See #75: initial subsonic implementation that works with http://p.subfireplayer.net

2025-10-03 16:49:17 +02:00 · 2018-05-08 16:32:07 +02:00 · 2018-05-08 16:32:07 +02:00 · bbd273404a
commit bbd273404a
parent 9682299480
15 changed files with 774 additions and 48 deletions
--- a/api/funkwhale_api/subsonic/authentication.py
+++ b/api/funkwhale_api/subsonic/authentication.py
@ -0,0 +1,69 @@
+import binascii
+import hashlib
+
+from rest_framework import authentication
+from rest_framework import exceptions
+
+from funkwhale_api.users.models import User
+
+
+def get_token(salt, password):
+    to_hash = password + salt
+    h = hashlib.md5()
+    h.update(to_hash.encode('utf-8'))
+    return h.hexdigest()
+
+
+def authenticate(username, password):
+    try:
+        if password.startswith('enc:'):
+            password = password.replace('enc:', '', 1)
+            password = binascii.unhexlify(password).decode('utf-8')
+        user = User.objects.get(
+            username=username,
+            is_active=True,
+            subsonic_api_token=password)
+    except (User.DoesNotExist, binascii.Error):
+        raise exceptions.AuthenticationFailed(
+            'Wrong username or password.'
+        )
+
+    return (user, None)
+
+
+def authenticate_salt(username, salt, token):
+    try:
+        user = User.objects.get(
+            username=username,
+            is_active=True,
+            subsonic_api_token__isnull=False)
+    except User.DoesNotExist:
+        raise exceptions.AuthenticationFailed(
+            'Wrong username or password.'
+        )
+    expected = get_token(salt, user.subsonic_api_token)
+    if expected != token:
+        raise exceptions.AuthenticationFailed(
+            'Wrong username or password.'
+        )
+
+    return (user, None)
+
+
+class SubsonicAuthentication(authentication.BaseAuthentication):
+    def authenticate(self, request):
+        data = request.GET or request.POST
+        username = data.get('u')
+        if not username:
+            return None
+
+        p = data.get('p')
+        s = data.get('s')
+        t = data.get('t')
+        if not p and (not s or not t):
+            raise exceptions.AuthenticationFailed('Missing credentials')
+
+        if p:
+            return authenticate(username, p)
+
+        return authenticate_salt(username, s, t)