From daf190f68b8812cdc34af08b3181804a48209368 Mon Sep 17 00:00:00 2001
From: Harvey Tindall <hrfee@protonmail.ch>
Date: Wed, 19 Aug 2020 14:36:15 +0100
Subject: [PATCH] Avoid panic on invalid password with jellyfin_login

jfId was assigned too early, before checking errors.
Also, handle 400 as well as 401 from jellyfin as an invalid password.
---
 auth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/auth.go b/auth.go
index 0527c51..eff79e2 100644
--- a/auth.go
+++ b/auth.go
@@ -94,9 +94,8 @@ func (app *appContext) GetToken(gc *gin.Context) {
 		var err error
 		var user map[string]interface{}
 		user, status, err = app.authJf.authenticate(creds[0], creds[1])
-		jfId = user["Id"].(string)
 		if status != 200 || err != nil {
-			if status == 401 {
+			if status == 401 || status == 400 {
 				app.info.Println("Auth failed: Invalid username and/or password")
 				respond(401, "Unauthorized", gc)
 				return
@@ -105,6 +104,7 @@ func (app *appContext) GetToken(gc *gin.Context) {
 			respond(500, "Jellyfin error", gc)
 			return
 		} else {
+			jfId = user["Id"].(string)
 			if app.config.Section("ui").Key("admin_only").MustBool(true) {
 				if !user["Policy"].(map[string]interface{})["IsAdministrator"].(bool) {
 					app.debug.Printf("Auth failed: User \"%s\" isn't admin", creds[0])