feat: add option to only allow Plex sign-in from existing users (#1496)

* feat: add option to only allow Plex login from existing users

* fix: remove newPlexLogin from public settings

overseerr-api.yml

@@ -126,6 +126,9 @@ components:
         localLogin:
           type: boolean
           example: true
+        newPlexLogin:
+          type: boolean
+          example: true
         defaultPermissions:
           type: number
           example: 32

server/lib/settings.ts

@@ -82,6 +82,7 @@ export interface MainSettings {
   };
   hideAvailable: boolean;
   localLogin: boolean;
+  newPlexLogin: boolean;
   region: string;
   originalLanguage: string;
   trustProxy: boolean;
@@ -242,6 +243,7 @@ class Settings {
         },
         hideAvailable: false,
         localLogin: true,
+        newPlexLogin: true,
         region: '',
         originalLanguage: '',
         trustProxy: false,

server/routes/auth.ts

@@ -1,12 +1,12 @@
 import { Router } from 'express';
 import { getRepository } from 'typeorm';
-import { User } from '../entity/User';
 import PlexTvAPI from '../api/plextv';
-import { isAuthenticated } from '../middleware/auth';
-import { Permission } from '../lib/permissions';
-import logger from '../logger';
-import { getSettings } from '../lib/settings';
 import { UserType } from '../constants/user';
+import { User } from '../entity/User';
+import { Permission } from '../lib/permissions';
+import { getSettings } from '../lib/settings';
+import logger from '../logger';
+import { isAuthenticated } from '../middleware/auth';
 
 const authRoutes = Router();
 
@@ -79,6 +79,24 @@ authRoutes.post('/plex', async (req, res, next) => {
 
       // Double check that we didn't create the first admin user before running this
       if (!user) {
+        if (!settings.main.newPlexLogin) {
+          logger.info(
+            'Failed sign-in attempt from user who has not been imported to Overseerr.',
+            {
+              label: 'Auth',
+              account: {
+                ...account,
+                authentication_token: '__REDACTED__',
+                authToken: '__REDACTED__',
+              },
+            }
+          );
+          return next({
+            status: 403,
+            message: 'Access denied.',
+          });
+        }
+
         // If we get to this point, the user does not already exist so we need to create the
         // user _assuming_ they have access to the Plex server
         const mainUser = await userRepository.findOneOrFail({
@@ -112,7 +130,7 @@ authRoutes.post('/plex', async (req, res, next) => {
           );
           return next({
             status: 403,
-            message: 'You do not have access to this Plex server.',
+            message: 'Access denied.',
           });
         }
       }
@@ -128,7 +146,7 @@ authRoutes.post('/plex', async (req, res, next) => {
     logger.error(e.message, { label: 'Auth' });
     return next({
       status: 500,
-      message: 'Something went wrong. Is your auth token valid?',
+      message: 'Something went wrong.',
     });
   }
 });

src/components/Settings/SettingsPlex.tsx

@@ -21,7 +21,7 @@ const messages = defineMessages({
   plex: 'Plex',
   plexsettings: 'Plex Settings',
   plexsettingsDescription:
-    'Configure the settings for your Plex server. Overseerr scans your Plex libraries to see what content is available.',
+    'Configure the settings for your Plex server. Overseerr scans your Plex libraries to determine content availability.',
   servername: 'Server Name',
   servernameTip: 'Automatically retrieved from Plex after saving',
   servernamePlaceholder: 'Plex Server Name',
@@ -40,11 +40,10 @@ const messages = defineMessages({
   toastPlexConnectingSuccess: 'Plex connection established successfully!',
   toastPlexConnectingFailure: 'Failed to connect to Plex.',
   settingUpPlexDescription:
-    'To set up Plex, you can either enter your details manually or select a server retrieved from <RegisterPlexTVLink>plex.tv</RegisterPlexTVLink>. Press the button to the right of the dropdown to fetch the list of available servers.',
+    'To set up Plex, you can either enter the details manually or select a server retrieved from <RegisterPlexTVLink>plex.tv</RegisterPlexTVLink>. Press the button to the right of the dropdown to fetch the list of available servers.',
   hostname: 'Hostname or IP Address',
   port: 'Port',
   enablessl: 'Enable SSL',
-  timeout: 'Timeout',
   plexlibraries: 'Plex Libraries',
   plexlibrariesDescription:
     'The libraries Overseerr scans for titles. Set up and save your Plex connection settings, then click the button below if no libraries are listed.',
@@ -58,7 +57,7 @@ const messages = defineMessages({
   librariesRemaining: 'Libraries Remaining: {count}',
   startscan: 'Start Scan',
   cancelscan: 'Cancel Scan',
-  validationHostnameRequired: 'You must provide a hostname or IP address',
+  validationHostnameRequired: 'You must provide a valid hostname or IP address',
   validationPortRequired: 'You must provide a valid port number',
 });
 

src/components/Settings/SettingsUsers/index.tsx

@@ -19,6 +19,8 @@ const messages = defineMessages({
   toastSettingsSuccess: 'User settings saved successfully!',
   toastSettingsFailure: 'Something went wrong while saving settings.',
   localLogin: 'Enable Local Sign-In',
+  newPlexLogin: 'Enable New Plex User Sign-In',
+  newPlexLoginTip: 'Allow Plex users to sign in without first being imported',
   movieRequestLimitLabel: 'Global Movie Request Limit',
   tvRequestLimitLabel: 'Global Series Request Limit',
   defaultPermissions: 'Default Permissions',
@@ -53,6 +55,7 @@ const SettingsUsers: React.FC = () => {
         <Formik
           initialValues={{
             localLogin: data?.localLogin,
+            newPlexLogin: data?.newPlexLogin,
             movieQuotaLimit: data?.defaultQuotas.movie.quotaLimit ?? 0,
             movieQuotaDays: data?.defaultQuotas.movie.quotaDays ?? 7,
             tvQuotaLimit: data?.defaultQuotas.tv.quotaLimit ?? 0,
@@ -64,6 +67,7 @@ const SettingsUsers: React.FC = () => {
             try {
               await axios.post('/api/v1/settings/main', {
                 localLogin: values.localLogin,
+                newPlexLogin: values.newPlexLogin,
                 defaultQuotas: {
                   movie: {
                     quotaLimit: values.movieQuotaLimit,
@@ -96,7 +100,7 @@ const SettingsUsers: React.FC = () => {
               <Form className="section">
                 <div className="form-row">
                   <label htmlFor="localLogin" className="checkbox-label">
-                    <span>{intl.formatMessage(messages.localLogin)}</span>
+                    {intl.formatMessage(messages.localLogin)}
                   </label>
                   <div className="form-input">
                     <Field
@@ -109,6 +113,24 @@ const SettingsUsers: React.FC = () => {
                     />
                   </div>
                 </div>
+                <div className="form-row">
+                  <label htmlFor="newPlexLogin" className="checkbox-label">
+                    {intl.formatMessage(messages.newPlexLogin)}
+                    <span className="label-tip">
+                      {intl.formatMessage(messages.newPlexLoginTip)}
+                    </span>
+                  </label>
+                  <div className="form-input">
+                    <Field
+                      type="checkbox"
+                      id="newPlexLogin"
+                      name="newPlexLogin"
+                      onChange={() => {
+                        setFieldValue('newPlexLogin', !values.newPlexLogin);
+                      }}
+                    />
+                  </div>
+                </div>
                 <div className="form-row">
                   <label htmlFor="applicationTitle" className="text-label">
                     {intl.formatMessage(messages.movieRequestLimitLabel)}

src/i18n/locale/en.json

@@ -473,6 +473,8 @@
   "components.Settings.SettingsUsers.defaultPermissions": "Default Permissions",
   "components.Settings.SettingsUsers.localLogin": "Enable Local Sign-In",
   "components.Settings.SettingsUsers.movieRequestLimitLabel": "Global Movie Request Limit",
+  "components.Settings.SettingsUsers.newPlexLogin": "Enable New Plex User Sign-In",
+  "components.Settings.SettingsUsers.newPlexLoginTip": "Allow Plex users to sign in without first being imported",
   "components.Settings.SettingsUsers.toastSettingsFailure": "Something went wrong while saving settings.",
   "components.Settings.SettingsUsers.toastSettingsSuccess": "User settings saved successfully!",
   "components.Settings.SettingsUsers.tvRequestLimitLabel": "Global Series Request Limit",
@@ -588,7 +590,7 @@
   "components.Settings.plexlibraries": "Plex Libraries",
   "components.Settings.plexlibrariesDescription": "The libraries Overseerr scans for titles. Set up and save your Plex connection settings, then click the button below if no libraries are listed.",
   "components.Settings.plexsettings": "Plex Settings",
-  "components.Settings.plexsettingsDescription": "Configure the settings for your Plex server. Overseerr scans your Plex libraries to see what content is available.",
+  "components.Settings.plexsettingsDescription": "Configure the settings for your Plex server. Overseerr scans your Plex libraries to determine content availability.",
   "components.Settings.port": "Port",
   "components.Settings.radarrsettings": "Radarr Settings",
   "components.Settings.region": "Discover Region",
@@ -608,11 +610,10 @@
   "components.Settings.serverpresetRefreshing": "Retrieving servers…",
   "components.Settings.serviceSettingsDescription": "Configure your {serverType} server(s) below. You can connect multiple {serverType} servers, but only two of them can be marked as defaults (one non-4K and one 4K). Administrators are able to override the server used to process new requests prior to approval.",
   "components.Settings.services": "Services",
-  "components.Settings.settingUpPlexDescription": "To set up Plex, you can either enter your details manually or select a server retrieved from <RegisterPlexTVLink>plex.tv</RegisterPlexTVLink>. Press the button to the right of the dropdown to fetch the list of available servers.",
+  "components.Settings.settingUpPlexDescription": "To set up Plex, you can either enter the details manually or select a server retrieved from <RegisterPlexTVLink>plex.tv</RegisterPlexTVLink>. Press the button to the right of the dropdown to fetch the list of available servers.",
   "components.Settings.sonarrsettings": "Sonarr Settings",
   "components.Settings.ssl": "SSL",
   "components.Settings.startscan": "Start Scan",
-  "components.Settings.timeout": "Timeout",
   "components.Settings.toastApiKeyFailure": "Something went wrong while generating a new API key.",
   "components.Settings.toastApiKeySuccess": "New API key generated successfully!",
   "components.Settings.toastPlexConnecting": "Attempting to connect to Plex…",
@@ -628,7 +629,7 @@
   "components.Settings.validationApplicationTitle": "You must provide an application title",
   "components.Settings.validationApplicationUrl": "You must provide a valid URL",
   "components.Settings.validationApplicationUrlTrailingSlash": "URL must not end in a trailing slash",
-  "components.Settings.validationHostnameRequired": "You must provide a hostname or IP address",
+  "components.Settings.validationHostnameRequired": "You must provide a valid hostname or IP address",
   "components.Settings.validationPortRequired": "You must provide a valid port number",
   "components.Settings.webhook": "Webhook",
   "components.Settings.webpush": "Web Push",