Skip to content

Commit f9a8a95

Browse files
morpheus65535morpheus65535
committed
Added authentication to Plex OAuth API endpoints to enforce authentication across all relevant routes.
1 parent 1ab0fc6 commit f9a8a95

File tree

1 file changed

+18
-1
lines changed

1 file changed

+18
-1
lines changed

bazarr/api/plex/oauth.py

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
import uuid
66
import requests
77
import xml.etree.ElementTree as ET
8-
import logging
98
from datetime import datetime
109
from concurrent.futures import ThreadPoolExecutor, as_completed
1110
from urllib.parse import quote_plus
@@ -21,6 +20,7 @@
2120
from app.config import settings, write_config
2221
from app.logger import logger
2322
from utilities.plex_utils import _get_library_locations
23+
from ..utils import authenticate
2424

2525
def _update_plexapi_headers():
2626
"""Update plexapi headers to show Bazarr identity in Plex.
@@ -241,6 +241,7 @@ class PlexPin(Resource):
241241
post_request_parser = reqparse.RequestParser()
242242
post_request_parser.add_argument('clientId', type=str, required=False, help='Client ID')
243243

244+
@authenticate
244245
@api_ns_plex.doc(parser=post_request_parser)
245246
def post(self):
246247
try:
@@ -304,12 +305,14 @@ def post(self):
304305
'code': 'PLEX_CONNECTION_ERROR'
305306
}, 503
306307

308+
@authenticate
307309
def get(self):
308310
abort(405, "Method not allowed. Use POST.")
309311

310312

311313
@api_ns_plex.route('plex/oauth/pin/<string:pin_id>/check')
312314
class PlexPinCheck(Resource):
315+
@authenticate
313316
def get(self, pin_id):
314317
try:
315318
state_param = request.args.get('state')
@@ -406,6 +409,7 @@ def get(self, pin_id):
406409

407410
@api_ns_plex.route('plex/oauth/validate')
408411
class PlexValidate(Resource):
412+
@authenticate
409413
def get(self):
410414
try:
411415
auth_method = settings.plex.get('auth_method', 'apikey')
@@ -441,6 +445,7 @@ def get(self):
441445

442446
@api_ns_plex.route('plex/oauth/servers')
443447
class PlexServers(Resource):
448+
@authenticate
444449
def get(self):
445450
try:
446451
decrypted_token = get_decrypted_token()
@@ -582,6 +587,7 @@ def test_connection_wrapper(conn_data):
582587

583588
@api_ns_plex.route('plex/oauth/libraries')
584589
class PlexLibraries(Resource):
590+
@authenticate
585591
def get(self):
586592
try:
587593
decrypted_token = get_decrypted_token()
@@ -737,6 +743,7 @@ def get(self):
737743
class PlexLogout(Resource):
738744
post_request_parser = reqparse.RequestParser()
739745

746+
@authenticate
740747
@api_ns_plex.doc(parser=post_request_parser)
741748
def post(self):
742749
try:
@@ -769,6 +776,7 @@ def post(self):
769776
class PlexEncryptApiKey(Resource):
770777
post_request_parser = reqparse.RequestParser()
771778

779+
@authenticate
772780
@api_ns_plex.doc(parser=post_request_parser)
773781
def post(self):
774782
try:
@@ -787,6 +795,7 @@ class PlexApiKey(Resource):
787795
post_request_parser = reqparse.RequestParser()
788796
post_request_parser.add_argument('apikey', type=str, required=True, help='API key')
789797

798+
@authenticate
790799
@api_ns_plex.doc(parser=post_request_parser)
791800
def post(self):
792801
try:
@@ -817,6 +826,7 @@ class PlexTestConnection(Resource):
817826
post_request_parser = reqparse.RequestParser()
818827
post_request_parser.add_argument('uri', type=str, required=True, help='Server URI')
819828

829+
@authenticate
820830
@api_ns_plex.doc(parser=post_request_parser)
821831
def post(self):
822832
args = self.post_request_parser.parse_args()
@@ -853,12 +863,14 @@ def post(self):
853863
except Exception as e:
854864
return {'success': False, 'error': str(e)}
855865

866+
@authenticate
856867
def get(self):
857868
abort(405, "Method not allowed. Use POST.")
858869

859870

860871
@api_ns_plex.route('plex/select-server')
861872
class PlexSelectServer(Resource):
873+
@authenticate
862874
def get(self):
863875
try:
864876
server_info = {
@@ -883,6 +895,7 @@ def get(self):
883895
post_request_parser.add_argument('local', type=str, required=False, default='false', help='Is local connection')
884896
post_request_parser.add_argument('connections', type=list, location='json', required=False, help='All available connection URIs')
885897

898+
@authenticate
886899
@api_ns_plex.doc(parser=post_request_parser)
887900
def post(self):
888901
args = self.post_request_parser.parse_args()
@@ -917,6 +930,7 @@ def post(self):
917930
class PlexWebhookCreate(Resource):
918931
post_request_parser = reqparse.RequestParser()
919932

933+
@authenticate
920934
@api_ns_plex.doc(parser=post_request_parser)
921935
def post(self):
922936
try:
@@ -1035,6 +1049,7 @@ def post(self):
10351049

10361050
@api_ns_plex.route('plex/webhook/list')
10371051
class PlexWebhookList(Resource):
1052+
@authenticate
10381053
def get(self):
10391054
try:
10401055
decrypted_token = get_decrypted_token()
@@ -1090,6 +1105,7 @@ class PlexWebhookDelete(Resource):
10901105
post_request_parser = reqparse.RequestParser()
10911106
post_request_parser.add_argument('webhook_url', type=str, required=True, help='Webhook URL to delete')
10921107

1108+
@authenticate
10931109
@api_ns_plex.doc(parser=post_request_parser)
10941110
def post(self):
10951111
try:
@@ -1133,6 +1149,7 @@ def post(self):
11331149
class PlexAutopulseConfig(Resource):
11341150
get_request_parser = reqparse.RequestParser()
11351151

1152+
@authenticate
11361153
@api_ns_plex.doc(parser=get_request_parser)
11371154
def get(self):
11381155
try:

0 commit comments

Comments
 (0)