diff --git a/maloja/apis/audioscrobbler.py b/maloja/apis/audioscrobbler.py
index d38dda6..6b00f7f 100644
--- a/maloja/apis/audioscrobbler.py
+++ b/maloja/apis/audioscrobbler.py
@@ -28,6 +28,15 @@ class Audioscrobbler(APIHandler):
Exception: (500, {"error": 8, "message": "Operation failed"})
}
+ # xml string escaping: https://stackoverflow.com/a/28703510
+ def xml_escape(self, str_xml: str):
+ str_xml = str_xml.replace("&", "&")
+ str_xml = str_xml.replace("<", "<")
+ str_xml = str_xml.replace("<", "<")
+ str_xml = str_xml.replace("\"", """)
+ str_xml = str_xml.replace("'", "'")
+ return str_xml
+
def get_method(self,pathnodes,keys):
return keys.get("method")
@@ -45,12 +54,22 @@ class Audioscrobbler(APIHandler):
token = keys.get("authToken")
user = keys.get("username")
password = keys.get("password")
+ format = keys.get("format") or "xml" # Audioscrobbler 2.0 uses XML by default
# either username and password
if user is not None and password is not None:
client = apikeystore.check_and_identify_key(password)
if client:
sessionkey = self.generate_key(client)
- return 200,{"session":{"key":sessionkey}}
+ if format == "json":
+ return 200,{"session":{"key":sessionkey}}
+ else:
+ return 200,"""
+
+ %s
+ %s
+ 0
+
+""" % (self.xml_escape(user), self.xml_escape(sessionkey))
else:
raise InvalidAuthException()
# or username and token (deprecated by lastfm)
@@ -59,7 +78,16 @@ class Audioscrobbler(APIHandler):
key = apikeystore[client]
if md5(user + md5(key)) == token:
sessionkey = self.generate_key(client)
- return 200,{"session":{"key":sessionkey}}
+ if format == "json":
+ return 200,{"session":{"key":sessionkey}}
+ else:
+ return 200,"""
+
+ %s
+ %s
+ 0
+
+""" % (self.xml_escape(user), self.xml_escape(sessionkey))
raise InvalidAuthException()
else:
raise BadAuthException()