g@VddlmZmZmZddlmZmZddlZddlmZddl Z ddl Z ddl m Z ddl m Z ddlmZddlmZmZdd lmZ dd lmZed ej4ed <d ZdZddZddZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'Gdde(Z)y#e$r dd lmZY[wxYw))datetime timedeltatimezone)quoteunquoteN) check_hash)logger)MonitorDatabase) timestamp)Users refresh_users)PlexTV)MorselSameSitesamesiteHS256tautulli_token_c<d}d}|r't||}|j}|r |}|d}ny|r|rt}|j|}|t |dk7ryt j jr |dr|dfS|dr|dryt j jsyt||}|j}|rit} tjd|d z| jd ||dg} | rt|d fStjd |d zytjd|d zy|rtjdyy#t $r)} tjd |d d| dYd} ~ yd} ~ wwxYw)Ntokenheadersuser_id)ris_adminadmin allow_guest deleted_userzDTautulli WebAuth :: Registering token for user '%s' in the database.usernamez3UPDATE users SET server_token = ? WHERE user_id = ?guestz=Tautulli WebAuth :: Unable to register user '%s' in database.z-Tautulli WebAuth :: Unable to register user 'z' in database: .zJTautulli WebAuth :: Unable to retrieve Plex.tv server token for user '%s'.zITautulli WebAuth :: Unable to retrieve Plex.tv user token for Plex OAuth.)rget_plex_account_detailsr get_detailsstrplexpyCONFIGHTTP_PLEX_ADMINALLOW_GUEST_ACCESSget_server_tokenr r debugactionr warn Exception) rr user_tokenrplex_tv plex_user user_data user_details server_token monitor_dbresultes /opt/Tautulli/plexpy/webauth.pyplex_user_loginr61sJG ug6446 J *GgG  ,,W,= c,y12 2 ]] * *|J/G( (m, ^0L}}//z7;//1 )*J  c+J789#**+`,8,y:Q+RT!O'00KK _".z":!;< KKd&z23 4  _`   +J7<= sAE)E)) F2FFc||rg|retjjrKd|d}|tjjk(r)t |tjjrd|dfStjj s|dk(s4tjj rt||}| d|d|dfSy ) zyVerifies credentials for username and password. Returns True and the user group on success or False and no user groupN)rrTr1rr)FNN)r#r$ HTTP_PASSWORD HTTP_USERNAMErr%r&r6)rpasswordr admin_loginrr0 plex_logins r5check_credentialsr?wsH == & &'+BL6==666:hPVP]P]PkPk;l\722 }}$$[C-?FMMDdDd$5'B  !A 1 5 5 ctttjjz}t j jj|}|r |jSyN) r"JWT_COOKIE_NAMEr#r$PMS_UUIDcherrypyrequestcookiegetvalue) jwt_cookie jwt_tokens r5 get_jwt_tokenrLsI_v}}'='==>J  ''++J7Ir@c*t}|r^ tj|tjj t dtg}tj|sy|Sy#tjtjf$rYywxYw)N )seconds)leeway algorithmsrK) rLjwtdecoder#r$ JWT_SECRETr JWT_ALGORITHM DecodeErrorExpiredSignatureErrorr get_user_login)rKpayloads r5check_jwt_tokenr[sI jj6==33Ib.decoratesLq,'6AL  -+-ALL ( ^$++J7r@)rgrrs` r5 requireAuthrts Or@cfdS)Nc|tjjxr tjjdk(S)N user_grouprErFrarwsr5zmember_of..s/8##))`h.>.>.D.D\.RV`.`r@rsrys`r5 member_ofr{s ``r@cfdS)Nc|tjjxr tjjdk(S)Nuserrx user_namesr5rzzname_is..s/8##))Yh.>.>.D.DV.LPY.Yr@rsrs`r5name_isrs YYr@cfd}|S)z+Returns True if any of the conditions matchc&D] }|s yy)NTFrscrgs r5checkzany_of..checks As r@rsrgrs` r5any_ofrs Lr@cfd}|S)z+Returns True if all of the conditions matchc&D] }|r yy)NFTrsrs r5rzall_of..checks A3 r@rsrs` r5all_ofrs Lr@ct}|jd||g} |dd} td|D}t||t j jz }|Dcgc]}|d|k\s |dr|}}t|t j jk\r2t|tt j jz z dSy#t$rd}YwxYw#t$rd}YwxYwcc}w)NzSELECT timestamp, success FROM user_login WHERE ip_address = ? AND timestamp >= ( SELECT CASE WHEN MAX(timestamp) IS NULL THEN 0 ELSE MAX(timestamp) END FROM user_login WHERE ip_address = ? AND success = 1) ORDER BY timestamp DESCrr c32K|]}|ds |dyw)successr Nrs).0ras r5 z#check_rate_limit..sV%U9EU5-Vs  r) r select IndexErrormax ValueErrorr#r$!HTTP_RATE_LIMIT_ATTEMPTS_INTERVALlenHTTP_RATE_LIMIT_ATTEMPTSr HTTP_RATE_LIMIT_LOCKOUT_TIME) ip_addressr2r3last_timestamp last_success max_timestampraattemptss r5check_rate_limitrs "J    9 !+J7 9F;/V6VV  nv}}7f7f&fgM#)j%U;-?=-PY^_hYijHj 8} >>>>Y[6==3]3]%]^`abb?   ks4CC*& C;4C;:C; C'&C'* C87C8c$eZdZdZ d dZd dZd dZejdZ ejd dZ ejd dZ ejejjdd Zejd d Zy)AuthControllerctjjstjjryt j tj rB)r#r$HTTP_BASIC_AUTHr:rErbrc)selfs r5check_auth_enabledz!AuthController.check_auth_enabled s5}},,1L1L ##F$4$455r@Nc tjjj}tjj} tjj j d} tj||||| | ||| |r4|rdnd} tjd|jd|d| dy y ) zCalled on successful loginz User-Agent) rr~rwrhost user_agentrexpiryrK Plex OAuthformTautulli WebAuth ::  user 'z' logged into Tautulli using z login.N) rErFremoteipbaserrHr set_user_loginr r( capitalize) rrrrwroauthrrKrrr use_oauths r5on_loginzAuthController.on_logins %%,,// $$%%--11,?  w$,*4*4$(*4'.&,)2  4 (- 6I LL&113XyJ K r@ct}|rtj|tjd|j d|dy)zCalled on logoutrRrrz' logged out of Tautulli.N)rLr clear_user_login_tokenr r(r)rrrwrKs r5 on_logoutzAuthController.on_logout*s;!O  G * *Y * ? S]ShShSjltuvr@c6ddlm}|ddt|S)Nr)serve_templatez login.htmlLogin) template_nametitleri)plexpy.webserverr)rrirs r5 get_loginformzAuthController.get_loginform2s2LV]^jVkllr@cNtjtjdz)N auth/login)rErbr#rc)rrerfs r5indexzAuthController.index6s##F$4$4|$CDDr@cF|j|j|S)N)ri)rr)rrirerfs r5razAuthController.login:s" !!!|!<jAdxsdtjj8|d<dtjj8|d<dtjj8|d<|tj_!dtj_d|t&j(j6d S|d k(rC|rA|j/|!tjd"|zd#tj_| S|rA|j/|!tjd$|zd#tj_| S|r?|j/d%d&tjd'd#tj_| Sy)(NPOSTierrorzSign in using POST.)statusmessagez@Tautulli WebAuth :: Too many incorrect login attempts from '%s'.zToo many login attempts.iz Retry-AfterzInvalid credentials.)rr<rr=rr8)days<)minutes)tzrr)rr~rwexp) algorithmT)rrrwrrrrKrrrhttponlylaxrr)rruuid)rz:Tautulli WebAuth :: Invalid admin login attempt from '%s'.iz9Tautulli WebAuth :: Invalid user login attempt from '%s'.r)rrz5Tautulli WebAuth :: Invalid Plex OAuth login attempt.)"rErFmethodrrrrrr r(rr?rrnowrutcrSencoder#r$rUrVrboolr"rCrDrGint total_secondsrcrra)rrr<r remember_mer=rerfr rate_limit error_message valid_loginr0rw time_deltarrZrKrJs r5signinzAuthController.signinYs    " "f ,'*H   $%2GH H%%,,// %j1  LL[^hh i'.;UVM'*H   $7AH   % %m 4 #*7MN 0A8KSHMNYJP 1R- \: /:c/A+yY[G\J\\X\\2Z?F( 2$Z0( G 7FMM,D,DP]^I MM< #;".y"9%/"& $U !'$-  /_v}}/E/EEFJ3A*BZBZB\>]H   $ $Z 0 ;;A;K;K;R;RSV;W;^[^H   $ $Z 0 8?CH   $ $Z 0 rs.32'( +$- #%( OZ! #CL$"Y0 (aZ c:^PV^PEsB B('B(