jellyfin-accounts/README.md
Harvey Tindall 4df78a22c5 Fixed password validation on form; added lowercase option
Fixed an issue where some criteria on the form page wouldn't change to
red or green when one set one of them to 0 in the config. Also added a
lowercase option.
2020-04-16 14:33:23 +01:00

6.3 KiB

jellyfin-accounts

New: Now capable of sending password reset emails!

A basic account management system for Jellyfin.

Screenshots

Get it

Requirements

  • This should work anywhere Python does, i've tried to not use anything OS-specific. Drop an issue if there's a problem, of course.
* python >= 3.6
* flask
* flask_httpauth
* jinja2
* requests
* itsdangerous
* passlib
* secrets
* configparser
* pyOpenSSL
* waitress
* pytz
* python-dateutil
* watchdog

Install

Usually as simple as:

git clone https://github.com/hrfee/jellyfin-accounts.git
cd jellyfin-accounts
pip3 install -r requirements.txt
python3 setup.py install

If not, or if you want to use docker, see install.

Usage

  • Passing no arguments will run the server
usage: jf-accounts [-h] [-c CONFIG] [-d DATA] [--host HOST] [-p PORT] [-g]

jellyfin-accounts

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        specifies path to configuration file.
  -d DATA, --data DATA  specifies directory to store data in. defaults to
                        ~/.jf-accounts.
  --host HOST           address to host web ui on.
  -p PORT, --port PORT  port to host web ui on.
  -g, --get_policy      tool to grab a JF users policy (access, perms, etc.)
                        and output as json to be used as a user template.

Setup

Policy template

  • You may want to restrict a user from accessing certain libraries (e.g 4K Movies), or display their account on the login screen by default. Jellyfin stores these settings as a user's policy.
  • Make a temporary account and change its settings, then run jf-accounts --get_policy. Choose your user, and the policy will be stored at the location you set in user_template, and used for all subsequent new accounts.

Emails/Password Resets

  • When someone initiates forget password on Jellyfin, a file named passwordreset*.json is created in its configuration directory. This directory is monitored and when created, the program reads the username, expiry time and PIN, puts it into a template and sends it to whatever address is specified in emails.json.
  • The default forget password popup references the passwordreset*.json file created. This is confusing for users, so a quick fix is to edit the MessageForgotPasswordFileCreated string in Jellyfin's language folder.
  • Currently, jellyfin-accounts supports generic SSL/TLS secured SMTP, and the mailgun REST API.
  • Email html is created using mjml, and jinja templating is used. If you wish to create your own, ensure you use the same jinja expressions ({{ pin }}, etc.) as used in data/email.mjml, and also create a plain text version for legacy email clients.

Configuration

  • Note: Make sure to put this behind a reverse proxy with HTTPS.

For detailed descriptions of each setting, see setup.

On first run, the default configuration is copied to ~/.jf-accounts/config.ini.

[jellyfin]
; It is reccommended to create a limited admin account for this program.
username = username
password = password
; Server will also be used in the invite form, so make sure it's publicly accessible.
server = https://jellyf.in:443
client = jf-accounts
version = 0.1
device = jf-accounts
device_id = jf-accounts-0.1

[ui]
; Set to 0.0.0.0 to run localhost
host = 0.0.0.0
port = 8056
username = your username
password = your password
debug = false

; Displayed at the bottom of all pages except admin
contact_message = Need help? contact me.
; Displayed at top of form page.
help_message =  Enter your details to create an account.
; Displayed when an account is created.
success_message = Your account has been created. Click below to continue to Jellyfin.

[password_validation]
; Enables password validation.
enabled = true 
; Min. password length
min_length = 8
; Min. number of uppercase characters
upper = 1
; Min. number of lowercase characters
lower = 0
; Min. number of numbers
number = 1
; Min. number of special characters
special = 0

[email]
; Enable to store provided email addresses, monitor jellyfin directory for pw-resets, and send pin
enabled = true
; Directory to monitor for passwordReset*.json files. Usually the jellyfin config directory
watch_directory = /path/to/jellyfin
use_24h = true
; Date format follows datetime's strftime.
date_format = %-d/%-m/%-y
; Path to custom email html. If blank, uses the internal template.
email_template =
; Path to alternate plaintext email. If blank, uses the internal template.
email_plaintext = 
; Displayed at bottom of emails
message = Need help? contact me.
; Mail methods: mailgun, smtp
method = mailgun
; Subject of emails
subject = Password Reset - Jellyfin
; Address to send from
address = jellyfin@jellyf.in
; The name of the sender
from = Jellyfin

[mailgun]

api_url = https://api.mailgun.net...
api_key = your api key

[smtp]
; Insecure SMTP hasn't been implemented, although I doubt many will need it.
ssl = true
server = smtp.jellyf.in
; Uses SMTP_SSL, so make sure the port is for this, not starttls.
port = 465
password = smtp password

[files]
; When the below paths are left blank, files are stored in ~/.jf-accounts/.

; Path to store valid invites.
invites = 
; Path to store email addresses in JSON
emails = 
; Path to the user policy template. Can be acquired with get-template.
user_template =