fix: sso unreliable if API outputs more than raw json

api/src/unraid-api/unraid-file-modifier/modifications/__test__/snapshots/.login.php.modified.snapshot.php

@@ -33,7 +33,13 @@ function verifyUsernamePasswordAndSSO(string $username, string $password): bool
         }
 
         try {
-            $response = json_decode($output[0], true);
+            // Split on first { and take everything after it
+            $jsonParts = explode('{', $output[0], 2);
+            if (count($jsonParts) < 2) {
+                my_logger("SSO Login Attempt Failed: No JSON found in response");
+                return false;
+            }
+            $response = json_decode('{' . $jsonParts[1], true);
             if (isset($response['valid']) && $response['valid'] === true) {
                 return true;
             }

api/src/unraid-api/unraid-file-modifier/modifications/patches/sso.patch

@@ -2,7 +2,7 @@ Index: /usr/local/emhttp/plugins/dynamix/include/.login.php
 ===================================================================
 --- /usr/local/emhttp/plugins/dynamix/include/.login.php	original
 +++ /usr/local/emhttp/plugins/dynamix/include/.login.php	modified
-@@ -1,6 +1,51 @@
+@@ -1,6 +1,57 @@
  <?php
 +
 +
@@ -38,7 +38,13 @@ Index: /usr/local/emhttp/plugins/dynamix/include/.login.php
 +        }
 +
 +        try {
-+            $response = json_decode($output[0], true);
++            // Split on first { and take everything after it
++            $jsonParts = explode('{', $output[0], 2);
++            if (count($jsonParts) < 2) {
++                my_logger("SSO Login Attempt Failed: No JSON found in response");
++                return false;
++            }
++            $response = json_decode('{' . $jsonParts[1], true);
 +            if (isset($response['valid']) && $response['valid'] === true) {
 +                return true;
 +            }
@@ -54,7 +60,7 @@ Index: /usr/local/emhttp/plugins/dynamix/include/.login.php
  // Only start a session to check if they have a cookie that looks like our session
  $server_name = strtok($_SERVER['HTTP_HOST'],":");
  if (!empty($_COOKIE['unraid_'.md5($server_name)])) {
-@@ -202,11 +247,11 @@
+@@ -202,11 +253,11 @@
              if ($failCount == $maxFails) my_logger("Ignoring login attempts for {$username} from {$remote_addr}");
              throw new Exception(_('Too many invalid login attempts'));
          }
@@ -67,7 +73,7 @@ Index: /usr/local/emhttp/plugins/dynamix/include/.login.php
          if (isWildcardCert() && $twoFactorRequired && !verifyTwoFactorToken($username, $token)) throw new Exception(_('Invalid 2FA token'));
 
          // Successful login, start session
-@@ -536,10 +581,11 @@
+@@ -536,10 +587,11 @@
                              document.body.textContent = '';
                              document.body.appendChild(errorElement);
                          }

api/src/unraid-api/unraid-file-modifier/modifications/sso.modification.ts

@@ -12,7 +12,7 @@ export default class SSOFileModification extends FileModification {
     protected async generatePatch(overridePath?: string): Promise<string> {
         // Define the new PHP function to insert
         /* eslint-disable no-useless-escape */
-        const newFunction = `
+        const newFunction = /** PHP */ `
 function verifyUsernamePasswordAndSSO(string $username, string $password): bool {
     if ($username != "root") return false;
 
@@ -45,7 +45,13 @@ function verifyUsernamePasswordAndSSO(string $username, string $password): bool
         }
 
         try {
-            $response = json_decode($output[0], true);
+            // Split on first { and take everything after it
+            $jsonParts = explode('{', $output[0], 2);
+            if (count($jsonParts) < 2) {
+                my_logger("SSO Login Attempt Failed: No JSON found in response");
+                return false;
+            }
+            $response = json_decode('{' . $jsonParts[1], true);
             if (isset($response['valid']) && $response['valid'] === true) {
                 return true;
             }