dryark/strawberry
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add MD5 token authentication for Subsonic

Browse Source
This commit is contained in:
Jonas Kvinge
2021-07-30 21:16:41 +02:00
parent 5b7fc80f26
commit 88d7cb3ed5
6 changed files with 126 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/subsonic/subsonicbaserequest.cpp
View File

@@ -32,6 +32,7 @@
#include <QNetworkAccessManager>
#include <QNetworkRequest>
#include <QNetworkReply>
#include <QCryptographicHash>
#include <QSslConfiguration>
#include <QSslSocket>
#include <QSslError>
@@ -39,9 +40,12 @@
#include <QJsonObject>
#include <QJsonValue>
#include "core/utilities.h"
#include "subsonicservice.h"
#include "subsonicbaserequest.h"
#include "settings/subsonicsettingspage.h"
SubsonicBaseRequest::SubsonicBaseRequest(SubsonicService *service, QObject *parent)
: QObject(parent),
service_(service),
@@ -59,8 +63,19 @@ QUrl SubsonicBaseRequest::CreateUrl(const QString &ressource_name, const QList<P
<< Param("c", client_name())
<< Param("v", api_version())
<< Param("f", "json")
<< Param("u", username())
<< Param("p", QString("enc:" + password().toUtf8().toHex()));
<< Param("u", username());
if (service_->auth_method() == SubsonicSettingsPage::AuthMethod_Hex) {
params << Param("p", QString("enc:" + password().toUtf8().toHex()));
}
else {
const QString salt = Utilities::CryptographicRandomString(20);
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(password().toUtf8());
md5.addData(salt.toUtf8());
params << Param("s", salt);
params << Param("t", md5.result().toHex());
}
QUrlQuery url_query;
for (const Param &param : params) {

40
src/subsonic/subsonicservice.cpp
View File

@@ -36,6 +36,7 @@
#include <QSslConfiguration>
#include <QSslSocket>
#include <QSslError>
#include <QCryptographicHash>
#include <QJsonValue>
#include <QJsonDocument>
#include <QJsonObject>
@@ -43,6 +44,7 @@
#include <QSortFilterProxyModel>
#include <QtDebug>
#include "core/utilities.h"
#include "core/application.h"
#include "core/player.h"
#include "core/logging.h"
@@ -75,6 +77,7 @@ SubsonicService::SubsonicService(Application *app, QObject *parent)
http2_(true),
verify_certificate_(false),
download_album_covers_(true),
auth_method_(SubsonicSettingsPage::AuthMethod_MD5),
ping_redirects_(0) {
app->player()->RegisterUrlHandler(url_handler_);
@@ -136,16 +139,17 @@ void SubsonicService::ReloadSettings() {
http2_ = s.value("http2", true).toBool();
verify_certificate_ = s.value("verifycertificate", false).toBool();
download_album_covers_ = s.value("downloadalbumcovers", true).toBool();
auth_method_ = static_cast<SubsonicSettingsPage::AuthMethod>(s.value("authmethod", SubsonicSettingsPage::AuthMethod_MD5).toInt());
s.endGroup();
}
void SubsonicService::SendPing() {
SendPingWithCredentials(server_url_, username_, password_, false);
SendPingWithCredentials(server_url_, username_, password_, auth_method_, false);
}
void SubsonicService::SendPingWithCredentials(QUrl url, const QString &username, const QString &password, const bool redirect) {
void SubsonicService::SendPingWithCredentials(QUrl url, const QString &username, const QString &password, const SubsonicSettingsPage::AuthMethod auth_method, const bool redirect) {
if (!network_ || !redirect) {
network_ = std::make_unique<QNetworkAccessManager>();
@@ -155,11 +159,22 @@ void SubsonicService::SendPingWithCredentials(QUrl url, const QString &username,
ping_redirects_ = 0;
}
const ParamList params = ParamList() << Param("c", kClientName)
<< Param("v", kApiVersion)
<< Param("f", "json")
<< Param("u", username)
<< Param("p", QString("enc:" + password.toUtf8().toHex()));
ParamList params = ParamList() << Param("c", kClientName)
<< Param("v", kApiVersion)
<< Param("f", "json")
<< Param("u", username);
if (auth_method == SubsonicSettingsPage::AuthMethod_Hex) {
params << Param("p", QString("enc:" + password.toUtf8().toHex()));
}
else {
const QString salt = Utilities::CryptographicRandomString(20);
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(password_.toUtf8());
md5.addData(salt.toUtf8());
params << Param("s", salt);
params << Param("t", md5.result().toHex());
}
QUrlQuery url_query(url.query());
for (const Param &param : params) {
@@ -170,8 +185,9 @@ void SubsonicService::SendPingWithCredentials(QUrl url, const QString &username,
if (!url.path().isEmpty() && url.path().right(1) == "/") {
url.setPath(url.path() + QString("rest/ping.view"));
}
else
else {
url.setPath(url.path() + QString("/rest/ping.view"));
}
}
url.setQuery(url_query);
@@ -200,9 +216,9 @@ void SubsonicService::SendPingWithCredentials(QUrl url, const QString &username,
QNetworkReply *reply = network_->get(req);
replies_ << reply;
QObject::connect(reply, &QNetworkReply::sslErrors, this, &SubsonicService::HandlePingSSLErrors);
QObject::connect(reply, &QNetworkReply::finished, this, [this, reply, url, username, password]() { HandlePingReply(reply, url, username, password); });
QObject::connect(reply, &QNetworkReply::finished, this, [this, reply, url, username, password, auth_method]() { HandlePingReply(reply, url, username, password, auth_method); });
//qLog(Debug) << "Subsonic: Sending request" << url << query;
//qLog(Debug) << "Subsonic: Sending request" << url << url.query();
}
@@ -214,7 +230,7 @@ void SubsonicService::HandlePingSSLErrors(const QList<QSslError> &ssl_errors) {
}
void SubsonicService::HandlePingReply(QNetworkReply *reply, const QUrl &url, const QString &username, const QString &password) {
void SubsonicService::HandlePingReply(QNetworkReply *reply, const QUrl &url, const QString &username, const QString &password, const SubsonicSettingsPage::AuthMethod auth_method) {
Q_UNUSED(url);
@@ -246,7 +262,7 @@ void SubsonicService::HandlePingReply(QNetworkReply *reply, const QUrl &url, con
if (!redirect_url.isEmpty()) {
++ping_redirects_;
qLog(Debug) << "Redirecting ping request to" << redirect_url.toString(QUrl::RemoveQuery);
SendPingWithCredentials(redirect_url, username, password, true);
SendPingWithCredentials(redirect_url, username, password, auth_method, true);
return;
}
}

7
src/subsonic/subsonicservice.h
View File

@@ -39,6 +39,7 @@
#include "core/song.h"
#include "internet/internetservice.h"
#include "settings/subsonicsettingspage.h"
class QSortFilterProxyModel;
class QNetworkReply;
@@ -72,6 +73,7 @@ class SubsonicService : public InternetService {
bool http2() const { return http2_; }
bool verify_certificate() const { return verify_certificate_; }
bool download_album_covers() const { return download_album_covers_; }
SubsonicSettingsPage::AuthMethod auth_method() const { return auth_method_; }
CollectionBackend *collection_backend() const { return collection_backend_; }
CollectionModel *collection_model() const { return collection_model_; }
@@ -87,13 +89,13 @@ class SubsonicService : public InternetService {
public slots:
void ShowConfig() override;
void SendPing();
void SendPingWithCredentials(QUrl url, const QString &username, const QString &password, const bool redirect = false);
void SendPingWithCredentials(QUrl url, const QString &username, const QString &password, const SubsonicSettingsPage::AuthMethod auth_method, const bool redirect = false);
void GetSongs() override;
void ResetSongsRequest() override;
private slots:
void HandlePingSSLErrors(const QList<QSslError> &ssl_errors);
void HandlePingReply(QNetworkReply *reply, const QUrl &url, const QString &username, const QString &password);
void HandlePingReply(QNetworkReply *reply, const QUrl &url, const QString &username, const QString &password, const SubsonicSettingsPage::AuthMethod auth_method);
void SongsResultsReceived(const SongList &songs, const QString &error);
private:
@@ -125,6 +127,7 @@ class SubsonicService : public InternetService {
bool http2_;
bool verify_certificate_;
bool download_album_covers_;
SubsonicSettingsPage::AuthMethod auth_method_;
QStringList errors_;
int ping_redirects_;