Commit c318f19c authored by VenoMpie Manson's avatar VenoMpie Manson
parents 21739fe1 dc36d01e
# Changelog
- * 2d44f65 - 2018-10-21: Release v9.3.99
- * 2620093 - 2018-10-27: Release v9.4.1
- * 3dbd257 - 2018-10-27: Release v9.3.100
- * 479d80e - 2018-10-27: Removed app_id and replaced with app_sub. App now links its self to SSO user via userid instead of appid. SSL cert and key now stored/retrieved from data folder.
- * 33ea2f1 - 2018-10-21: Release v9.3.99
- * a24520f - 2018-10-21: Added code to strip accents from show names and add as a possible show match
- * e3b3be9 - 2018-10-21: Release v9.3.98
- * d5ec001 - 2018-10-21: Fixed issues with matching shows with parsed results when containing accents
......
......@@ -38,14 +38,8 @@ class API(object):
def userinfo(self):
return self._request('GET', 'userinfo')
def allowed_usernames(self, appid):
return self._request('GET', 'allowed-usernames/{}'.format(appid))
def register_appid(self, appid, username=""):
return self._request('POST', 'register-appid', json={'appid': appid})
def unregister_appid(self, appid):
return self._request('POST', 'unregister-appid', json={'appid': appid})
def allowed_usernames(self):
return self._request('GET', 'allowed-usernames')
def _request(self, method, url, **kwargs):
try:
......
......@@ -53,7 +53,7 @@ class Config(object):
self.encryption_secret = ""
self.encryption_version = 2
self.app_id = ""
self.app_sub = ""
self.app_oauth_token = ""
self.debug = False
......@@ -91,8 +91,8 @@ class Config(object):
self.proxy_indexers = True
self.ssl_verify = True
self.enable_https = False
self.https_cert = os.path.abspath(os.path.join(sickrage.PROG_DIR, 'server.crt'))
self.https_key = os.path.abspath(os.path.join(sickrage.PROG_DIR, 'server.key'))
self.https_cert = ""
self.https_key = ""
self.api_key = ""
self.indexer_default_language = 'en'
self.ep_default_deleted_status = None
......@@ -100,7 +100,7 @@ class Config(object):
self.showupdate_stale = True
self.root_dirs = ""
self.cpu_preset = "NORMAL"
self.anon_redirect = 'http://nullrefer.com/?'
self.anon_redirect = ""
self.download_url = ""
self.trash_remove_show = False
self.trash_rotate_logs = False
......@@ -703,12 +703,13 @@ class Config(object):
'torrent_dir': ''
},
'General': {
'app_id': self.app_id or str(uuid.uuid4()),
'app_sub': self.app_sub,
'app_oauth_token': '',
'enable_api_providers_cache': True,
'log_size': 1048576,
'calendar_unprotected': False,
'https_key': os.path.abspath(os.path.join(sickrage.PROG_DIR, 'server.key')),
'https_key': os.path.abspath(os.path.join(sickrage.app.data_dir, 'server.key')),
'https_cert': os.path.abspath(os.path.join(sickrage.app.data_dir, 'server.crt')),
'allow_high_priority': True,
'anon_redirect': 'http://nullrefer.com/?',
'indexer_timeout': 120,
......@@ -744,7 +745,6 @@ class Config(object):
'trash_rotate_logs': False,
'airdate_episodes': False,
'notify_on_update': True,
'https_cert': os.path.abspath(os.path.join(sickrage.PROG_DIR, 'server.crt')),
'git_autoissues': False,
'backlog_days': 7,
'root_dirs': '',
......@@ -1398,7 +1398,7 @@ class Config(object):
# GENERAL SETTINGS
self.config_version = self.check_setting_int('General', 'config_version')
self.app_id = self.check_setting_str('General', 'app_id')
self.app_sub = self.check_setting_str('General', 'app_sub')
self.app_oauth_token = self.check_setting_str('General', 'app_oauth_token')
self.enable_api_providers_cache = self.check_setting_bool('General', 'enable_api_providers_cache')
self.debug = sickrage.app.debug or self.check_setting_bool('General', 'debug')
......@@ -1902,7 +1902,7 @@ class Config(object):
'encryption_version': int(self.encryption_version),
'encryption_secret': self.encryption_secret,
'last_db_compact': self.last_db_compact,
'app_id': self.app_id,
'app_sub': self.app_sub,
'app_oauth_token': self.app_oauth_token,
'enable_api_providers_cache': int(self.enable_api_providers_cache),
'git_autoissues': int(self.git_autoissues),
......
......@@ -42,7 +42,7 @@ class GoogleDrive(object):
def sync_remote(self):
main_folder = 'appDataFolder'
folder_id = GoogleDriveAPI().search_files(main_folder, sickrage.app.config.app_id)['data']
folder_id = GoogleDriveAPI().search_files(main_folder, sickrage.app.config.app_sub)['data']
local_dirs = set()
local_files = set()
......@@ -52,7 +52,7 @@ class GoogleDrive(object):
local_dirs.update(dirs)
local_files.update(files)
folder = root.replace(sickrage.app.data_dir, '{}/{}'.format(main_folder, sickrage.app.config.app_id))
folder = root.replace(sickrage.app.data_dir, '{}/{}'.format(main_folder, sickrage.app.config.app_sub))
folder = folder.replace('\\', '/')
for f in files:
self.set_progress('Syncing {} to Google Drive'.format(os.path.join(root, f)), 0)
......@@ -70,7 +70,7 @@ class GoogleDrive(object):
def sync_local(self):
main_folder = 'appDataFolder'
folder_id = GoogleDriveAPI().search_files(main_folder, sickrage.app.config.app_id)['data']
folder_id = GoogleDriveAPI().search_files(main_folder, sickrage.app.config.app_sub)['data']
for drive_root, drive_folders, drive_files in self.walk_drive(folder_id):
folder = drive_root.replace(folder_id, sickrage.app.data_dir)
......
......@@ -277,25 +277,34 @@ class LoginHandler(BaseHandler):
if code:
try:
token = sickrage.app.oidc_client.authorization_code(code, redirect_uri)
userinfo = sickrage.app.oidc_client.userinfo(token['access_token'])
self.set_secure_cookie('sr_access_token', token['access_token'])
self.set_secure_cookie('sr_refresh_token', token['refresh_token'])
if not API().token:
exchange = {'scope': 'offline_access', 'subject_token': token['access_token']}
API().token = sickrage.app.oidc_client.token_exchange(**exchange)
if not bool(API().register_appid(sickrage.app.config.app_id)['success']):
if not sickrage.app.config.app_sub and userinfo.get('sub'):
sickrage.app.config.app_sub = userinfo.get('sub')
sickrage.app.config.save()
else:
API().token = sickrage.app.oidc_client.logout(API().token['refresh_token'])
return self.redirect('/logout')
else:
api_token_decoded = sickrage.app.oidc_client.decode_token(API().refresh_token()['access_token'],
sickrage.app.oidc_client.certs())
userinfo = sickrage.app.oidc_client.userinfo(token['access_token'])
if userinfo.get('sub') == api_token_decoded['sub']:
API().register_appid(sickrage.app.config.app_id)
sickrage.app.config.app_sub = userinfo.get('sub')
sickrage.app.config.save()
else:
allowed_usernames = API().allowed_usernames(sickrage.app.config.app_id)['data']
allowed_usernames = API().allowed_usernames()['data']
if not userinfo['preferred_username'] in allowed_usernames:
sickrage.app.log.debug(
"USERNAME:{} IP:{} - ACCESS DENIED".format(userinfo['preferred_username'],
self.request.remote_ip)
)
return self.redirect('/logout')
except Exception as e:
return self.redirect('/logout')
......@@ -307,7 +316,6 @@ class LoginHandler(BaseHandler):
return super(BaseHandler, self).redirect(authorization_url)
class LogoutHandler(BaseHandler):
def __init__(self, *args, **kwargs):
super(LogoutHandler, self).__init__(*args, **kwargs)
......@@ -549,10 +557,12 @@ class WebRoot(WebHandler):
)
def unlink(self):
if sickrage.app.config.app_id not in self.get_current_user().get('appid', []):
if not sickrage.app.config.app_sub == self.get_current_user().get('sub'):
return self.redirect("/{}/".format(sickrage.app.config.default_page))
API().unregister_appid(sickrage.app.config.app_id)
sickrage.app.config.app_sub = ""
sickrage.app.config.save()
API().token = sickrage.app.oidc_client.logout(API().token['refresh_token'])
return self.redirect('/logout/')
......
......@@ -22,10 +22,10 @@
<div class="card-text">
<div class="form-row">
<div class="col-lg-3 col-md-3 col-sm-3">
<i class="sickrage-core sickrage-core-keys"></i> ${_('SR App ID:')}
<i class="sickrage-core sickrage-core-keys"></i> ${_('SR Sub ID:')}
</div>
<div class="col-lg-9 col-md-9 col-sm-9">
${sickrage.app.config.app_id}
${sickrage.app.config.app_sub}
</div>
</div>
<br/>
......
......@@ -322,7 +322,7 @@
class="confirm shutdown">
<i class="fas fa-power-off"></i>&nbsp;${_('Shutdown')}
</a>
% if sickrage.app.config.app_id in current_user.get('appid', []):
% if sickrage.app.config.app_sub == current_user.get('sub'):
<a class="dropdown-item" href="${srWebRoot}/unlink" class="confirm logout">
<i class="fas fa-unlink"></i>&nbsp;${_('Unlink Account')}
</a>
......
This diff is collapsed.
9.3.99
\ No newline at end of file
9.4.1
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment