From 3dc71dcfbc94f84fe3d86c0d92bf5c76a013317a Mon Sep 17 00:00:00 2001 From: Alexandre Beloin Date: Mon, 9 Feb 2015 11:22:48 -0500 Subject: [PATCH] Generate a cookie instead of using an hardcoded one. --- sickbeard/__init__.py | 7 ++++++- sickbeard/helpers.py | 4 ++++ sickbeard/webserveInit.py | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/sickbeard/__init__.py b/sickbeard/__init__.py index 8ab13859..ab229e58 100755 --- a/sickbeard/__init__.py +++ b/sickbeard/__init__.py @@ -137,6 +137,7 @@ WEB_USERNAME = None WEB_PASSWORD = None WEB_HOST = None WEB_IPV6 = None +WEB_COOKIE_SECRET = None PLAY_VIDEOS = False @@ -497,7 +498,7 @@ def get_backlog_cycle_time(): def initialize(consoleLogging=True): with INIT_LOCK: - global BRANCH, GIT_RESET, GIT_REMOTE, GIT_REMOTE_URL, CUR_COMMIT_HASH, CUR_COMMIT_BRANCH, ACTUAL_LOG_DIR, LOG_DIR, LOG_NR, LOG_SIZE, WEB_PORT, WEB_LOG, ENCRYPTION_VERSION, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, API_KEY, API_ROOT, ENABLE_HTTPS, HTTPS_CERT, HTTPS_KEY, \ + global BRANCH, GIT_RESET, GIT_REMOTE, GIT_REMOTE_URL, CUR_COMMIT_HASH, CUR_COMMIT_BRANCH, ACTUAL_LOG_DIR, LOG_DIR, LOG_NR, LOG_SIZE, WEB_PORT, WEB_LOG, ENCRYPTION_VERSION, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, WEB_COOKIE_SECRET, API_KEY, API_ROOT, ENABLE_HTTPS, HTTPS_CERT, HTTPS_KEY, \ HANDLE_REVERSE_PROXY, USE_NZBS, USE_TORRENTS, NZB_METHOD, NZB_DIR, DOWNLOAD_PROPERS, RANDOMIZE_PROVIDERS, CHECK_PROPERS_INTERVAL, ALLOW_HIGH_PRIORITY, TORRENT_METHOD, \ SAB_USERNAME, SAB_PASSWORD, SAB_APIKEY, SAB_CATEGORY, SAB_CATEGORY_ANIME, SAB_HOST, \ NZBGET_USERNAME, NZBGET_PASSWORD, NZBGET_CATEGORY, NZBGET_CATEGORY_ANIME, NZBGET_PRIORITY, NZBGET_HOST, NZBGET_USE_HTTPS, backlogSearchScheduler, \ @@ -650,6 +651,9 @@ def initialize(consoleLogging=True): ENCRYPTION_VERSION = check_setting_int(CFG, 'General', 'encryption_version', 0) WEB_USERNAME = check_setting_str(CFG, 'General', 'web_username', '', censor_log=True) WEB_PASSWORD = check_setting_str(CFG, 'General', 'web_password', '', censor_log=True) + WEB_COOKIE_SECRET = check_setting_str(CFG, 'General', 'web_cookie_secret', helpers.generateCookieSecret(), censor_log=True) + if not WEB_COOKIE_SECRET: + WEB_COOKIE_SECRET = helpers.generateCookieSecret() LAUNCH_BROWSER = bool(check_setting_int(CFG, 'General', 'launch_browser', 1)) PLAY_VIDEOS = bool(check_setting_int(CFG, 'General', 'play_videos', 0)) @@ -1457,6 +1461,7 @@ def save_config(): new_config['General']['web_root'] = WEB_ROOT new_config['General']['web_username'] = WEB_USERNAME new_config['General']['web_password'] = helpers.encrypt(WEB_PASSWORD, ENCRYPTION_VERSION) + new_config['General']['web_cookie_secret'] = WEB_COOKIE_SECRET new_config['General']['play_videos'] = int(PLAY_VIDEOS) new_config['General']['download_url'] = DOWNLOAD_URL new_config['General']['localhost_ip'] = LOCALHOST_IP diff --git a/sickbeard/helpers.py b/sickbeard/helpers.py index 547fdddd..ee048dd8 100644 --- a/sickbeard/helpers.py +++ b/sickbeard/helpers.py @@ -1336,3 +1336,7 @@ if __name__ == '__main__': def remove_article(text=''): return re.sub(r'(?i)^(?:(?:A(?!\s+to)n?)|The)\s(\w)', r'\1', text) + +def generateCookieSecret(): + + return base64.b64encode(uuid.uuid4().bytes + uuid.uuid4().bytes) diff --git a/sickbeard/webserveInit.py b/sickbeard/webserveInit.py index 6ddb53a5..5f26c0eb 100644 --- a/sickbeard/webserveInit.py +++ b/sickbeard/webserveInit.py @@ -71,7 +71,7 @@ class SRWebServer(threading.Thread): autoreload=False, gzip=True, xheaders=sickbeard.HANDLE_REVERSE_PROXY, - cookie_secret='61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=', + cookie_secret=sickbeard.WEB_COOKIE_SECRET, login_url='%s/login/' % self.options['web_root'], )