fix(auth): resolve local/password authentication issues (#2677)

* fix(auth): only add Plex ID to user after verifying server access * fix(auth): do not fail local auth if fetching Plex users is unsuccessful
2025-09-17 17:24:35 +02:00 · 2022-04-05 19:31:14 -04:00
parent 341e3b8f06
commit b75fc7b238
1 changed files with 34 additions and 21 deletions
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -210,6 +210,7 @@ authRoutes.post('/local', async (req, res, next) => {
    const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');

    if (!user.plexId) {
+      try {
        const plexUsersResponse = await mainPlexTv.getUsers();
        const account = plexUsersResponse.MediaContainer.User.find(
          (account) =>
@@ -217,15 +218,21 @@ authRoutes.post('/local', async (req, res, next) => {
            account.$.email.toLowerCase() === user.email.toLowerCase()
        )?.$;

-      if (account) {
-        logger.info('Found matching Plex user; updating user with Plex data', {
+        if (
+          account &&
+          (await mainPlexTv.checkUserAccess(parseInt(account.id)))
+        ) {
+          logger.info(
+            'Found matching Plex user; updating user with Plex data',
+            {
              label: 'API',
              ip: req.ip,
              email: body.email,
              userId: user.id,
              plexId: account.id,
              plexUsername: account.username,
-        });
+            }
+          );

          user.plexId = parseInt(account.id);
          user.avatar = account.thumb;
@@ -235,6 +242,12 @@ authRoutes.post('/local', async (req, res, next) => {

          await userRepository.save(user);
        }
+      } catch (e) {
+        logger.error('Something went wrong fetching Plex users', {
+          label: 'API',
+          errorMessage: e.message,
+        });
+      }
    }

    if (