@ -151,6 +158,9 @@ class AuthController(object):
    
    @cherrypy.expose
    def logout(self):
+        if not plexpy.CONFIG.HTTP_PASSWORD:
+            raise cherrypy.HTTPRedirect(plexpy.HTTP_ROOT)
+
        sess = cherrypy.session
        username = sess.get(SESSION_KEY, None)
        sess[SESSION_KEY] = None