Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[plex] Use https for local connections #15306

Merged
merged 2 commits into from
Jul 26, 2023
Merged

Conversation

mlobstein
Copy link
Contributor

@mlobstein mlobstein commented Jul 26, 2023

Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
@mlobstein mlobstein added enhancement An enhancement or new feature for an existing add-on additional testing preferred The change works for the pull request author. A test from someone else is preferred though. work in progress A PR that is not yet ready to be merged labels Jul 26, 2023
@morph166955
Copy link
Contributor

I'll try to throw it in this afternoon and validate.

@morph166955
Copy link
Contributor

Had a free moment, LGTM

2023-07-26 08:07:34.228 [DEBUG] [ex.internal.handler.PlexApiConnector] - Getting session data 'https://REMOVED:32400/status/sessions?X-Plex-Token=REMOVED'
2023-07-26 08:07:34.230 [DEBUG] [ex.internal.handler.PlexApiConnector] - HTTP response: <?xml version="1.0" encoding="UTF-8"?>
<MediaContainer size="0">
</MediaContainer>


@mlobstein mlobstein removed additional testing preferred The change works for the pull request author. A test from someone else is preferred though. work in progress A PR that is not yet ready to be merged labels Jul 26, 2023
@jlaur jlaur linked an issue Jul 26, 2023 that may be closed by this pull request
Copy link
Contributor

@jlaur jlaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for quickly implementing this! I have added some minor comments.

Comment on lines 235 to 243
if (headers != null) {
for (String httpHeaderKey : headers.stringPropertyNames()) {
if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) {
request.agent(headers.getProperty(httpHeaderKey));
} else {
request.header(httpHeaderKey, headers.getProperty(httpHeaderKey));
}
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems a little overcomplicated. Can you remove the User-Agent header from getClientHeaders() and instead apply it directly in this method (here and when verify is true)?

Since this is a local connection, is it even needed/used for anything?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not a plex user and thus can't test the code directly so it is difficult to assess which headers are actually needed. I took the approach of trying to maintain what was already implemented. I actually borrowed this header adding code from the core HttpUtil.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The core HttpUtil code is partly like that because of a bugfix because of the way Jetty works - see openhab/openhab-core#3411. The other part of the story is that the method was bound by contract to have agent delivered inside Properties. We are not bound by this contract, but can freely write the code.

I think it would be better to avoid for each call to put 9-10 headers into a HashMap, with User-Agent being one of them and then iterate through the map in order to apply it for building a Request. while taking special care of User-Agent by string comparison. At least the User-Agent handling part seems like a work-around as it could have been avoided in the first place.

But I can appreciate that you don't want to mess too much with this code since you are not using the binding yourself, so let's leave it as is for now.

Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
@mlobstein mlobstein requested a review from jlaur July 26, 2023 21:26
Copy link
Contributor

@jlaur jlaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jlaur jlaur merged commit ca8c843 into openhab:main Jul 26, 2023
@jlaur jlaur added this to the 4.1 milestone Jul 26, 2023
@mlobstein mlobstein deleted the plex_https branch July 26, 2023 22:16
@Vendivar
Copy link

Hello I’m on Build #3567 and I am having an issue with the plex binding

I am using PLEX docker on an Unraid server with a host mode with Openhab docker on the same server but with a custom host IP

In openhab I get the error: PLEX is not returning valid session data

In the debug log it says no route to host


2023-07-28 14:27:58.567 [DEBUG] [rg.eclipse.jetty.client.HttpExchange] - Failed HttpExchange@399299a7{req=HttpRequest[GET /status/sessions HTTP/1.1]@3be02390[COMPLETED/java.net.NoRouteToHostException: No route to host] res=HttpResponse[null 0 null]@2a5551c0[COMPLETED/java.net.NoRouteToHostException: No route to host]}: req=true/rsp=true null
2023-07-28 14:27:58.567 [DEBUG] [rg.eclipse.jetty.client.HttpExchange] - Failed HttpExchange@5b447797{req=WebSocketUpgradeRequest[GET /:/websockets/notifications HTTP/1.1]@4fd87412[COMPLETED/java.net.NoRouteToHostException: No route to host] res=HttpResponse[null 0 null]@58e130c9[COMPLETED/java.net.NoRouteToHostException: No route to host]}: req=true/rsp=true null

@jlaur
Copy link
Contributor

jlaur commented Jul 28, 2023

Hello I’m on Build #3567 and I am having an issue with the plex binding

That seems unrelated to this merged pull request. I would advise to ask for help in the community forum, and then create a new issue if you are able to conclude there's a bug (or room for improvement) in the binding.

@morph166955
Copy link
Contributor

morph166955 commented Jul 28, 2023

I worked with him on the forum. It's almost definitely related to this PR. Using a snapshot from immediately before has no issues. That said I would suggest creating an issue and tie it to this as a regression

@jlaur
Copy link
Contributor

jlaur commented Jul 28, 2023

@morph166955 - thanks, I missed this correlation.

@mlobstein
Copy link
Contributor Author

@morph166955 Can you take over fixing this issue?

@morph166955
Copy link
Contributor

I certainly don't mind giving it a shot. My plex works on the same code rev and OH version so I believe this is something to do with the dockers. I'm confused as to why moving to https changes a routing decision.

Comment on lines +233 to +243
// Requests sent to the local server need to bypass certificate checking via the custom httpClient
final Request request = httpClient.newRequest(url).method(HttpUtil.createHttpMethod(method));
for (String httpHeaderKey : headers.stringPropertyNames()) {
if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) {
request.agent(headers.getProperty(httpHeaderKey));
} else {
request.header(httpHeaderKey, headers.getProperty(httpHeaderKey));
}
}
final ContentResponse res = request.send();
response = res.getContentAsString();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@morph166955 I was working on this change to catch the failure and re-try with http

        try {
                // Requests sent to the local server need to bypass certificate checking via the custom httpClient
                final Request request = httpClient.newRequest(url).method(HttpUtil.createHttpMethod(method));
                for (String httpHeaderKey : headers.stringPropertyNames()) {
                    if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) {
                        request.agent(headers.getProperty(httpHeaderKey));
                    } else {
                        request.header(httpHeaderKey, headers.getProperty(httpHeaderKey));
                    }
                }
                final ContentResponse res = request.send();
                response = res.getContentAsString();
            } catch (Exception e) {
                // if https conection to the local server fails, re-try with http
                response = HttpUtil.executeUrl(method, url.replace("https:", "http:"), headers, null, null, REQUEST_TIMEOUT_MS);
            }

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really think this is a bad idea. We shouldn't fall back to insecure urls if connection fails. Instead we have to find out why it fails and fix the https connection

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll let you sort it out. It was just rather alarming that a problem report came in right after the first nightly build of this PR.

Copy link
Contributor

@jlaur jlaur Jul 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps an advanced configuration option could allow users to explicitly use http rather than https? I agree it shouldn't silently fallback to http for security reasons. See also useTLS here (which is defaulted to true): https://www.openhab.org/addons/bindings/lgwebos/#thing-configuration

Pshatsillo pushed a commit to Pshatsillo/openhab-addons that referenced this pull request Sep 29, 2023
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
austvik pushed a commit to austvik/openhab-addons that referenced this pull request Mar 27, 2024
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
Signed-off-by: Jørgen Austvik <jaustvik@acm.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement An enhancement or new feature for an existing add-on
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[plex] migrate to https for all connections
5 participants