-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[plex] Use https for local connections #15306
Conversation
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
I'll try to throw it in this afternoon and validate. |
Had a free moment, LGTM
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for quickly implementing this! I have added some minor comments.
if (headers != null) { | ||
for (String httpHeaderKey : headers.stringPropertyNames()) { | ||
if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) { | ||
request.agent(headers.getProperty(httpHeaderKey)); | ||
} else { | ||
request.header(httpHeaderKey, headers.getProperty(httpHeaderKey)); | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems a little overcomplicated. Can you remove the User-Agent
header from getClientHeaders()
and instead apply it directly in this method (here and when verify
is true)?
Since this is a local connection, is it even needed/used for anything?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not a plex user and thus can't test the code directly so it is difficult to assess which headers are actually needed. I took the approach of trying to maintain what was already implemented. I actually borrowed this header adding code from the core HttpUtil.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The core HttpUtil
code is partly like that because of a bugfix because of the way Jetty works - see openhab/openhab-core#3411. The other part of the story is that the method was bound by contract to have agent delivered inside Properties
. We are not bound by this contract, but can freely write the code.
I think it would be better to avoid for each call to put 9-10 headers into a HashMap
, with User-Agent
being one of them and then iterate through the map in order to apply it for building a Request
. while taking special care of User-Agent
by string comparison. At least the User-Agent
handling part seems like a work-around as it could have been avoided in the first place.
But I can appreciate that you don't want to mess too much with this code since you are not using the binding yourself, so let's leave it as is for now.
...b.binding.plex/src/main/java/org/openhab/binding/plex/internal/handler/PlexApiConnector.java
Show resolved
Hide resolved
...b.binding.plex/src/main/java/org/openhab/binding/plex/internal/handler/PlexApiConnector.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Hello I’m on Build #3567 and I am having an issue with the plex binding I am using PLEX docker on an Unraid server with a host mode with Openhab docker on the same server but with a custom host IP In openhab I get the error: PLEX is not returning valid session data In the debug log it says no route to host
|
That seems unrelated to this merged pull request. I would advise to ask for help in the community forum, and then create a new issue if you are able to conclude there's a bug (or room for improvement) in the binding. |
I worked with him on the forum. It's almost definitely related to this PR. Using a snapshot from immediately before has no issues. That said I would suggest creating an issue and tie it to this as a regression |
@morph166955 - thanks, I missed this correlation. |
@morph166955 Can you take over fixing this issue? |
I certainly don't mind giving it a shot. My plex works on the same code rev and OH version so I believe this is something to do with the dockers. I'm confused as to why moving to https changes a routing decision. |
// Requests sent to the local server need to bypass certificate checking via the custom httpClient | ||
final Request request = httpClient.newRequest(url).method(HttpUtil.createHttpMethod(method)); | ||
for (String httpHeaderKey : headers.stringPropertyNames()) { | ||
if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) { | ||
request.agent(headers.getProperty(httpHeaderKey)); | ||
} else { | ||
request.header(httpHeaderKey, headers.getProperty(httpHeaderKey)); | ||
} | ||
} | ||
final ContentResponse res = request.send(); | ||
response = res.getContentAsString(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@morph166955 I was working on this change to catch the failure and re-try with http
try {
// Requests sent to the local server need to bypass certificate checking via the custom httpClient
final Request request = httpClient.newRequest(url).method(HttpUtil.createHttpMethod(method));
for (String httpHeaderKey : headers.stringPropertyNames()) {
if (httpHeaderKey.equalsIgnoreCase(HttpHeader.USER_AGENT.toString())) {
request.agent(headers.getProperty(httpHeaderKey));
} else {
request.header(httpHeaderKey, headers.getProperty(httpHeaderKey));
}
}
final ContentResponse res = request.send();
response = res.getContentAsString();
} catch (Exception e) {
// if https conection to the local server fails, re-try with http
response = HttpUtil.executeUrl(method, url.replace("https:", "http:"), headers, null, null, REQUEST_TIMEOUT_MS);
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really think this is a bad idea. We shouldn't fall back to insecure urls if connection fails. Instead we have to find out why it fails and fix the https connection
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I'll let you sort it out. It was just rather alarming that a problem report came in right after the first nightly build of this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps an advanced configuration option could allow users to explicitly use http rather than https? I agree it shouldn't silently fallback to http for security reasons. See also useTLS here (which is defaulted to true
): https://www.openhab.org/addons/bindings/lgwebos/#thing-configuration
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com>
Signed-off-by: Michael Lobstein <michael.lobstein@gmail.com> Signed-off-by: Jørgen Austvik <jaustvik@acm.org>
Addresses #15304
Test build: https://github.com/mlobstein/openhab-addons/releases/download/4.0/org.openhab.binding.plex-4.1.0-SNAPSHOT.jar
@morph166955
@aronbeurskens