Security fix: Companion shall not send Plex token
This commit is contained in:
parent
843bedbee6
commit
73c7f866e6
3 changed files with 11 additions and 7 deletions
|
@ -13,7 +13,7 @@ log = logging.getLogger("PLEX."+__name__)
|
||||||
###############################################################################
|
###############################################################################
|
||||||
|
|
||||||
|
|
||||||
def getXArgsDeviceInfo(options=None):
|
def getXArgsDeviceInfo(options=None, include_token=True):
|
||||||
"""
|
"""
|
||||||
Returns a dictionary that can be used as headers for GET and POST
|
Returns a dictionary that can be used as headers for GET and POST
|
||||||
requests. An authentication option is NOT yet added.
|
requests. An authentication option is NOT yet added.
|
||||||
|
@ -21,6 +21,8 @@ def getXArgsDeviceInfo(options=None):
|
||||||
Inputs:
|
Inputs:
|
||||||
options: dictionary of options that will override the
|
options: dictionary of options that will override the
|
||||||
standard header options otherwise set.
|
standard header options otherwise set.
|
||||||
|
include_token: set to False if you don't want to include the Plex token
|
||||||
|
(e.g. for Companion communication)
|
||||||
Output:
|
Output:
|
||||||
header dictionary
|
header dictionary
|
||||||
"""
|
"""
|
||||||
|
@ -41,7 +43,7 @@ def getXArgsDeviceInfo(options=None):
|
||||||
'X-Plex-Client-Identifier': getDeviceId(),
|
'X-Plex-Client-Identifier': getDeviceId(),
|
||||||
'X-Plex-Provides': 'client,controller,player,pubsub-player',
|
'X-Plex-Provides': 'client,controller,player,pubsub-player',
|
||||||
}
|
}
|
||||||
if window('pms_token'):
|
if include_token and window('pms_token'):
|
||||||
xargs['X-Plex-Token'] = window('pms_token')
|
xargs['X-Plex-Token'] = window('pms_token')
|
||||||
if options is not None:
|
if options is not None:
|
||||||
xargs.update(options)
|
xargs.update(options)
|
||||||
|
|
|
@ -126,9 +126,10 @@ class MyHandler(BaseHTTPRequestHandler):
|
||||||
settings['platform'],
|
settings['platform'],
|
||||||
settings['plexbmc_version']))
|
settings['plexbmc_version']))
|
||||||
log.debug("crafted resources response: %s" % resp)
|
log.debug("crafted resources response: %s" % resp)
|
||||||
self.response(resp, getXArgsDeviceInfo())
|
self.response(resp, getXArgsDeviceInfo(include_token=False))
|
||||||
elif "/subscribe" in request_path:
|
elif "/subscribe" in request_path:
|
||||||
self.response(v.COMPANION_OK_MESSAGE, getXArgsDeviceInfo())
|
self.response(v.COMPANION_OK_MESSAGE,
|
||||||
|
getXArgsDeviceInfo(include_token=False))
|
||||||
protocol = params.get('protocol', False)
|
protocol = params.get('protocol', False)
|
||||||
host = self.client_address[0]
|
host = self.client_address[0]
|
||||||
port = params.get('port', False)
|
port = params.get('port', False)
|
||||||
|
@ -155,14 +156,15 @@ class MyHandler(BaseHTTPRequestHandler):
|
||||||
'Content-Type': 'text/xml'
|
'Content-Type': 'text/xml'
|
||||||
})
|
})
|
||||||
elif "/unsubscribe" in request_path:
|
elif "/unsubscribe" in request_path:
|
||||||
self.response(v.COMPANION_OK_MESSAGE, getXArgsDeviceInfo())
|
self.response(v.COMPANION_OK_MESSAGE,
|
||||||
|
getXArgsDeviceInfo(include_token=False))
|
||||||
uuid = self.headers.get('X-Plex-Client-Identifier', False) \
|
uuid = self.headers.get('X-Plex-Client-Identifier', False) \
|
||||||
or self.client_address[0]
|
or self.client_address[0]
|
||||||
subMgr.removeSubscriber(uuid)
|
subMgr.removeSubscriber(uuid)
|
||||||
else:
|
else:
|
||||||
# Throw it to companion.py
|
# Throw it to companion.py
|
||||||
process_command(request_path, params, self.server.queue)
|
process_command(request_path, params, self.server.queue)
|
||||||
self.response('', getXArgsDeviceInfo())
|
self.response('', getXArgsDeviceInfo(include_token=False))
|
||||||
subMgr.notify()
|
subMgr.notify()
|
||||||
except:
|
except:
|
||||||
log.error('Error encountered. Traceback:')
|
log.error('Error encountered. Traceback:')
|
||||||
|
|
|
@ -176,7 +176,7 @@ class SubscriptionManager:
|
||||||
|
|
||||||
def _sendNotification(self, info, playerid):
|
def _sendNotification(self, info, playerid):
|
||||||
playqueue = self.playqueue.playqueues[playerid]
|
playqueue = self.playqueue.playqueues[playerid]
|
||||||
xargs = getXArgsDeviceInfo()
|
xargs = getXArgsDeviceInfo(include_token=False)
|
||||||
params = {
|
params = {
|
||||||
'containerKey': self.containerKey or "/library/metadata/900000",
|
'containerKey': self.containerKey or "/library/metadata/900000",
|
||||||
'key': self.lastkey or "/library/metadata/900000",
|
'key': self.lastkey or "/library/metadata/900000",
|
||||||
|
|
Loading…
Reference in a new issue