(deprecated) A basic account management system for Jellyfin.
Go to file
Harvey Tindall 16a7ceb8ea Added STARTTLS for SMTP
As many services don't support full encryption, there is now an
encryption option in the [smtp] section, allowing you to choose between
ssl_tls and starttls.
2020-04-26 21:28:55 +01:00
data Added STARTTLS for SMTP 2020-04-26 21:28:55 +01:00
images added option to send invite to an address 2020-04-19 22:35:51 +01:00
jellyfin_accounts Added STARTTLS for SMTP 2020-04-26 21:28:55 +01:00
.gitignore added requirements.txt 2020-04-15 10:58:35 +01:00
jf-accounts added option to send invite to an address 2020-04-19 22:35:51 +01:00
LICENSE first commit 2020-04-11 15:20:25 +01:00
nohup.out Add windows fixes 2020-04-25 22:08:59 +01:00
README.md Added STARTTLS for SMTP 2020-04-26 21:28:55 +01:00
requirements.txt added requirements.txt 2020-04-15 10:58:35 +01:00
setup.py added option to send invite to an address 2020-04-19 22:35:51 +01:00

jellyfin-accounts

New: Now capable of sending password reset emails!

A basic account management system for Jellyfin.

Interface

Admin page Account creation page

Get it

Requirements

  • This should work anywhere Python does, i've tried to not use anything OS-specific. Drop an issue if there's a problem, of course.
* python >= 3.6
* flask
* flask_httpauth
* jinja2
* requests
* itsdangerous
* passlib
* secrets
* configparser
* pyOpenSSL
* waitress
* pytz
* python-dateutil
* watchdog

Install

Usually as simple as:

git clone https://github.com/hrfee/jellyfin-accounts.git
cd jellyfin-accounts
pip3 install pyOpenSSL
python3 setup.py install

If not, or if you want to use docker, see install.

Usage

  • Passing no arguments will run the server
usage: jf-accounts [-h] [-c CONFIG] [-d DATA] [--host HOST] [-p PORT] [-g]

jellyfin-accounts

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        specifies path to configuration file.
  -d DATA, --data DATA  specifies directory to store data in. defaults to
                        ~/.jf-accounts.
  --host HOST           address to host web ui on.
  -p PORT, --port PORT  port to host web ui on.
  -g, --get_policy      tool to grab a JF users policy (access, perms, etc.)
                        and output as json to be used as a user template.

Setup

Policy template

  • You may want to restrict a user from accessing certain libraries (e.g 4K Movies), or display their account on the login screen by default. Jellyfin stores these settings as a user's policy.
  • Make a temporary account and change its settings, then run jf-accounts --get_policy. Choose your user, and the policy will be stored at the location you set in user_template, and used for all subsequent new accounts.

Emails/Password Resets

  • When someone initiates forget password on Jellyfin, a file named passwordreset*.json is created in its configuration directory. This directory is monitored and when created, the program reads the username, expiry time and PIN, puts it into a template and sends it to whatever address is specified in emails.json.
  • The default forget password popup references the passwordreset*.json file created. This is confusing for users, so a quick fix is to edit the MessageForgotPasswordFileCreated string in Jellyfin's language folder.
  • Currently, jellyfin-accounts supports generic SSL/TLS or STARTTLS secured SMTP, and the mailgun REST API.
  • Email html is created using mjml, and jinja templating is used. If you wish to create your own, ensure you use the same jinja expressions ({{ pin }}, etc.) as used in data/email.mjml or invite-email.mjml, and also create plain text versions for legacy email clients.

Configuration

  • Note: Make sure to put this behind a reverse proxy with HTTPS.

For detailed descriptions of each setting, see setup.

On first run, the default configuration is copied to ~/.jf-accounts/config.ini.

[jellyfin]
; It is reccommended to create a limited admin account for this program.
username = username
password = password
; Server will also be used in the invite form, so make sure it's publicly accessible.
server = https://jellyf.in:443
client = jf-accounts
version = 0.1
device = jf-accounts
device_id = jf-accounts-0.1

[ui]
; Set 0.0.0.0 to run localhost
host = 0.0.0.0
port = 8056
; Enable this to use Jellyfin users instead of the below username and pw.
jellyfin_login = true
; Allows only admin users on Jellyfin to access admin page.
admin_only = true
; Username to use on admin page... (leave blank if using jellyfin_login)
username = your username
; ..and its corresponding password (leave blank if using jellyfin_login)
password = your password

debug = false

; Displayed at the bottom of all pages except admin
contact_message = Need help? contact me.
; Displayed at top of form page.
help_message =  Enter your details to create an account.
; Displayed when an account is created.
success_message = Your account has been created. Click below to continue to Jellyfin.

[password_validation]
; Enables password validation.
enabled = true 
; Min. password length
min_length = 8
; Min. number of uppercase characters
upper = 1
; Min. number of lowercase characters
lower = 0
; Min. number of numbers
number = 1
; Min. number of special characters
special = 0

[email]
; Leave this whole section if you aren't using any email-related features.
use_24h = true
; Date format follows datetime's strftime.
date_format = %d/%m/%y
; Displayed at bottom of emails
message = Need help? contact me.
; Mail methods: mailgun, smtp
method = smtp
; Address to send from
address = jellyfin@jellyf.in
; The name of the sender
from = Jellyfin

[password_resets]
; Enable to store provided email addresses, monitor jellyfin directory for pw-resets, and send pin
enabled = true
; Directory to monitor for passwordReset*.json files. Usually the jellyfin config directory
watch_directory = /path/to/jellyfin
; Path to custom email html. If blank, uses the internal template.
email_html =
; Path to alternate plaintext email. If blank, uses the internal template.
email_text = 
; Subject of emails
subject = Password Reset - Jellyfin

[invite_emails]
; If enabled, allows one to send an invite directly to an email address.
enabled = true
; Path to custom email html. If blank, uses the internal template.
email_html =
; Path to alternate plaintext email. If blank, uses the internal template.
email_text = 
subject = Invite - Jellyfin
; Base url for jf-accounts. This necessary because most will use a reverse proxy, so the program has no other way of knowing what URL to send.
url_base = http://accounts.jellyf.in:8056/invite

[mailgun]

api_url = https://api.mailgun.net...
api_key = your api key

[smtp]
; Choose between ssl_tls and starttls. Your provider should tell you which to use, but generally SSL/TLS is 465, STARTTLS 587
encryption = starttls
server = smtp.jellyf.in
; Uses SMTP_SSL, so make sure the port is for this, not starttls.
port = 587
password = smtp password

[files]
; When the below paths are left blank, files are stored in ~/.jf-accounts/.

; Path to store valid invites.
invites = 
; Path to store emails addresses in JSON
emails = 
; Path to the user policy template. Can be acquired with get-template.
user_template =