"New login to Spotify" emails

[kingosticks]

I am sometimes getting emails from Spotify notifying my of new logins when playing songs with the latest version. My understanding was these would not be sent when using cached credentials so something is going wrong. The credentials file does exist and looks sensible. The current logging isn't really helping to understand the problem.

New login to Spotify

We noticed you logged in from a new device. If this was you, there’s nothing for you to do right now.

Location Time March 27, 2023 at 4:05:38 PM BST

[beaverking1212]

This needs fixes in gst-plugin-spotify and credentials.json must not be deleted by file cache cleanup.

I see two options to protect credentials.json Option 1 is storing it in a folder under home directory. Option 2 is storing file cache in in subfolder of the cache directory. This is similar to what libspotify did, but this will prevent old cache files from being cleaned up by cache cleanup.

@kingosticks What do you think?

[kingosticks]

Are you saying that the problem is the spotifysrc deleting its own credentials.json file accidentally? When is it doing the cleanup? My theory was different.

Either way, I don't think option 1 works when running as a system service.

Maybe I don't quite understand the problem but is there an option 3 is to put credentials.json in a subfolder?

[beaverking1212]

Are you saying that the problem is the spotifysrc deleting its own credentials.json file accidentally? When is it doing the cleanup?

No. Currently problem is in gst-plugin-spotify, but when that will be fixed cache cleanup may become next problem.

I have tested option 1 and option 2 on Raspberry Pi OS and they both work. Subfolders of file cache are also cleaned up by the cache cleanup, so option 3 will not help.

[beaverking1212]

May be option 4 would be creating directory under Extension.get_data_dir()? May be this is the best?

Besides should credentials be cached if allow_cache is off? I think yes because it is part of login and not file cache.

[kingosticks]

Correct me if wrong but are we looking at two different issues here.

1. The one I reported is the annoying new login emails. I think this can be avoided with a change to gst-plugin-spotify, having it cache the "reusable credentials" like normal rather than the manual steps it does to save the original credentials, for some reason.

2. The credentials.json cache file being erroneously removed. I've never had this, but sounds like you have?

There's another related one:

3. The credentials.json file permissions should be stricter, ideally 600.

[kingosticks]

Besides should credentials be cached if allow_cache is off? I think yes because it is part of login and not file cache.

I think you are right.

[beaverking1212]

Yes. There are these 2 problems.

1. Will be solved in gst-plugin-spotify
2. Will be solved in #357
3. Will be solved in #357 with folder mode 700

[kingosticks]

Are you working on 1? I didn't see any issues there when I looked the other day

[kingosticks]

Regarding 1, I see now that the PR already went in. Thanks for sorting that, I just couldn't seem to get round to it.

I'll look at the PR for 2 and 3 shortly.

[kingosticks]

1. fixed in https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1183