diff --git a/server/api/plextv.ts b/server/api/plextv.ts index 0182c27c3..5d93f956e 100644 --- a/server/api/plextv.ts +++ b/server/api/plextv.ts @@ -212,7 +212,7 @@ class PlexTvAPI { return parsedXml; } - public async checkUserAccess(authUser: PlexUser): Promise { + public async checkUserAccess(userId: number): Promise { const settings = getSettings(); try { @@ -224,11 +224,11 @@ class PlexTvAPI { const users = friends.MediaContainer.User; - const user = users.find((u) => Number(u.$.id) === authUser.id); + const user = users.find((u) => Number(u.$.id) === userId); if (!user) { throw new Error( - 'This user does not exist on the main plex accounts shared list' + "This user does not exist on the main Plex account's shared list" ); } diff --git a/server/routes/auth.ts b/server/routes/auth.ts index f3943ce2f..3437f76ad 100644 --- a/server/routes/auth.ts +++ b/server/routes/auth.ts @@ -87,7 +87,7 @@ authRoutes.post('/login', async (req, res, next) => { }); const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? ''); - if (await mainPlexTv.checkUserAccess(account)) { + if (await mainPlexTv.checkUserAccess(account.id)) { user = new User({ email: account.email, plexUsername: account.username, diff --git a/server/routes/user/index.ts b/server/routes/user/index.ts index b60924134..ce9eb722a 100644 --- a/server/routes/user/index.ts +++ b/server/routes/user/index.ts @@ -333,7 +333,11 @@ router.post( await userRepository.save(user); } else { // Check to make sure it's a real account - if (account.email && account.username) { + if ( + account.email && + account.username && + (await mainPlexTv.checkUserAccess(Number(account.id))) + ) { const newUser = new User({ plexUsername: account.username, email: account.email,