search

hjone72 / PlexAuth

Plex based authentication using PHP
GNU General Public License v3.0
101 stars 5 forks source link

PlexPy SSO Fork - Error 500 #10

Closed AngryNoodlez closed 7 years ago

AngryNoodlez commented 7 years ago

Hello All,

This is just a quick writeup on how Hjone72 and myself resolved issues with a status 500 code which was being returned during logon of the PlexPy fork. The only messages I could see in the logs at the same time were;

2017-03-21 09:01:45 - DEBUG :: CP Server Thread-4 : PlexPy PlexAuth :: PlexAuth login attempt detected.
2017-03-21 09:01:45 - DEBUG :: CP Server Thread-4 : PlexPy PlexAuth :: Trying to auth user using PlexAuth.
2017-03-21 09:01:45 - DEBUG :: CP Server Thread-4 : PlexPy PlexAuth :: Session id detected as: '<SessionID>'
2017-03-21 09:01:46 - DEBUG :: CP Server Thread-5 : PlexPy PlexAuth :: PlexAuth login attempt detected.
2017-03-21 09:01:46 - DEBUG :: CP Server Thread-5 : PlexPy PlexAuth :: Trying to auth user using PlexAuth.
2017-03-21 09:01:47 - DEBUG :: CP Server Thread-5 : PlexPy PlexAuth :: Session id detected as: '<SessionID>'

1) I double checked the following two lines to make sure the PHP Session ID cookie was set correctly; https://github.com/hjone72/plexpy/blob/PlexAuth/plexpy/webauth.py#L45 https://github.com/hjone72/plexpy/blob/PlexAuth/plexpy/webauth.py#L250

2) And that these two lines contained the IP of my PlexAuth SSO Server; https://github.com/hjone72/plexpy/blob/PlexAuth/plexpy/webauth.py#L46 https://github.com/hjone72/plexpy/blob/PlexAuth/plexpy/webauth.py#L251

3) This all appeared correct. I double checked my server is correctly appearing on https://plex.tv/api/servers.xml which it was.

4) I then checked the response from https://secure.domain.com/auth/?info=plexpy. This prompted with an authentication box which took my plex credentials, but then brought me to an unexpected page. After discussing with hjone72 I was asked to change the following line to the IP of my PlexPy server;

https://github.com/hjone72/PlexAuth/blob/master/auth/index.php#L36

This worked! This line says that only the local machine can request session information, good for those who have all services on a single machine; but not so good for people who like separating of services like I do! A quick fix for this is to allow an array of IP addresses to be entered as below;

Replace lines 36-43 (https://github.com/hjone72/PlexAuth/blob/master/auth/index.php#L36-L43) with the following code;

$trustedIP = array('127.0.0.1', '127.0.0.1'); // Only add IP addresses you 100% trust.

if (in_array($_SERVER['REMOTE_ADDR'], $trustedIP)){ // If the request isn't coming from somewhere we trust then ignore the attempt to change Session_id.

        if (isset($_GET['session'])){
            $session_path = $GLOBALS['ini_array']['session_path'];
            $session_id = $_GET['session'];
            $session_info = file_get_contents($session_path . $session_id);
            session_decode($session_info);
        }
}

So in Summary;

If you run your PlexPy and PlexAuth instances on separate servers, you will need to modify the above code to ensure that your PlexPy service is authorised to access the session information from PlexAuth. It has been noted to ONLY allow IP addresses which you COMPLETELY trust to this list.

A huge thanks again for all hjone72's support and all his hard work with building this project.

AngryNoodlez commented 7 years ago

Closing this issue as a success story!