Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prowlarr v1.13: Passwords and API keys are obfuscated in API responses #60

Open
Callum027 opened this issue Apr 26, 2024 · 0 comments
Open

Prowlarr v1.13: Passwords and API keys are obfuscated in API responses #60

Callum027 opened this issue Apr 26, 2024 · 0 comments
Assignees
@Callum027
Labels
bug Something isn't working

Comments

@Callum027
Copy link
Member

Prowlarr v1.13 introduced a change where any passwords or API keys returned via the API (and to the UI) are obfuscated with * characters.

This makes it impossible to idempotently check and update resources with API keys or passwords in them. It also means the values returned by the API no longer satisfy the value constraints Buildarr places on the configuration.

2024-04-25 15:32:04,558 buildarr:82 buildarr.cli.run [INFO] Finished updating configuration on remote instances
2024-04-25 15:32:04,559 buildarr:82 buildarr.cli.run [INFO] Deleting unmanaged/unused resources on remote instances
2024-04-25 15:32:04,559 buildarr:82 buildarr.cli.run [INFO] <prowlarr> (default) Refetching remote configuration to delete unused resources
Traceback (most recent call last):
  File "/usr/local/bin/buildarr", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr/cli/run.py", line 101, in run
    _run(use_plugins)
  File "/usr/local/lib/python3.11/site-packages/buildarr/cli/run.py", line 273, in _run
    remote_instance_config = manager.from_remote(instance_config, instance_secrets)
                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr/manager/__init__.py", line 171, in from_remote
    return instance_config.from_remote(secrets)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr_prowlarr/config/__init__.py", line 169, in from_remote
    settings=ProwlarrSettings.from_remote(secrets),
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr/config/base.py", line 85, in from_remote
    fields[field_name] = field.type_.from_remote(secrets)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr/config/base.py", line 85, in from_remote
    fields[field_name] = field.type_.from_remote(secrets)
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr_prowlarr/config/settings/apps/applications.py", line 695, in from_remote
    definitions={
                ^
  File "/usr/local/lib/python3.11/site-packages/buildarr_prowlarr/config/settings/apps/applications.py", line 698, in <dictcomp>
    ]._from_remote(
      ^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/buildarr_prowlarr/config/settings/apps/applications.py", line 178, in _from_remote
    return cls(
           ^^^^
  File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for RadarrApplication
api_key
  ensure this value has at least 32 characters (type=value_error.any_str.min_length; limit_value=32)

As a temporary workaround to get Buildarr working for users again, loosen the restrictions

Related:
@Callum027 Callum027 added the bug Something isn't working label Apr 26, 2024
@Callum027 Callum027 added this to the v0.5.2 milestone Apr 26, 2024
@Callum027 Callum027 self-assigned this Apr 26, 2024
Callum027 added a commit that referenced this issue Apr 26, 2024
@Callum027
Loosen secret value constraints
590e402 
Temporary workaround for #60 until a permanent solution for handling obfuscated secret values can be worked out.
@Callum027 Callum027 mentioned this issue Apr 26, 2024
Merged
Callum027 added a commit that referenced this issue Apr 26, 2024
@Callum027
Loosen secret value constraints (#61)
d38f27f 
Temporary workaround for #60 until a permanent solution for handling obfuscated secret values can be worked out.
@Callum027 Callum027 removed this from the v0.5.2 milestone Apr 26, 2024
@Callum027 Callum027 mentioned this issue Apr 27, 2024
Merged
Callum027 added a commit that referenced this issue Apr 28, 2024
@Callum027
Fix compatibility with newer versions of Prowlarr (#66)
1a0bf56 
* Add the `sync_reject_blocklisted_torrent_hashes` attribute to the Lidarr, Radarr, Readarr, Sonarr and Whisparr application definitions. Only use it when the target Prowlarr application is v1.15.4361 or above, preserving backwards compatibility with older versions of Prowlarr.
* Update the `use_encryption` attribute on email notification connections to add the `always`, `preferred` and `never` options, and take into account API changes in newer versions of Prowlarr.
* Loosen Pushover user/API key constraints, to mitigate #60.
* Fix a number of resource class `_update_remote` methods to be more tolerant of remote attributes that are not defined in Prowlarr. This is not a permanent solution, but it should make the plugin more reliable in the meantime.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Callum027 Callum027

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Callum027