Security fix: Companion shall not send Plex token
This commit is contained in:
parent
843bedbee6
commit
73c7f866e6
3 changed files with 11 additions and 7 deletions
|
@ -13,7 +13,7 @@ log = logging.getLogger("PLEX."+__name__)
|
|||
###############################################################################
|
||||
|
||||
|
||||
def getXArgsDeviceInfo(options=None):
|
||||
def getXArgsDeviceInfo(options=None, include_token=True):
|
||||
"""
|
||||
Returns a dictionary that can be used as headers for GET and POST
|
||||
requests. An authentication option is NOT yet added.
|
||||
|
@ -21,6 +21,8 @@ def getXArgsDeviceInfo(options=None):
|
|||
Inputs:
|
||||
options: dictionary of options that will override the
|
||||
standard header options otherwise set.
|
||||
include_token: set to False if you don't want to include the Plex token
|
||||
(e.g. for Companion communication)
|
||||
Output:
|
||||
header dictionary
|
||||
"""
|
||||
|
@ -41,7 +43,7 @@ def getXArgsDeviceInfo(options=None):
|
|||
'X-Plex-Client-Identifier': getDeviceId(),
|
||||
'X-Plex-Provides': 'client,controller,player,pubsub-player',
|
||||
}
|
||||
if window('pms_token'):
|
||||
if include_token and window('pms_token'):
|
||||
xargs['X-Plex-Token'] = window('pms_token')
|
||||
if options is not None:
|
||||
xargs.update(options)
|
||||
|
|
|
@ -126,9 +126,10 @@ class MyHandler(BaseHTTPRequestHandler):
|
|||
settings['platform'],
|
||||
settings['plexbmc_version']))
|
||||
log.debug("crafted resources response: %s" % resp)
|
||||
self.response(resp, getXArgsDeviceInfo())
|
||||
self.response(resp, getXArgsDeviceInfo(include_token=False))
|
||||
elif "/subscribe" in request_path:
|
||||
self.response(v.COMPANION_OK_MESSAGE, getXArgsDeviceInfo())
|
||||
self.response(v.COMPANION_OK_MESSAGE,
|
||||
getXArgsDeviceInfo(include_token=False))
|
||||
protocol = params.get('protocol', False)
|
||||
host = self.client_address[0]
|
||||
port = params.get('port', False)
|
||||
|
@ -155,14 +156,15 @@ class MyHandler(BaseHTTPRequestHandler):
|
|||
'Content-Type': 'text/xml'
|
||||
})
|
||||
elif "/unsubscribe" in request_path:
|
||||
self.response(v.COMPANION_OK_MESSAGE, getXArgsDeviceInfo())
|
||||
self.response(v.COMPANION_OK_MESSAGE,
|
||||
getXArgsDeviceInfo(include_token=False))
|
||||
uuid = self.headers.get('X-Plex-Client-Identifier', False) \
|
||||
or self.client_address[0]
|
||||
subMgr.removeSubscriber(uuid)
|
||||
else:
|
||||
# Throw it to companion.py
|
||||
process_command(request_path, params, self.server.queue)
|
||||
self.response('', getXArgsDeviceInfo())
|
||||
self.response('', getXArgsDeviceInfo(include_token=False))
|
||||
subMgr.notify()
|
||||
except:
|
||||
log.error('Error encountered. Traceback:')
|
||||
|
|
|
@ -176,7 +176,7 @@ class SubscriptionManager:
|
|||
|
||||
def _sendNotification(self, info, playerid):
|
||||
playqueue = self.playqueue.playqueues[playerid]
|
||||
xargs = getXArgsDeviceInfo()
|
||||
xargs = getXArgsDeviceInfo(include_token=False)
|
||||
params = {
|
||||
'containerKey': self.containerKey or "/library/metadata/900000",
|
||||
'key': self.lastkey or "/library/metadata/900000",
|
||||
|
|
Loading…
Reference in a new issue