refactor(api): rename and enhance profile switching logic

This fixes a critical security vulnerability where non-imported profiles could
authenticate as arbitrary users if their profile IDs shared any substring.

charts/jellyseerr-chart/Chart.yaml

@@ -3,8 +3,8 @@ kubeVersion: ">=1.23.0-0"
 name: jellyseerr-chart
 description: Jellyseerr helm chart for Kubernetes
 type: application
-version: 2.5.0
-appVersion: "2.6.0"
+version: 2.6.1
+appVersion: "2.7.1"
 maintainers:
   - name: Jellyseerr
     url: https://github.com/Fallenbagel/jellyseerr

charts/jellyseerr-chart/README.md

@@ -1,6 +1,6 @@
 # jellyseerr-chart
 
-![Version: 2.5.0](https://img.shields.io/badge/Version-2.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square)
+![Version: 2.6.1](https://img.shields.io/badge/Version-2.6.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.1](https://img.shields.io/badge/AppVersion-2.7.1-informational?style=flat-square)
 
 Jellyseerr helm chart for Kubernetes
 

cypress/config/settings.cypress.json

@@ -83,13 +83,6 @@
           "enableMentions": true
         }
       },
-      "lunasea": {
-        "enabled": false,
-        "types": 0,
-        "options": {
-          "webhookUrl": ""
-        }
-      },
       "slack": {
         "enabled": false,
         "types": 0,

docs/extending-jellyseerr/database-config.mdx

@@ -12,7 +12,7 @@ Jellyseerr supports SQLite and PostgreSQL. The database connection can be config
 If you want to use SQLite, you can simply set the `DB_TYPE` environment variable to `sqlite`. This is the default configuration so even if you don't set any other options, SQLite will be used.
 
 ```dotenv
-DB_TYPE="sqlite" # Which DB engine to use, either "sqlite" or "postgres". The default is "sqlite".
+DB_TYPE=sqlite # Which DB engine to use, either sqlite or postgres. The default is sqlite.
 CONFIG_DIRECTORY="config" # (optional) The path to the config directory where the db file is stored. The default is "config".
 DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging. The default is "false".
 ```
@@ -24,7 +24,7 @@ DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging.
 If your PostgreSQL server is configured to accept TCP connections, you can specify the host and port using the `DB_HOST` and `DB_PORT` environment variables. This is useful for remote connections where the server uses a network host and port.
 
 ```dotenv
-DB_TYPE="postgres" # Which DB engine to use, either "sqlite" or "postgres". The default is "sqlite".
+DB_TYPE=postgres # Which DB engine to use, either sqlite or postgres. The default is sqlite.
 DB_HOST="localhost" # (optional) The host (URL) of the database. The default is "localhost".
 DB_PORT="5432" # (optional) The port to connect to. The default is "5432".
 DB_USER= # (required) Username used to connect to the database.
@@ -38,7 +38,7 @@ DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging.
 If your PostgreSQL server is configured to accept Unix socket connections, you can specify the path to the socket directory using the `DB_SOCKET_PATH` environment variable. This is useful for local connections where the server uses a Unix socket.
 
 ```dotenv
-DB_TYPE="postgres" # Which DB engine to use, either "sqlite" or "postgres". The default is "sqlite".
+DB_TYPE=postgres # Which DB engine to use, either sqlite or postgres. The default is sqlite.
 DB_SOCKET_PATH="/var/run/postgresql" # (required) The path to the PostgreSQL Unix socket directory.
 DB_USER= # (required) Username used to connect to the database.
 DB_PASS= # (optional) Password of the user used to connect to the database, depending on the server's authentication configuration.
@@ -46,6 +46,27 @@ DB_NAME="jellyseerr" # (optional) The name of the database to connect to. The de
 DB_LOG_QUERIES="false" # (optional) Whether to log the DB queries for debugging. The default is "false".
 ```
 
+:::info
+**Finding Your PostgreSQL Socket Path**
+
+The PostgreSQL socket path varies by operating system and installation method:
+
+- **Ubuntu/Debian**: `/var/run/postgresql`
+- **CentOS/RHEL/Fedora**: `/var/run/postgresql`
+- **macOS (Homebrew)**: `/tmp` or `/opt/homebrew/var/postgresql`
+- **macOS (Postgres.app)**: `/tmp`
+- **Windows**: Not applicable (uses TCP connections)
+
+You can find your socket path by running:
+```bash
+# Find PostgreSQL socket directory
+find /tmp /var/run /run -name ".s.PGSQL.*" 2>/dev/null | head -1 | xargs dirname
+
+# Or check PostgreSQL configuration
+sudo -u postgres psql -c "SHOW unix_socket_directories;"
+```
+:::
+
 ### SSL configuration
 
 The following options can be used to further configure ssl. Certificates can be provided as a string or a file path, with the string version taking precedence.
@@ -56,10 +77,11 @@ DB_SSL_REJECT_UNAUTHORIZED="true" # (optional) Whether to reject ssl connections
 DB_SSL_CA= # (optional) The CA certificate to verify the connection, provided as a string. The default is "".
 DB_SSL_CA_FILE= # (optional) The path to a CA certificate to verify the connection. The default is "".
 DB_SSL_KEY= # (optional) The private key for the connection in PEM format, provided as a string. The default is "".
-DB_SSL_KEY_FILE= # (optinal) Path to the private key for the connection in PEM format. The default is "".
+DB_SSL_KEY_FILE= # (optional) Path to the private key for the connection in PEM format. The default is "".
 DB_SSL_CERT= # (optional) Certificate chain in pem format for the private key, provided as a string. The default is "".
 DB_SSL_CERT_FILE= # (optional) Path to certificate chain in pem format for the private key. The default is "".
 ```
+
 ---
 
 ### Migrating from SQLite to PostgreSQL
@@ -68,15 +90,76 @@ DB_SSL_CERT_FILE= # (optional) Path to certificate chain in pem format for the p
 2. Run Jellyseerr to create the tables in the PostgreSQL database
 3. Stop Jellyseerr
 4. Run the following command to export the data from the SQLite database and import it into the PostgreSQL database:
+
 :::info
-Edit the postgres connection string to match your setup.
+Edit the postgres connection string (without the \{\{ and \}\} brackets) to match your setup.
 
 If you don't have or don't want to use docker, you can build the working pgloader version [in this PR](https://github.com/dimitri/pgloader/pull/1531) from source and use the same options as below.
 :::
+
 :::caution
 The most recent release of pgloader has an issue quoting the table columns. Use the version in the docker container to avoid this issue.
 :::
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs>
+<TabItem value="docker" label="Using pgloader Container (Recommended)" default>
+
+**Recommended method**: Use the pgloader container even for standalone Jellyseerr installations. This avoids building from source and ensures compatibility.
+
 ```bash
-docker run --rm -v config/db.sqlite3:/db.sqlite3:ro ghcr.io/ralgar/pgloader:pr-1531 pgloader --with "quote identifiers" --with "data only" /db.sqlite3 postgresql://{{DB_USER}}:{{DB_PASS}}@{{DB_HOST}}:{{DB_PORT}}/{{DB_NAME}}
-   ```
+# For standalone installations (no Docker network needed)
+docker run --rm \
+  -v /path/to/your/config/db.sqlite3:/db.sqlite3:ro \
+  ghcr.io/ralgar/pgloader:pr-1531 \
+  pgloader --with "quote identifiers" --with "data only" \
+  /db.sqlite3 postgresql://{{DB_USER}}:{{DB_PASS}}@{{DB_HOST}}:{{DB_PORT}}/{{DB_NAME}}
+```
+
+**For Docker Compose setups**: Add the network parameter if your PostgreSQL is also in a container:
+```bash
+docker run --rm \
+  --network your-jellyseerr-network \
+  -v /path/to/your/config/db.sqlite3:/db.sqlite3:ro \
+  ghcr.io/ralgar/pgloader:pr-1531 \
+  pgloader --with "quote identifiers" --with "data only" \
+  /db.sqlite3 postgresql://{{DB_USER}}:{{DB_PASS}}@{{DB_HOST}}:{{DB_PORT}}/{{DB_NAME}}
+```
+
+</TabItem>
+<TabItem value="standalone" label="Building pgloader from Source">
+
+For users who prefer not to use Docker or need a custom build:
+
+```bash
+# Clone the repository and checkout the working version
+git clone https://github.com/dimitri/pgloader.git
+cd pgloader
+git fetch origin pull/1531/head:pr-1531
+git checkout pr-1531
+
+# Follow the official installation instructions
+# See: https://github.com/dimitri/pgloader/blob/master/INSTALL.md
+```
+
+:::info
+**Building pgloader from source requires following the complete installation process outlined in the [official pgloader INSTALL.md](https://github.com/dimitri/pgloader/blob/master/INSTALL.md).**
+
+Please refer to the official documentation for detailed, up-to-date installation instructions.
+:::
+
+Once pgloader is built, run the migration:
+
+```bash
+# Run migration (adjust path to your config directory)
+./pgloader --with "quote identifiers" --with "data only" \
+  /path/to/your/config/db.sqlite3 \
+  postgresql://{{DB_USER}}:{{DB_PASS}}@{{DB_HOST}}:{{DB_PORT}}/{{DB_NAME}}
+```
+
+</TabItem>
+</Tabs>
+
 5. Start Jellyseerr

docs/extending-jellyseerr/reverse-proxy.mdx

@@ -207,3 +207,62 @@ labels:
 ```
 
 For more information, please refer to the [Traefik documentation](https://doc.traefik.io/traefik/user-guides/docker-compose/basic-example/).
+
+## Apache2 HTTP Server
+
+<Tabs groupId="apache2-reverse-proxy" queryString>
+    <TabItem value="subdomain" label="Subdomain">
+
+Add the following Location block to your existing Server configuration.
+
+```apache
+# Jellyseerr
+		ProxyPreserveHost On
+		ProxyPass / http://localhost:5055 retry=0 connectiontimeout=5 timeout=30 keepalive=on
+		ProxyPassReverse http://localhost:5055 /
+		RequestHeader set Connection ""
+```
+
+</TabItem>
+
+<TabItem value="subfolder" label="Subfolder">
+
+:::warning
+This Apache2 subfolder reverse proxy is an unsupported workaround, and only provided as an example. The filters may stop working when Jellyseerr is updated.
+
+If you encounter any issues with Jellyseerr while using this workaround, we may ask you to try to reproduce the problem without the Apache2 proxy.
+:::
+
+Add the following Location block to your existing Server configuration.
+
+```apache
+# Jellyseerr
+# We will use "/jellyseerr" as subfolder
+# You can replace it with any that you like
+	<Location /jellyseerr>
+		ProxyPreserveHost On
+		ProxyPass http://localhost:5055 retry=0 connectiontimeout=5 timeout=30 keepalive=on
+		ProxyPassReverse http://localhost:5055
+		RequestHeader set Connection ""
+
+		# Header update, to support subfolder
+		# Please Replace "FQDN" with your domain
+		Header edit location ^/login https://FQDN/jellyseerr/login
+		Header edit location ^/setup https://FQDN/jellyseerr/setup
+		
+		AddOutputFilterByType INFLATE;SUBSTITUTE text/html application/javascript application/json
+		SubstituteMaxLineLength 2000K
+		# This is HTML and JS update
+		# Please update "/jellyseerr" if needed
+		Substitute "s|href=\"|href=\"/jellyseerr|inq"
+		Substitute "s|src=\"|src=\"/jellyseerr|inq"
+		Substitute "s|/api/|/jellyseerr/api/|inq"
+		Substitute "s|\"/_next/|\"/jellyseerr/_next/|inq"
+		# This is JSON update
+		Substitute "s|\"/avatarproxy/|\"/jellyseerr/avatarproxy/|inq"
+	</Location>
+```
+
+</TabItem>
+
+</Tabs>

docs/getting-started/docker.mdx

@@ -33,20 +33,31 @@ docker run -d \
   --name jellyseerr \
   -e LOG_LEVEL=debug \
   -e TZ=Asia/Tashkent \
-  -e PORT=5055 `#optional` \
+  -e PORT=5055 \
   -p 5055:5055 \
   -v /path/to/appdata/config:/app/config \
   --restart unless-stopped \
   fallenbagel/jellyseerr
 ```
 
+The argument `-e PORT=5055` is optional.
+
+If you want to add a healthcheck to the above command, you can add the following flags :
+```
+  --health-cmd "wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1" \
+  --health-start-period 20s \
+  --health-timeout 3s \
+  --health-interval 15s \
+  --health-retries 3 \
+```
+
 To run the container as a specific user/group, you may optionally add `--user=[ user | user:group | uid | uid:gid | user:gid | uid:group ]` to the above command.
 
 #### Updating:
 
 Stop and remove the existing container:
 ```bash
-docker stop jellyseerr && docker rm Jellyseerr
+docker stop jellyseerr && docker rm jellyseerr
 ```
 Pull the latest image:
 ```bash
@@ -83,6 +94,12 @@ services:
       - 5055:5055
     volumes:
       - /path/to/appdata/config:/app/config
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      retries: 3
     restart: unless-stopped
 ```
 
@@ -137,7 +154,26 @@ Then, create and start the Jellyseerr container:
 <Tabs groupId="docker-methods" queryString>
   <TabItem value="docker-cli" label="Docker CLI">
 ```bash
-docker run -d --name jellyseerr -e LOG_LEVEL=debug -e TZ=Asia/Tashkent -p 5055:5055 -v "jellyseerr-data:/app/config" --restart unless-stopped fallenbagel/jellyseerr:latest
+docker run -d \
+  --name jellyseerr \
+  -e LOG_LEVEL=debug \
+  -e TZ=Asia/Tashkent \
+  -e PORT=5055 \
+  -p 5055:5055 \
+  -v jellyseerr-data:/app/config \
+  --restart unless-stopped \
+  fallenbagel/jellyseerr
+```
+
+The argument `-e PORT=5055` is optional.
+
+If you want to add a healthcheck to the above command, you can add the following flags :
+```
+  --health-cmd "wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1" \
+  --health-start-period 20s \
+  --health-timeout 3s \
+  --health-interval 15s \
+  --health-retries 3 \
 ```
 
 #### Updating:
@@ -165,6 +201,12 @@ services:
       - 5055:5055
     volumes:
       - jellyseerr-data:/app/config
+    healthcheck:
+      test: wget --no-verbose --tries=1 --spider http://localhost:5055/api/v1/status || exit 1
+      start_period: 20s
+      timeout: 3s
+      interval: 15s
+      retries: 3
     restart: unless-stopped
 
 volumes:

docs/troubleshooting.mdx

@@ -105,6 +105,12 @@ In some places (like China), the ISP blocks not only the DNS resolution but also
 
 You can configure Jellyseerr to use a proxy with the [HTTP(S) Proxy](/using-jellyseerr/settings/general#https-proxy) setting.
 
+### Option 3: Force IPV4 resolution first
+
+Sometimes there are configuration issues with IPV6 that prevent the hostname resolution from working correctly.
+
+You can try to force the resolution to use IPV4 first by going to `Settings > Networking > Advanced Networking` and enabling `Force IPv4 Resolution First` setting and restarting Jellyseerr.
+
 ### Option 4: Check that your server can reach TMDB API
 
 Make sure that your server can reach the TMDB API by running the following command:

docs/using-jellyseerr/plex/_category_.json

@@ -0,0 +1,10 @@
+{
+  "label": "Plex Integration",
+  "position": 3,
+  "link": {
+    "type": "generated-index",
+    "title": "Plex Integration",
+    "description": "Learn about Jellyseerr's Plex integration features"
+  }
+}
+

docs/using-jellyseerr/plex/index.md

@@ -0,0 +1,36 @@
+---
+title: Overview
+description: Learn about Jellyseerr's Plex integration features
+sidebar_position: 1
+---
+
+# Plex Features Overview
+
+Jellyseerr provides integration features that connect with your Plex media server to automate media management tasks.
+
+## Available Features
+
+- [Watchlist Auto Request](./plex/watchlist-auto-request) - Automatically request media from your Plex Watchlist
+- More features coming soon!
+
+## Prerequisites
+
+:::info Authentication Required
+To use any Plex integration features, you must have logged into Jellyseerr at least once with your Plex account.
+:::
+
+**Requirements:**
+- Plex account with access to the configured Plex server
+- Jellyseerr configured with Plex as the media server
+- User authentication via Plex login
+- Appropriate user permissions for specific features
+
+## Getting Started
+
+1. Authenticate at least once using your Plex credentials
+2. Verify you have the necessary permissions for desired features
+3. Follow individual feature guides for setup instructions
+
+:::note Server Configuration
+Plex server configuration is handled by your administrator. If you cannot log in with your Plex account, contact your administrator to verify the server setup.
+:::

docs/using-jellyseerr/plex/watchlist-auto-request.md

@@ -0,0 +1,95 @@
+---
+title: Watchlist Auto Request
+description: Learn how to use the Plex Watchlist Auto Request feature
+sidebar_position: 1
+---
+
+# Watchlist Auto Request
+
+The Plex Watchlist Auto Request feature allows Jellyseerr to automatically create requests for media items you add to your Plex Watchlist. Simply add content to your Plex Watchlist, and Jellyseerr will automatically request it for you.
+
+:::info
+This feature is only available for Plex users. Local users cannot use the Watchlist Auto Request feature.
+:::
+
+## Prerequisites
+
+- You must have logged into Jellyseerr at least once with your Plex account
+- Your administrator must have granted you the necessary permissions
+- Your Plex account must have access to the Plex server configured in Jellyseerr
+
+## Permission System
+
+The Watchlist Auto Request feature uses a two-tier permission system:
+
+### Administrator Permissions (Required)
+Your administrator must grant you these permissions in your user profile:
+- **Auto-Request** (master permission)
+- **Auto-Request Movies** (for movie auto-requests)
+- **Auto-Request Series** (for TV series auto-requests)
+
+### User Activation (Required)
+You must enable the feature in your own profile settings:
+- **Auto-Request Movies** toggle
+- **Auto-Request Series** toggle
+
+:::warning Two-Step Process
+Both administrator permissions AND user activation are required. Having permissions doesn't automatically enable the feature - you must also activate it in your profile.
+:::
+
+## How to Enable
+
+### Step 1: Check Your Permissions
+Contact your administrator to verify you have been granted:
+- `Auto-Request` permission
+- `Auto-Request Movies` and/or `Auto-Request Series` permissions
+
+### Step 2: Activate the Feature
+1. Go to your user profile settings
+2. Navigate to the "General" section
+3. Find the "Auto-Request" options
+4. Enable the toggles for:
+   - **Auto-Request Movies** - to automatically request movies from your watchlist
+   - **Auto-Request Series** - to automatically request TV series from your watchlist
+
+### Step 3: Start Using
+- Add movies and TV shows to your Plex Watchlist
+- Jellyseerr will automatically create requests for new items
+- You'll receive notifications when items are auto-requested
+
+## How It Works
+
+Once properly configured, Jellyseerr will:
+
+1. Periodically checks your Plex Watchlist for new items
+2. Verify if the content already exists in your media libraries
+3. Automatically submits requests for new items that aren't already available
+4. Only requests content types you have permissions for
+5. Notifiy you when auto-requests are created
+
+:::info Content Limitations
+Auto-request only works for standard quality content. 4K content must be requested manually if you have 4K permissions.
+:::
+
+## For Administrators
+
+### Granting Permissions
+1. Navigate to **Users** > **[Select User]** > **Permissions**
+2. Enable the required permissions:
+   - **Auto-Request** (master toggle)
+   - **Auto-Request Movies** (for movie auto-requests)
+   - **Auto-Request Series** (for TV series auto-requests)
+3. Optionally enable **Auto-Approve** permissions for automatic approval
+
+### Default Permissions
+- Go to **Settings** > **Users** > **Default Permissions**
+- Configure auto-request permissions for new users
+- This sets the default permissions but users still need to activate the feature individually
+
+## Limitations
+
+- Local users cannot use this feature
+- 4K content requires manual requests
+- Users must have logged into Jellyseerr with their Plex account
+- Respects user request limits and quotas
+- Won't request content already in your libraries

jellyseerr-api.yml

@@ -133,6 +133,18 @@ components:
           type: number
           example: 5
           readOnly: true
+        plexProfileId:
+          type: string
+          example: '12345'
+          readOnly: true
+        isPlexProfile:
+          type: boolean
+          example: true
+          readOnly: true
+        mainPlexUserId:
+          type: number
+          example: 1
+          readOnly: true
       required:
         - id
         - email
@@ -194,6 +206,27 @@ components:
         trustProxy:
           type: boolean
           example: true
+    PlexProfile:
+      type: object
+      properties:
+        id:
+          type: string
+          example: '12345'
+        title:
+          type: string
+          example: 'Family Member'
+        username:
+          type: string
+          example: 'family_member'
+        thumb:
+          type: string
+          example: 'https://plex.tv/users/avatar.jpg'
+        isMainUser:
+          type: boolean
+          example: false
+        protected:
+          type: boolean
+          example: true
     PlexLibrary:
       type: object
       properties:
@@ -1425,22 +1458,6 @@ components:
               type: boolean
             token:
               type: string
-    LunaSeaSettings:
-      type: object
-      properties:
-        enabled:
-          type: boolean
-          example: false
-        types:
-          type: number
-          example: 2
-        options:
-          type: object
-          properties:
-            webhookUrl:
-              type: string
-            profileName:
-              type: string
     NotificationEmailSettings:
       type: object
       properties:
@@ -3099,52 +3116,6 @@ paths:
       responses:
         '204':
           description: Test notification attempted
-  /settings/notifications/lunasea:
-    get:
-      summary: Get LunaSea notification settings
-      description: Returns current LunaSea notification settings in a JSON object.
-      tags:
-        - settings
-      responses:
-        '200':
-          description: Returned LunaSea settings
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/LunaSeaSettings'
-    post:
-      summary: Update LunaSea notification settings
-      description: Updates LunaSea notification settings with the provided values.
-      tags:
-        - settings
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/LunaSeaSettings'
-      responses:
-        '200':
-          description: 'Values were sucessfully updated'
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/LunaSeaSettings'
-  /settings/notifications/lunasea/test:
-    post:
-      summary: Test LunaSea settings
-      description: Sends a test notification to the LunaSea agent.
-      tags:
-        - settings
-      requestBody:
-        required: true
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/LunaSeaSettings'
-      responses:
-        '204':
-          description: Test notification attempted
   /settings/notifications/pushbullet:
     get:
       summary: Get Pushbullet notification settings
@@ -3720,17 +3691,17 @@ paths:
   /auth/plex:
     post:
       summary: Sign in using a Plex token
-      description: Takes an `authToken` (Plex token) to log the user in. Generates a session cookie for use in further requests. If the user does not exist, and there are no other users, then a user will be created with full admin privileges. If a user logs in with access to the main Plex server, they will also have an account created, but without any permissions.
+      description: |
+        Takes an `authToken` (Plex token) to log the user in. Generates a session cookie for use in further requests.
+
+        If the user does not exist, and there are no other users, then a user will be created with full admin privileges.
+        If a user logs in with access to the main Plex server, they will also have an account created, but without any permissions.
+
+        If the Plex account has multiple profiles, the response will include a `status` field with value `REQUIRES_PROFILE`,
+        along with the available profiles and the main user ID.
       security: []
       tags:
         - auth
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/User'
       requestBody:
         required: true
         content:
@@ -3740,8 +3711,155 @@ paths:
               properties:
                 authToken:
                   type: string
+                profileId:
+                  type: string
+                  description: Optional. If provided, will attempt to authenticate as this specific Plex profile.
+                pin:
+                  type: string
+                  description: Optional 4-digit profile PIN
+                isSetup:
+                  type: boolean
+                  description: Set to true during initial setup wizard
               required:
                 - authToken
+      responses:
+        '200':
+          description: OK or profile selection required
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: '#/components/schemas/User'
+                  - type: object
+                    properties:
+                      status:
+                        type: string
+                        enum: [REQUIRES_PROFILE]
+                        example: REQUIRES_PROFILE
+                      mainUserId:
+                        type: number
+                        example: 1
+                      profiles:
+                        type: array
+                        items:
+                          $ref: '#/components/schemas/PlexProfile'
+        '401':
+          description: Invalid Plex token (or incorrect 4-digit PIN)
+        '403':
+          description: Access denied
+        '409':
+          description: Conflict. E-mail or username already exists
+        '500':
+          description: Unexpected server error
+
+  /auth/plex/profile/select:
+    post:
+      summary: Select a Plex profile to log in as
+      description: |
+        Selects a specific Plex profile to log in as. The profile must be associated with the main user ID provided.
+
+        A session cookie will be generated for the selected profile user.
+      security: []
+      tags:
+        - auth
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                profileId:
+                  type: string
+                  description: The ID of the Plex profile to log in as
+                mainUserId:
+                  type: number
+                  description: The ID of the main Plex user account
+                pin:
+                  type: string
+                  description: Optional 4 digit profile PIN
+                authToken:
+                  type: string
+                  description: Optional Plex token (when reselecting without /plex step)
+
+              required:
+                - profileId
+                - mainUserId
+      responses:
+        '200':
+          description: OK or PIN required
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: '#/components/schemas/User'
+                  - type: object
+                    properties:
+                      status:
+                        type: string
+                        enum: [REQUIRES_PIN]
+                        example: REQUIRES_PIN
+                      profileId:
+                        type: string
+                        example: '3b969e371cc3df20'
+                      profileName:
+                        type: string
+                        example: 'John Doe'
+                      mainUserId:
+                        type: number
+                        example: 1
+        '400':
+          description: Missing required parameters
+        '401':
+          description: Invalid Plex token (or incorrect 4-digit PIN)
+        '403':
+          description: Access denied
+        '404':
+          description: Profile not found
+        '500':
+          description: Error selecting profile
+
+  /auth/plex/profiles/{userId}:
+    get:
+      summary: Get Plex profiles for a given Jellyseerr user
+      description: |
+        Returns the list of available Plex home profiles and their corresponding user accounts
+        linked to the specified Jellyseerr user. The user must be a Plex-based account.
+      security: []
+      tags:
+        - auth
+      parameters:
+        - in: path
+          name: userId
+          required: true
+          schema:
+            type: integer
+          description: The Jellyseerr user ID of the main Plex account
+      responses:
+        '200':
+          description: List of profiles and linked users
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  profiles:
+                    type: array
+                    items:
+                      $ref: '#/components/schemas/PlexProfile'
+                  profileUsers:
+                    type: array
+                    items:
+                      $ref: '#/components/schemas/User'
+                  mainUser:
+                    $ref: '#/components/schemas/User'
+        '400':
+          description: Invalid user ID format or unsupported user type
+        '404':
+          description: User not found
+        '500':
+          description: Failed to fetch profiles
+
   /auth/jellyfin:
     post:
       summary: Sign in using a Jellyfin username and password

package.json

@@ -46,7 +46,7 @@
     "@types/ua-parser-js": "^0.7.36",
     "@types/wink-jaro-distance": "^2.0.2",
     "ace-builds": "1.15.2",
-    "axios": "1.3.4",
+    "axios": "1.10.0",
     "axios-rate-limit": "1.3.0",
     "bcrypt": "5.1.0",
     "bowser": "2.11.0",
@@ -115,11 +115,10 @@
     "zod": "3.24.2"
   },
   "devDependencies": {
+    "@codedependant/semantic-release-docker": "^5.1.0",
     "@commitlint/cli": "17.4.4",
     "@commitlint/config-conventional": "17.4.4",
-    "@semantic-release/changelog": "6.0.2",
-    "@semantic-release/commit-analyzer": "9.0.2",
-    "@semantic-release/exec": "6.0.3",
+    "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "@tailwindcss/aspect-ratio": "0.4.2",
     "@tailwindcss/forms": "0.5.10",
@@ -170,8 +169,7 @@
     "prettier": "2.8.4",
     "prettier-plugin-organize-imports": "3.2.2",
     "prettier-plugin-tailwindcss": "0.2.3",
-    "semantic-release": "19.0.5",
-    "semantic-release-docker-buildx": "1.0.1",
+    "semantic-release": "24.2.7",
     "tailwindcss": "3.2.7",
     "ts-node": "10.9.1",
     "tsc-alias": "1.8.2",
@@ -226,7 +224,49 @@
           "message": "chore(release): ${nextRelease.version}"
         }
       ],
-      "semantic-release-docker-buildx",
+      [
+        "@codedependant/semantic-release-docker",
+        {
+          "dockerArgs": {
+            "COMMIT_TAG": "$GIT_SHA"
+          },
+          "dockerLogin": false,
+          "dockerProject": "fallenbagel",
+          "dockerImage": "jellyseerr",
+          "dockerTags": [
+            "latest",
+            "{{major}}",
+            "{{major}}.{{minor}}",
+            "{{major}}.{{minor}}.{{patch}}"
+          ],
+          "dockerPlatform": [
+            "linux/amd64",
+            "linux/arm64"
+          ]
+        }
+      ],
+      [
+        "@codedependant/semantic-release-docker",
+        {
+          "dockerArgs": {
+            "COMMIT_TAG": "$GIT_SHA"
+          },
+          "dockerLogin": false,
+          "dockerRegistry": "ghcr.io",
+          "dockerProject": "fallenbagel",
+          "dockerImage": "jellyseerr",
+          "dockerTags": [
+            "latest",
+            "{{major}}",
+            "{{major}}.{{minor}}",
+            "{{major}}.{{minor}}.{{patch}}"
+          ],
+          "dockerPlatform": [
+            "linux/amd64",
+            "linux/arm64"
+          ]
+        }
+      ],
       [
         "@semantic-release/github",
         {
@@ -239,20 +279,7 @@
     ],
     "npmPublish": false,
     "publish": [
-      {
-        "path": "semantic-release-docker-buildx",
-        "buildArgs": {
-          "COMMIT_TAG": "$GIT_SHA"
-        },
-        "imageNames": [
-          "fallenbagel/jellyseerr",
-          "ghcr.io/fallenbagel/jellyseerr"
-        ],
-        "platforms": [
-          "linux/amd64",
-          "linux/arm64"
-        ]
-      },
+      "@codedependant/semantic-release-docker",
       "@semantic-release/github"
     ]
   }

server/api/externalapi.ts

@@ -1,3 +1,4 @@
+import { requestInterceptorFunction } from '@server/utils/customProxyAgent';
 import type { AxiosInstance, AxiosRequestConfig } from 'axios';
 import axios from 'axios';
 import rateLimit from 'axios-rate-limit';
@@ -37,6 +38,7 @@ class ExternalAPI {
         ...options.headers,
       },
     });
+    this.axios.interceptors.request.use(requestInterceptorFunction);
 
     if (options.rateLimit) {
       this.axios = rateLimit(this.axios, {

server/api/plextv.ts

@@ -2,10 +2,10 @@ import type { PlexDevice } from '@server/interfaces/api/plexInterfaces';
 import cacheManager from '@server/lib/cache';
 import { getSettings } from '@server/lib/settings';
 import logger from '@server/logger';
+import axios from 'axios';
 import { randomUUID } from 'node:crypto';
 import xml2js from 'xml2js';
 import ExternalAPI from './externalapi';
-
 interface PlexAccountResponse {
   user: PlexUser;
 }
@@ -31,6 +31,37 @@ interface PlexUser {
   };
   entitlements: string[];
 }
+interface PlexHomeUser {
+  $: {
+    id: string;
+    uuid: string;
+    title: string;
+    username?: string;
+    email?: string;
+    thumb: string;
+    protected?: string;
+    hasPassword?: string;
+    admin?: string;
+    guest?: string;
+    restricted?: string;
+  };
+}
+
+interface PlexHomeUsersResponse {
+  MediaContainer: {
+    protected?: string;
+    User?: PlexHomeUser | PlexHomeUser[];
+  };
+}
+
+export interface PlexProfile {
+  id: string;
+  title: string;
+  username?: string;
+  thumb: string;
+  isMainUser?: boolean;
+  protected?: boolean;
+}
 
 interface ConnectionResponse {
   $: {
@@ -225,6 +256,156 @@ class PlexTvAPI extends ExternalAPI {
     }
   }
 
+  public async getProfiles(): Promise<PlexProfile[]> {
+    try {
+      // First get the main user
+      const mainUser = await this.getUser();
+
+      // Initialize with main user profile
+      const profiles: PlexProfile[] = [
+        {
+          id: mainUser.uuid,
+          title: mainUser.username,
+          username: mainUser.username,
+          thumb: mainUser.thumb,
+          isMainUser: true,
+          protected: false, // Will be updated if we get XML data
+        },
+      ];
+
+      try {
+        // Fetch all profiles including PIN protection status
+        const response = await axios.get(
+          'https://clients.plex.tv/api/home/users',
+          {
+            headers: {
+              Accept: 'application/json',
+              'X-Plex-Token': this.authToken,
+              'X-Plex-Client-Identifier': randomUUID(),
+            },
+          }
+        );
+
+        // Parse the XML response
+        const parsedXML = await xml2js.parseStringPromise(response.data, {
+          explicitArray: false,
+        });
+
+        const container = (parsedXML as PlexHomeUsersResponse).MediaContainer;
+        const rawUsers = container?.User;
+
+        if (rawUsers) {
+          // Convert to array if single user
+          const users: PlexHomeUser[] = Array.isArray(rawUsers)
+            ? rawUsers
+            : [rawUsers];
+
+          // Update main user's protected status
+          const mainUserInXml = users.find(
+            (user) => user.$.uuid === mainUser.uuid
+          );
+          if (mainUserInXml) {
+            profiles[0].protected = mainUserInXml.$.protected === '1';
+          }
+
+          // Add managed profiles (non-main profiles)
+          const managedProfiles = users
+            .filter((user) => {
+              // Validate profile data
+              const { uuid, title, username } = user.$;
+              const isValid = Boolean(uuid && (title || username));
+
+              // Log invalid profiles but don't include them
+              if (!isValid) {
+                logger.warn('Skipping invalid Plex profile entry', {
+                  label: 'Plex.tv API',
+                  uuid,
+                  title,
+                  username,
+                });
+              }
+
+              // Filter out main user and invalid profiles
+              return isValid && uuid !== mainUser.uuid;
+            })
+            .map((user) => ({
+              id: user.$.uuid,
+              title: user.$.title ?? 'Unknown',
+              username: user.$.username || user.$.title || 'Unknown',
+              thumb: user.$.thumb ?? '',
+              protected: user.$.protected === '1',
+              isMainUser: false,
+            }));
+
+          // Add managed profiles to the results
+          profiles.push(...managedProfiles);
+        }
+
+        logger.debug('Successfully parsed Plex profiles', {
+          label: 'Plex.tv API',
+          count: profiles.length,
+        });
+      } catch (e) {
+        // Continue with just the main user profile if we can't get managed profiles
+        logger.debug('Could not retrieve managed profiles', {
+          label: 'Plex.tv API',
+          errorMessage: e.message,
+        });
+      }
+
+      return profiles;
+    } catch (e) {
+      logger.error('Failed to retrieve Plex profiles', {
+        label: 'Plex.tv API',
+        errorMessage: e.message,
+      });
+      return [];
+    }
+  }
+
+  public async switchProfile(
+    profileId: string,
+    pin?: string
+  ): Promise<boolean> {
+    const urlPath = `/api/v2/home/users/${profileId}/switch`;
+    try {
+      // @codeql-disable-next-line XssThrough -- False positive: baseURL is hardcoded to Plex API
+      const response = await axios.post(urlPath, pin ? { pin } : {}, {
+        baseURL: 'https://clients.plex.tv',
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json',
+          'X-Plex-Token': this.authToken,
+          'X-Plex-Client-Identifier': randomUUID(),
+        },
+      });
+      return response.status >= 200 && response.status < 300;
+    } catch (e) {
+      logger.warn('Failed to switch Plex profile', {
+        label: 'Plex.TV Metadata API',
+        errorMessage: e.message,
+        profileId,
+      });
+      return false;
+    }
+  }
+
+  public async validateProfilePin(
+    profileId: string,
+    pin: string
+  ): Promise<boolean> {
+    try {
+      const success = await this.switchProfile(profileId, pin);
+      return success;
+    } catch (e) {
+      logger.error('Failed to validate Plex profile pin', {
+        label: 'Plex.tv API',
+        errorMessage: e.message,
+      });
+      return false;
+    }
+  }
+
   public async checkUserAccess(userId: number): Promise<boolean> {
     const settings = getSettings();
 

server/api/tautulli.ts

@@ -1,6 +1,7 @@
 import type { User } from '@server/entity/User';
 import type { TautulliSettings } from '@server/lib/settings';
 import logger from '@server/logger';
+import { requestInterceptorFunction } from '@server/utils/customProxyAgent';
 import type { AxiosInstance } from 'axios';
 import axios from 'axios';
 import { uniqWith } from 'lodash';
@@ -123,6 +124,7 @@ class TautulliAPI {
       }${settings.urlBase ?? ''}`,
       params: { apikey: settings.apiKey },
     });
+    this.axios.interceptors.request.use(requestInterceptorFunction);
   }
 
   public async getInfo(): Promise<TautulliInfo> {

server/constants/error.ts

@@ -9,4 +9,7 @@ export enum ApiErrorCode {
   SyncErrorNoLibraries = 'SYNC_ERROR_NO_LIBRARIES',
   Unauthorized = 'UNAUTHORIZED',
   Unknown = 'UNKNOWN',
+  InvalidPin = 'INVALID_PIN',
+  NewPlexLoginDisabled = 'NEW_PLEX_LOGIN_DISABLED',
+  ProfileUserExists = 'PROFILE_USER_EXISTS',
 }

server/entity/User.ts

@@ -91,6 +91,15 @@ export class User {
   @Column({ type: 'varchar', nullable: true, select: false })
   public plexToken?: string | null;
 
+  @Column({ type: 'varchar', nullable: true })
+  public plexProfileId?: string | null;
+
+  @Column({ type: 'boolean', default: false })
+  public isPlexProfile?: boolean;
+
+  @Column({ type: 'integer', nullable: true })
+  public mainPlexUserId?: number | null;
+
   @Column({ type: 'integer', default: 0 })
   public permissions = 0;
 

server/index.ts

@@ -9,7 +9,6 @@ import notificationManager from '@server/lib/notifications';
 import DiscordAgent from '@server/lib/notifications/agents/discord';
 import EmailAgent from '@server/lib/notifications/agents/email';
 import GotifyAgent from '@server/lib/notifications/agents/gotify';
-import LunaSeaAgent from '@server/lib/notifications/agents/lunasea';
 import NtfyAgent from '@server/lib/notifications/agents/ntfy';
 import PushbulletAgent from '@server/lib/notifications/agents/pushbullet';
 import PushoverAgent from '@server/lib/notifications/agents/pushover';
@@ -28,6 +27,7 @@ import { getAppVersion } from '@server/utils/appVersion';
 import createCustomProxyAgent from '@server/utils/customProxyAgent';
 import restartFlag from '@server/utils/restartFlag';
 import { getClientIp } from '@supercharge/request-ip';
+import axios from 'axios';
 import { TypeormStore } from 'connect-typeorm/out';
 import cookieParser from 'cookie-parser';
 import type { NextFunction, Request, Response } from 'express';
@@ -35,6 +35,8 @@ import express from 'express';
 import * as OpenApiValidator from 'express-openapi-validator';
 import type { Store } from 'express-session';
 import session from 'express-session';
+import http from 'http';
+import https from 'https';
 import next from 'next';
 import path from 'path';
 import swaggerUi from 'swagger-ui-express';
@@ -73,6 +75,11 @@ app
     const settings = await getSettings().load();
     restartFlag.initializeSettings(settings);
 
+    if (settings.network.forceIpv4First) {
+      axios.defaults.httpAgent = new http.Agent({ family: 4 });
+      axios.defaults.httpsAgent = new https.Agent({ family: 4 });
+    }
+
     // Register HTTP proxy
     if (settings.network.proxy.enabled) {
       await createCustomProxyAgent(settings.network.proxy);
@@ -105,7 +112,6 @@ app
       new EmailAgent(),
       new GotifyAgent(),
       new NtfyAgent(),
-      new LunaSeaAgent(),
       new PushbulletAgent(),
       new PushoverAgent(),
       new SlackAgent(),

server/lib/imageproxy.ts

@@ -1,4 +1,5 @@
 import logger from '@server/logger';
+import { requestInterceptorFunction } from '@server/utils/customProxyAgent';
 import axios from 'axios';
 import rateLimit, { type rateLimitOptions } from 'axios-rate-limit';
 import { createHash } from 'crypto';
@@ -150,6 +151,7 @@ class ImageProxy {
       baseURL: baseUrl,
       headers: options.headers,
     });
+    this.axios.interceptors.request.use(requestInterceptorFunction);
 
     if (options.rateLimitOptions) {
       this.axios = rateLimit(this.axios, options.rateLimitOptions);

server/lib/notifications/agents/gotify.ts

@@ -35,7 +35,7 @@ class GotifyAgent
       settings.enabled &&
       settings.options.url &&
       settings.options.token &&
-      settings.options.priority
+      settings.options.priority !== undefined
     ) {
       return true;
     }

server/lib/notifications/agents/lunasea.ts

@@ -1,133 +0,0 @@
-import { IssueStatus, IssueType } from '@server/constants/issue';
-import { MediaStatus } from '@server/constants/media';
-import type { NotificationAgentLunaSea } from '@server/lib/settings';
-import { getSettings } from '@server/lib/settings';
-import logger from '@server/logger';
-import axios from 'axios';
-import { hasNotificationType, Notification } from '..';
-import type { NotificationAgent, NotificationPayload } from './agent';
-import { BaseAgent } from './agent';
-
-class LunaSeaAgent
-  extends BaseAgent<NotificationAgentLunaSea>
-  implements NotificationAgent
-{
-  protected getSettings(): NotificationAgentLunaSea {
-    if (this.settings) {
-      return this.settings;
-    }
-
-    const settings = getSettings();
-
-    return settings.notifications.agents.lunasea;
-  }
-
-  private buildPayload(type: Notification, payload: NotificationPayload) {
-    return {
-      notification_type: Notification[type],
-      event: payload.event,
-      subject: payload.subject,
-      message: payload.message,
-      image: payload.image ?? null,
-      email: payload.notifyUser?.email,
-      username: payload.notifyUser?.displayName,
-      avatar: payload.notifyUser?.avatar,
-      media: payload.media
-        ? {
-            media_type: payload.media.mediaType,
-            tmdbId: payload.media.tmdbId,
-            tvdbId: payload.media.tvdbId,
-            status: MediaStatus[payload.media.status],
-            status4k: MediaStatus[payload.media.status4k],
-          }
-        : null,
-      extra: payload.extra ?? [],
-      request: payload.request
-        ? {
-            request_id: payload.request.id,
-            requestedBy_email: payload.request.requestedBy.email,
-            requestedBy_username: payload.request.requestedBy.displayName,
-            requestedBy_avatar: payload.request.requestedBy.avatar,
-          }
-        : null,
-      issue: payload.issue
-        ? {
-            issue_id: payload.issue.id,
-            issue_type: IssueType[payload.issue.issueType],
-            issue_status: IssueStatus[payload.issue.status],
-            createdBy_email: payload.issue.createdBy.email,
-            createdBy_username: payload.issue.createdBy.displayName,
-            createdBy_avatar: payload.issue.createdBy.avatar,
-          }
-        : null,
-      comment: payload.comment
-        ? {
-            comment_message: payload.comment.message,
-            commentedBy_email: payload.comment.user.email,
-            commentedBy_username: payload.comment.user.displayName,
-            commentedBy_avatar: payload.comment.user.avatar,
-          }
-        : null,
-    };
-  }
-
-  public shouldSend(): boolean {
-    const settings = this.getSettings();
-
-    if (settings.enabled && settings.options.webhookUrl) {
-      return true;
-    }
-
-    return false;
-  }
-
-  public async send(
-    type: Notification,
-    payload: NotificationPayload
-  ): Promise<boolean> {
-    const settings = this.getSettings();
-
-    if (
-      !payload.notifySystem ||
-      !hasNotificationType(type, settings.types ?? 0)
-    ) {
-      return true;
-    }
-
-    logger.debug('Sending LunaSea notification', {
-      label: 'Notifications',
-      type: Notification[type],
-      subject: payload.subject,
-    });
-
-    try {
-      await axios.post(
-        settings.options.webhookUrl,
-        this.buildPayload(type, payload),
-        settings.options.profileName
-          ? {
-              headers: {
-                Authorization: `Basic ${Buffer.from(
-                  `${settings.options.profileName}:`
-                ).toString('base64')}`,
-              },
-            }
-          : undefined
-      );
-
-      return true;
-    } catch (e) {
-      logger.error('Error sending LunaSea notification', {
-        label: 'Notifications',
-        type: Notification[type],
-        subject: payload.subject,
-        errorMessage: e.message,
-        response: e?.response?.data,
-      });
-
-      return false;
-    }
-  }
-}
-
-export default LunaSeaAgent;

server/lib/settings/index.ts

@@ -140,6 +140,7 @@ export interface MainSettings {
 
 export interface NetworkSettings {
   csrfProtection: boolean;
+  forceIpv4First: boolean;
   trustProxy: boolean;
   proxy: ProxySettings;
 }
@@ -215,13 +216,6 @@ export interface NotificationAgentEmail extends NotificationAgentConfig {
   };
 }
 
-export interface NotificationAgentLunaSea extends NotificationAgentConfig {
-  options: {
-    webhookUrl: string;
-    profileName?: string;
-  };
-}
-
 export interface NotificationAgentTelegram extends NotificationAgentConfig {
   options: {
     botUsername?: string;
@@ -293,7 +287,6 @@ interface NotificationAgents {
   email: NotificationAgentEmail;
   gotify: NotificationAgentGotify;
   ntfy: NotificationAgentNtfy;
-  lunasea: NotificationAgentLunaSea;
   pushbullet: NotificationAgentPushbullet;
   pushover: NotificationAgentPushover;
   slack: NotificationAgentSlack;
@@ -429,13 +422,6 @@ class Settings {
               enableMentions: true,
             },
           },
-          lunasea: {
-            enabled: false,
-            types: 0,
-            options: {
-              webhookUrl: '',
-            },
-          },
           slack: {
             enabled: false,
             types: 0,
@@ -544,6 +530,7 @@ class Settings {
       },
       network: {
         csrfProtection: false,
+        forceIpv4First: false,
         trustProxy: false,
         proxy: {
           enabled: false,

server/lib/settings/migrations/0006_remove_lunasea.ts

@@ -0,0 +1,14 @@
+import type { AllSettings } from '@server/lib/settings';
+
+const removeLunaSeaSetting = (settings: any): AllSettings => {
+  if (
+    settings.notifications &&
+    settings.notifications.agents &&
+    settings.notifications.agents.lunasea
+  ) {
+    delete settings.notifications.agents.lunasea;
+  }
+  return settings;
+};
+
+export default removeLunaSeaSetting;

server/migration/postgres/1745265840052-AddPlexProfilesSupport.ts

@@ -0,0 +1,21 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddPlexProfilesSupport1745265840052 implements MigrationInterface {
+  name = 'AddPlexProfilesSupport1745265840052';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "user" ADD "plexProfileId" character varying`
+    );
+    await queryRunner.query(
+      `ALTER TABLE "user" ADD "isPlexProfile" boolean NOT NULL DEFAULT false`
+    );
+    await queryRunner.query(`ALTER TABLE "user" ADD "mainPlexUserId" integer`);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "mainPlexUserId"`);
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "isPlexProfile"`);
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "plexProfileId"`);
+  }
+}

server/migration/sqlite/1745265825619-AddPlexProfilesSupport.ts

@@ -0,0 +1,21 @@
+import type { MigrationInterface, QueryRunner } from 'typeorm';
+
+export class AddPlexProfilesSupport1745265825619 implements MigrationInterface {
+  name = 'AddPlexProfilesSupport1745265825619';
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(
+      `ALTER TABLE "user" ADD "plexProfileId" character varying`
+    );
+    await queryRunner.query(
+      `ALTER TABLE "user" ADD "isPlexProfile" boolean NOT NULL DEFAULT false`
+    );
+    await queryRunner.query(`ALTER TABLE "user" ADD "mainPlexUserId" integer`);
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "mainPlexUserId"`);
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "isPlexProfile"`);
+    await queryRunner.query(`ALTER TABLE "user" DROP COLUMN "plexProfileId"`);
+  }
+}

server/routes/auth.ts

@@ -18,7 +18,6 @@ import axios from 'axios';
 import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
 import net from 'net';
-
 const authRoutes = Router();
 
 authRoutes.get('/me', isAuthenticated(), async (req, res) => {
@@ -49,7 +48,12 @@ authRoutes.get('/me', isAuthenticated(), async (req, res) => {
 authRoutes.post('/plex', async (req, res, next) => {
   const settings = getSettings();
   const userRepository = getRepository(User);
-  const body = req.body as { authToken?: string };
+  const body = req.body as {
+    authToken?: string;
+    profileId?: string;
+    pin?: string;
+    isSetup?: boolean;
+  };
 
   if (!body.authToken) {
     return next({
@@ -65,12 +69,97 @@ authRoutes.post('/plex', async (req, res, next) => {
   ) {
     return res.status(500).json({ error: 'Plex login is disabled' });
   }
+
   try {
-    // First we need to use this auth token to get the user's email from plex.tv
     const plextv = new PlexTvAPI(body.authToken);
     const account = await plextv.getUser();
+    const profiles = await plextv.getProfiles();
+    const mainUserProfile = profiles.find((p) => p.isMainUser);
 
-    // Next let's see if the user already exists
+    // Special handling for setup process
+    if (body.isSetup) {
+      let user = await userRepository
+        .createQueryBuilder('user')
+        .where('user.plexId = :id', { id: account.id })
+        .orWhere('user.email = :email', {
+          email: account.email.toLowerCase(),
+        })
+        .getOne();
+
+      // First user setup - create the admin user
+      if (!user && !(await userRepository.count())) {
+        user = new User({
+          email: account.email,
+          plexUsername: account.username,
+          plexId: account.id,
+          plexToken: account.authToken,
+          permissions: Permission.ADMIN,
+          avatar: account.thumb,
+          userType: UserType.PLEX,
+          plexProfileId: mainUserProfile?.id || account.id.toString(),
+          isPlexProfile: false,
+        });
+
+        settings.main.mediaServerType = MediaServerType.PLEX;
+        await settings.save();
+        startJobs();
+
+        await userRepository.save(user);
+      } else if (user) {
+        // Update existing user with latest Plex data
+        user.plexToken = account.authToken;
+        user.plexId = account.id;
+        user.avatar = account.thumb;
+        user.plexProfileId = mainUserProfile?.id || account.id.toString();
+
+        await userRepository.save(user);
+      }
+
+      // Return user directly, bypassing profile selection
+      if (user && req.session) {
+        req.session.userId = user.id;
+      }
+      return res.status(200).json(user?.filter() ?? {});
+    }
+
+    // Validate PIN for main account
+    if (!body.profileId && mainUserProfile?.protected && body.pin) {
+      const isPinValid = await plextv.validateProfilePin(
+        mainUserProfile.id,
+        body.pin
+      );
+      if (!isPinValid) {
+        return next({
+          status: 403,
+          error: 'INVALID_PIN.',
+        });
+      }
+    }
+
+    // Handle direct profile login
+    if (body.profileId) {
+      const profileUser = await userRepository.findOne({
+        where: { plexProfileId: body.profileId },
+      });
+
+      if (profileUser) {
+        profileUser.plexToken = body.authToken;
+        await userRepository.save(profileUser);
+
+        if (req.session) {
+          req.session.userId = profileUser.id;
+        }
+
+        return res.status(200).json(profileUser.filter() ?? {});
+      } else {
+        return next({
+          status: 400,
+          message: 'Invalid profile selection.',
+        });
+      }
+    }
+
+    // Standard Plex authentication flow
     let user = await userRepository
       .createQueryBuilder('user')
       .where('user.plexId = :id', { id: account.id })
@@ -79,7 +168,40 @@ authRoutes.post('/plex', async (req, res, next) => {
       })
       .getOne();
 
+    const safeUsername = (account.username || account.title)
+      .replace(/\s+/g, '.')
+      .replace(/[^a-zA-Z0-9._-]/g, '');
+    const emailPrefix = account.email.split('@')[0];
+    const domainPart = account.email.includes('@')
+      ? account.email.split('@')[1]
+      : 'plex.local';
+    const proposedEmail = `${emailPrefix}+${safeUsername}@${domainPart}`;
+    const existingProfileUser = await userRepository.findOne({
+      where: [
+        { plexUsername: account.username, isPlexProfile: true },
+        { email: proposedEmail, isPlexProfile: true },
+      ],
+    });
+    if (!user && existingProfileUser) {
+      logger.warn(
+        'Main user login attempted but profile user already exists for this person',
+        {
+          label: 'Auth',
+          plexUsername: account.username,
+          email: account.email,
+          profileUserId: existingProfileUser.id,
+        }
+      );
+      return next({
+        status: 409,
+        message:
+          'A profile user already exists for this Plex account. Please contact your administrator to resolve this duplicate.',
+        error: ApiErrorCode.ProfileUserExists,
+      });
+    }
+
     if (!user && !(await userRepository.count())) {
+      // First user setup through standard auth flow
       user = new User({
         email: account.email,
         plexUsername: account.username,
@@ -88,6 +210,8 @@ authRoutes.post('/plex', async (req, res, next) => {
         permissions: Permission.ADMIN,
         avatar: account.thumb,
         userType: UserType.PLEX,
+        plexProfileId: account.id.toString(),
+        isPlexProfile: false,
       });
 
       settings.main.mediaServerType = MediaServerType.PLEX;
@@ -135,13 +259,15 @@ authRoutes.post('/plex', async (req, res, next) => {
               }
             );
           }
-
+          // Update existing user
           user.plexToken = body.authToken;
           user.plexId = account.id;
           user.avatar = account.thumb;
           user.email = account.email;
           user.plexUsername = account.username;
           user.userType = UserType.PLEX;
+          user.plexProfileId = account.id.toString();
+          user.isPlexProfile = false;
 
           await userRepository.save(user);
         } else if (!settings.main.newPlexLogin) {
@@ -157,19 +283,11 @@ authRoutes.post('/plex', async (req, res, next) => {
           );
           return next({
             status: 403,
+            error: ApiErrorCode.NewPlexLoginDisabled,
             message: 'Access denied.',
           });
         } else {
-          logger.info(
-            'Sign-in attempt from Plex user with access to the media server; creating new Jellyseerr user',
-            {
-              label: 'API',
-              ip: req.ip,
-              email: account.email,
-              plexId: account.id,
-              plexUsername: account.username,
-            }
-          );
+          // Create new user
           user = new User({
             email: account.email,
             plexUsername: account.username,
@@ -178,13 +296,15 @@ authRoutes.post('/plex', async (req, res, next) => {
             permissions: settings.main.defaultPermissions,
             avatar: account.thumb,
             userType: UserType.PLEX,
+            plexProfileId: account.id.toString(),
+            isPlexProfile: false,
           });
 
           await userRepository.save(user);
         }
       } else {
-        logger.warn(
-          'Failed sign-in attempt by Plex user without access to the media server',
+        logger.info(
+          'Sign-in attempt from Plex user with access to the media server; creating new Jellyseerr user',
           {
             label: 'API',
             ip: req.ip,
@@ -195,17 +315,62 @@ authRoutes.post('/plex', async (req, res, next) => {
         );
         return next({
           status: 403,
+          error: ApiErrorCode.NewPlexLoginDisabled,
           message: 'Access denied.',
         });
       }
     }
 
-    // Set logged in session
-    if (req.session) {
-      req.session.userId = user.id;
+    const adminUser = await userRepository.findOne({ where: { id: 1 } });
+    const isMainUser = profiles.some(
+      (profile) => profile.isMainUser && profile.id === account.id.toString()
+    );
+    const isAdmin = user?.id === adminUser?.id;
+
+    if (isMainUser || isAdmin) {
+      // Only update existing profiles for the main user
+      for (const profile of profiles) {
+        if (profile.isMainUser) continue;
+
+        const existingProfileUser = await userRepository.findOne({
+          where: { plexProfileId: profile.id },
+        });
+
+        if (existingProfileUser) {
+          // Only update profiles that don't have their own Plex ID
+          // or are already marked as profiles
+          if (
+            !existingProfileUser.plexId ||
+            existingProfileUser.plexId === user.plexId ||
+            existingProfileUser.isPlexProfile
+          ) {
+            existingProfileUser.plexToken = user.plexToken;
+            existingProfileUser.avatar = profile.thumb;
+            existingProfileUser.plexUsername =
+              profile.username || profile.title;
+            await userRepository.save(existingProfileUser);
+          }
+        }
+      }
     }
 
-    return res.status(200).json(user?.filter() ?? {});
+    if (isAdmin || isMainUser) {
+      // Return main user ID and profiles for selection
+      const mainUserIdToSend =
+        user?.id && Number(user.id) > 0 ? Number(user.id) : 1;
+
+      return res.status(200).json({
+        status: 'REQUIRES_PROFILE',
+        mainUserId: mainUserIdToSend,
+        profiles: profiles,
+      });
+    } else {
+      // For non-main users, just log them in directly
+      if (req.session) {
+        req.session.userId = user.id;
+      }
+      return res.status(200).json(user?.filter() ?? {});
+    }
   } catch (e) {
     logger.error('Something went wrong authenticating with Plex account', {
       label: 'API',
@@ -219,6 +384,364 @@ authRoutes.post('/plex', async (req, res, next) => {
   }
 });
 
+authRoutes.post('/plex/profile/select', async (req, res, next) => {
+  const settings = getSettings();
+  const userRepository = getRepository(User);
+
+  const profileId = req.body.profileId;
+  const mainUserIdRaw = req.body.mainUserId;
+  const pin = req.body.pin;
+  const authToken = req.body.authToken;
+
+  if (!profileId) {
+    return next({
+      status: 400,
+      message: 'Profile ID is required.',
+    });
+  }
+
+  let mainUserId = 1; // Default to admin user
+
+  if (mainUserIdRaw) {
+    try {
+      mainUserId =
+        typeof mainUserIdRaw === 'string'
+          ? parseInt(mainUserIdRaw, 10)
+          : Number(mainUserIdRaw);
+
+      if (isNaN(mainUserId) || mainUserId <= 0) {
+        mainUserId = 1;
+      }
+    } catch (e) {
+      mainUserId = 1;
+    }
+  }
+
+  try {
+    const mainUser = await userRepository.findOne({
+      where: { id: mainUserId },
+    });
+
+    if (!mainUser) {
+      return next({
+        status: 404,
+        message: 'Main user not found.',
+      });
+    }
+
+    const tokenToUse = authToken || mainUser.plexToken;
+
+    if (!tokenToUse) {
+      return next({
+        status: 400,
+        message: 'No valid Plex token available.',
+      });
+    }
+
+    const plextv = new PlexTvAPI(tokenToUse);
+
+    const profiles = await plextv.getProfiles();
+    const selectedProfile = profiles.find((p) => p.id === profileId);
+
+    if (!selectedProfile) {
+      return next({
+        status: 404,
+        message: 'Selected profile not found.',
+      });
+    }
+
+    if (
+      profileId === mainUser.plexProfileId ||
+      selectedProfile.isMainUser === true
+    ) {
+      // Check if PIN is required and not provided
+      if (selectedProfile.protected && !pin) {
+        return res.status(200).json({
+          status: 'REQUIRES_PIN',
+          profileId: profileId,
+          profileName:
+            selectedProfile.title || selectedProfile.username || 'Main Account',
+          mainUserId: mainUserId,
+        });
+      }
+
+      if (selectedProfile.protected && pin) {
+        const isPinValid = await plextv.validateProfilePin(profileId, pin);
+
+        if (!isPinValid) {
+          return next({
+            status: 401,
+            message: 'Invalid PIN.',
+            error: ApiErrorCode.InvalidPin,
+          });
+        }
+
+        try {
+          await plextv.getUser();
+        } catch (e) {
+          return next({
+            status: 401,
+            message: 'Invalid PIN.',
+            error: ApiErrorCode.InvalidPin,
+          });
+        }
+      }
+
+      if (mainUser.plexProfileId !== profileId && selectedProfile.isMainUser) {
+        mainUser.plexProfileId = profileId;
+        await userRepository.save(mainUser);
+      }
+
+      if (req.session) {
+        req.session.userId = mainUser.id;
+      }
+
+      return res.status(200).json(mainUser.filter() ?? {});
+    }
+
+    if (selectedProfile.protected && !pin) {
+      return res.status(200).json({
+        status: 'REQUIRES_PIN',
+        profileId: profileId,
+        profileName:
+          selectedProfile.title || selectedProfile.username || 'Unknown',
+        mainUserId: mainUserId,
+      });
+    }
+
+    if (selectedProfile.protected && pin) {
+      const isPinValid = await plextv.validateProfilePin(profileId, pin);
+
+      if (!isPinValid) {
+        return next({
+          status: 401,
+          message: 'Invalid PIN.',
+          error: ApiErrorCode.InvalidPin,
+        });
+      }
+    }
+
+    const userAccount = await plextv.getUser();
+    const adminUser = await userRepository.findOne({ where: { id: 1 } });
+    const isMainPlexUser = profiles.some(
+      (profile) =>
+        profile.isMainUser && profile.id === userAccount.id.toString()
+    );
+    const isAdminUser = mainUser.id === adminUser?.id;
+
+    let profileUser = await userRepository.findOne({
+      where: [
+        { plexProfileId: profileId },
+        { plexUsername: selectedProfile.username || selectedProfile.title },
+      ],
+    });
+    // Profile doesn't exist yet - only allow creation for admin/main Plex user
+    if (!profileUser) {
+      // Profile doesn't exist yet
+      if (!settings.main.newPlexLogin) {
+        return next({
+          status: 403,
+          error: ApiErrorCode.NewPlexLoginDisabled,
+          message: 'Access denied.',
+        });
+      }
+
+      // Only allow profile creation for main Plex user or admin user
+      if (!isMainPlexUser && !isAdminUser) {
+        return next({
+          status: 403,
+          message: 'Only the Plex server owner can create profile users.',
+        });
+      }
+
+      // Check for existing users that might match this profile
+      const emailPrefix = mainUser.email.split('@')[0];
+      const domainPart = mainUser.email.includes('@')
+        ? mainUser.email.split('@')[1]
+        : 'plex.local';
+
+      const safeUsername = (selectedProfile.username || selectedProfile.title)
+        .replace(/\s+/g, '.')
+        .replace(/[^a-zA-Z0-9._-]/g, '');
+
+      const proposedEmail = `${emailPrefix}+${safeUsername}@${domainPart}`;
+
+      // First check for existing user with this email
+      const existingEmailUser = await userRepository.findOne({
+        where: { email: proposedEmail },
+      });
+
+      if (existingEmailUser) {
+        logger.warn('Found existing user with same email as profile', {
+          label: 'Auth',
+          email: proposedEmail,
+          profileId,
+          existingUserId: existingEmailUser.id,
+        });
+
+        // Use the existing user
+        profileUser = existingEmailUser;
+
+        if (req.session) {
+          req.session.userId = profileUser.id;
+        }
+        return res.status(200).json(profileUser.filter() ?? {});
+      } else {
+        // Then check for any other potential matches
+        const exactProfileUser = await userRepository.findOne({
+          where: { plexProfileId: profileId },
+        });
+
+        if (exactProfileUser) {
+          logger.info('Found existing profile user with exact ID match', {
+            label: 'Auth',
+            profileId,
+            userId: exactProfileUser.id,
+          });
+
+          if (req.session) {
+            req.session.userId = exactProfileUser.id;
+          }
+          return res.status(200).json(exactProfileUser.filter() ?? {});
+        } else {
+          // Create a new profile user
+          profileUser = new User({
+            email: proposedEmail,
+            plexUsername: selectedProfile.username || selectedProfile.title,
+            plexId: mainUser.plexId,
+            plexToken: tokenToUse,
+            permissions: settings.main.defaultPermissions,
+            avatar: selectedProfile.thumb,
+            userType: UserType.PLEX,
+            plexProfileId: profileId,
+            isPlexProfile: true,
+            mainPlexUserId: mainUser.id,
+          });
+
+          logger.info('Creating new profile user', {
+            label: 'Auth',
+            profileId,
+            email: proposedEmail,
+          });
+
+          await userRepository.save(profileUser);
+
+          if (req.session) {
+            req.session.userId = profileUser.id;
+          }
+          return res.status(200).json(profileUser.filter() ?? {});
+        }
+      }
+    } else {
+      // Profile exists - only set mainPlexUserId if it's the main user creating it
+      if (
+        profileUser.plexId &&
+        profileUser.plexId !== mainUser.plexId &&
+        !profileUser.isPlexProfile
+      ) {
+        logger.warn('Attempted to use a regular Plex user as a profile', {
+          label: 'Auth',
+          profileId,
+          userId: profileUser.id,
+          mainUserId: mainUser.id,
+        });
+
+        // Simply use their account without modifying it
+        if (req.session) {
+          req.session.userId = profileUser.id;
+        }
+        return res.status(200).json(profileUser.filter() ?? {});
+      }
+
+      // Otherwise update and use this profile
+      profileUser.plexToken = tokenToUse;
+      profileUser.avatar = selectedProfile.thumb;
+      profileUser.plexUsername =
+        selectedProfile.username || selectedProfile.title;
+      profileUser.mainPlexUserId = mainUser.id;
+      profileUser.isPlexProfile = true;
+
+      await userRepository.save(profileUser);
+
+      if (req.session) {
+        req.session.userId = profileUser.id;
+      }
+      return res.status(200).json(profileUser.filter() ?? {});
+    }
+  } catch (e) {
+    return next({
+      status: 500,
+      message: 'Unable to select profile: ' + e.message,
+    });
+  }
+});
+
+authRoutes.get('/plex/profiles/:userId', async (req, res, next) => {
+  const userRepository = getRepository(User);
+
+  try {
+    const userId = parseInt(req.params.userId, 10);
+    if (isNaN(userId)) {
+      return next({
+        status: 400,
+        message: 'Invalid user ID format.',
+      });
+    }
+
+    const mainUser = await userRepository.findOne({
+      where: { id: userId },
+    });
+
+    if (!mainUser) {
+      return next({
+        status: 404,
+        message: 'User not found.',
+      });
+    }
+
+    if (mainUser.userType !== UserType.PLEX) {
+      return next({
+        status: 400,
+        message: 'Only Plex users have profiles.',
+      });
+    }
+
+    if (!mainUser.plexToken) {
+      return next({
+        status: 400,
+        message: 'User has no valid Plex token.',
+      });
+    }
+
+    const plextv = new PlexTvAPI(mainUser.plexToken);
+    const profiles = await plextv.getProfiles();
+
+    const profileUsers = await userRepository.find({
+      where: {
+        mainPlexUserId: mainUser.id,
+        isPlexProfile: true,
+      },
+    });
+
+    return res.status(200).json({
+      profiles,
+      profileUsers,
+      mainUser: mainUser.filter(),
+    });
+  } catch (e) {
+    logger.error('Failed to fetch Plex profiles', {
+      label: 'API',
+      errorMessage: e.message,
+      ip: req.ip,
+    });
+
+    return next({
+      status: 500,
+      message: 'Unable to fetch profiles.',
+    });
+  }
+});
+
 function getUserAvatarUrl(user: User): string {
   return `/avatarproxy/${user.jellyfinUserId}?v=${user.avatarVersion}`;
 }

server/routes/settings/index.ts

@@ -471,13 +471,13 @@ settingsRoutes.get(
   async (req, res, next) => {
     const userRepository = getRepository(User);
     const qb = userRepository.createQueryBuilder('user');
-
     try {
       const admin = await userRepository.findOneOrFail({
         select: { id: true, plexToken: true },
         where: { id: 1 },
       });
       const plexApi = new PlexTvAPI(admin.plexToken ?? '');
+
       const plexUsers = (await plexApi.getUsers()).MediaContainer.User.map(
         (user) => user.$
       ).filter((user) => user.email);
@@ -503,7 +503,7 @@ settingsRoutes.get(
         plexUsers.map(async (plexUser) => {
           if (
             !existingUsers.find(
-              (user) =>
+              (user: User) =>
                 user.plexId === parseInt(plexUser.id) ||
                 user.email === plexUser.email.toLowerCase()
             ) &&
@@ -513,16 +513,36 @@ settingsRoutes.get(
           }
         })
       );
-
-      return res.status(200).json(sortBy(unimportedPlexUsers, 'username'));
-    } catch (e) {
-      logger.error('Something went wrong getting unimported Plex users', {
-        label: 'API',
-        errorMessage: e.message,
+      const profiles = await plexApi.getProfiles();
+      const existingProfileUsers = await userRepository.find({
+        where: {
+          isPlexProfile: true,
+        },
       });
+
+      const unimportedProfiles = profiles.filter(
+        (profile) =>
+          !profile.isMainUser &&
+          !existingProfileUsers.some(
+            (user: User) => user.plexProfileId === profile.id
+          )
+      );
+
+      return res.status(200).json({
+        users: sortBy(unimportedPlexUsers, 'username'),
+        profiles: unimportedProfiles,
+      });
+    } catch (e) {
+      logger.error(
+        'Something went wrong getting unimported Plex users and profiles',
+        {
+          label: 'API',
+          errorMessage: e.message,
+        }
+      );
       next({
         status: 500,
-        message: 'Unable to retrieve unimported Plex users.',
+        message: 'Unable to retrieve unimported Plex users and profiles.',
       });
     }
   }

server/routes/settings/notifications.ts

@@ -4,7 +4,6 @@ import type { NotificationAgent } from '@server/lib/notifications/agents/agent';
 import DiscordAgent from '@server/lib/notifications/agents/discord';
 import EmailAgent from '@server/lib/notifications/agents/email';
 import GotifyAgent from '@server/lib/notifications/agents/gotify';
-import LunaSeaAgent from '@server/lib/notifications/agents/lunasea';
 import NtfyAgent from '@server/lib/notifications/agents/ntfy';
 import PushbulletAgent from '@server/lib/notifications/agents/pushbullet';
 import PushoverAgent from '@server/lib/notifications/agents/pushover';
@@ -346,40 +345,6 @@ notificationRoutes.post('/webhook/test', async (req, res, next) => {
   }
 });
 
-notificationRoutes.get('/lunasea', (_req, res) => {
-  const settings = getSettings();
-
-  res.status(200).json(settings.notifications.agents.lunasea);
-});
-
-notificationRoutes.post('/lunasea', async (req, res) => {
-  const settings = getSettings();
-
-  settings.notifications.agents.lunasea = req.body;
-  await settings.save();
-
-  res.status(200).json(settings.notifications.agents.lunasea);
-});
-
-notificationRoutes.post('/lunasea/test', async (req, res, next) => {
-  if (!req.user) {
-    return next({
-      status: 500,
-      message: 'User information is missing from the request.',
-    });
-  }
-
-  const lunaseaAgent = new LunaSeaAgent(req.body);
-  if (await sendTestNotification(lunaseaAgent, req.user)) {
-    return res.status(204).send();
-  } else {
-    return next({
-      status: 500,
-      message: 'Failed to send web push notification.',
-    });
-  }
-});
-
 notificationRoutes.get('/gotify', (_req, res) => {
   const settings = getSettings();
 

server/routes/user/index.ts

@@ -528,43 +528,80 @@ router.post(
     try {
       const settings = getSettings();
       const userRepository = getRepository(User);
-      const body = req.body as { plexIds: string[] } | undefined;
+      const { plexIds, profileIds } = req.body as {
+        plexIds?: string[];
+        profileIds?: string[];
+      };
+
+      const skippedItems: {
+        id: string;
+        type: 'user' | 'profile';
+        reason: string;
+      }[] = [];
+      const createdUsers: User[] = [];
 
-      // taken from auth.ts
       const mainUser = await userRepository.findOneOrFail({
-        select: { id: true, plexToken: true },
+        select: { id: true, plexToken: true, email: true, plexId: true },
         where: { id: 1 },
       });
+
       const mainPlexTv = new PlexTvAPI(mainUser.plexToken ?? '');
 
-      const plexUsersResponse = await mainPlexTv.getUsers();
-      const createdUsers: User[] = [];
-      for (const rawUser of plexUsersResponse.MediaContainer.User) {
-        const account = rawUser.$;
+      if (plexIds && plexIds.length > 0) {
+        const plexUsersResponse = await mainPlexTv.getUsers();
 
-        if (account.email) {
-          const user = await userRepository
-            .createQueryBuilder('user')
-            .where('user.plexId = :id', { id: account.id })
-            .orWhere('user.email = :email', {
-              email: account.email.toLowerCase(),
-            })
-            .getOne();
+        for (const rawUser of plexUsersResponse.MediaContainer.User) {
+          const account = rawUser.$;
 
-          if (user) {
-            // Update the user's avatar with their Plex thumbnail, in case it changed
-            user.avatar = account.thumb;
-            user.email = account.email;
-            user.plexUsername = account.username;
+          if (account.email && plexIds.includes(account.id)) {
+            // Check for duplicate users more thoroughly
+            const user = await userRepository
+              .createQueryBuilder('user')
+              .where('user.plexId = :id', { id: account.id })
+              .orWhere('user.email = :email', {
+                email: account.email.toLowerCase(),
+              })
+              .orWhere('user.plexUsername = :username', {
+                username: account.username,
+              })
+              .getOne();
+
+            if (user) {
+              // Update the user's avatar with their Plex thumbnail, in case it changed
+              user.avatar = account.thumb;
+              user.email = account.email;
+              user.plexUsername = account.username;
+
+              // In case the user was previously a local account
+              if (user.userType === UserType.LOCAL) {
+                user.userType = UserType.PLEX;
+                user.plexId = parseInt(account.id);
+              }
+
+              await userRepository.save(user);
+              skippedItems.push({
+                id: account.id,
+                type: 'user',
+                reason: 'USER_ALREADY_EXISTS',
+              });
+            } else if (await mainPlexTv.checkUserAccess(parseInt(account.id))) {
+              // Check for profiles with the same username
+              const existingProfile = await userRepository.findOne({
+                where: {
+                  plexUsername: account.username,
+                  isPlexProfile: true,
+                },
+              });
+
+              if (existingProfile) {
+                skippedItems.push({
+                  id: account.id,
+                  type: 'user',
+                  reason: 'PROFILE_WITH_SAME_NAME_EXISTS',
+                });
+                continue;
+              }
 
-            // In case the user was previously a local account
-            if (user.userType === UserType.LOCAL) {
-              user.userType = UserType.PLEX;
-              user.plexId = parseInt(account.id);
-            }
-            await userRepository.save(user);
-          } else if (!body || body.plexIds.includes(account.id)) {
-            if (await mainPlexTv.checkUserAccess(parseInt(account.id))) {
               const newUser = new User({
                 plexUsername: account.username,
                 email: account.email,
@@ -574,6 +611,7 @@ router.post(
                 avatar: account.thumb,
                 userType: UserType.PLEX,
               });
+
               await userRepository.save(newUser);
               createdUsers.push(newUser);
             }
@@ -581,7 +619,89 @@ router.post(
         }
       }
 
-      return res.status(201).json(User.filterMany(createdUsers));
+      if (profileIds && profileIds.length > 0) {
+        const profiles = await mainPlexTv.getProfiles();
+        // Filter out real Plex users (with email/isMainUser) from importable profiles
+        const importableProfiles = profiles.filter((p: any) => !p.isMainUser);
+
+        for (const profileId of profileIds) {
+          const profileData = importableProfiles.find(
+            (p: any) => p.id === profileId
+          );
+
+          if (profileData) {
+            // Check for existing user with same plexProfileId
+            const existingUser = await userRepository.findOne({
+              where: { plexProfileId: profileId },
+            });
+
+            const emailPrefix = mainUser.email.split('@')[0];
+            const domainPart = mainUser.email.includes('@')
+              ? mainUser.email.split('@')[1]
+              : 'plex.local';
+            const safeUsername = (profileData.username || profileData.title)
+              .replace(/\s+/g, '.')
+              .replace(/[^a-zA-Z0-9._-]/g, '');
+            const proposedEmail = `${emailPrefix}+${safeUsername}@${domainPart}`;
+
+            // Check for main user with same plexUsername or email
+            const mainUserDuplicate = await userRepository.findOne({
+              where: [
+                {
+                  plexUsername: profileData.username || profileData.title,
+                  isPlexProfile: false,
+                },
+                { email: proposedEmail, isPlexProfile: false },
+              ],
+            });
+
+            if (existingUser) {
+              // Skip this profile and add to skipped list
+              skippedItems.push({
+                id: profileId,
+                type: 'profile',
+                reason: 'DUPLICATE_USER_EXISTS',
+              });
+              continue;
+            }
+
+            if (mainUserDuplicate) {
+              // Skip this profile and add to skipped list, but ensure main user is imported
+              skippedItems.push({
+                id: profileId,
+                type: 'profile',
+                reason: 'MAIN_USER_ALREADY_EXISTS',
+              });
+              // If main user is not already in createdUsers, add it
+              if (!createdUsers.find((u) => u.id === mainUserDuplicate.id)) {
+                createdUsers.push(mainUserDuplicate);
+              }
+              continue;
+            }
+
+            const profileUser = new User({
+              email: proposedEmail,
+              plexUsername: profileData.username || profileData.title,
+              plexId: mainUser.plexId,
+              plexToken: mainUser.plexToken,
+              permissions: settings.main.defaultPermissions,
+              avatar: profileData.thumb,
+              userType: UserType.PLEX,
+              plexProfileId: profileId,
+              isPlexProfile: true,
+              mainPlexUserId: mainUser.id,
+            });
+
+            await userRepository.save(profileUser);
+            createdUsers.push(profileUser);
+          }
+        }
+      }
+
+      return res.status(201).json({
+        data: User.filterMany(createdUsers),
+        skipped: skippedItems,
+      });
     } catch (e) {
       next({ status: 500, message: e.message });
     }

server/utils/customProxyAgent.ts

@@ -1,11 +1,15 @@
 import type { ProxySettings } from '@server/lib/settings';
 import logger from '@server/logger';
-import axios from 'axios';
+import axios, { type InternalAxiosRequestConfig } from 'axios';
 import { HttpProxyAgent } from 'http-proxy-agent';
 import { HttpsProxyAgent } from 'https-proxy-agent';
 import type { Dispatcher } from 'undici';
 import { Agent, ProxyAgent, setGlobalDispatcher } from 'undici';
 
+export let requestInterceptorFunction: (
+  config: InternalAxiosRequestConfig
+) => InternalAxiosRequestConfig;
+
 export default async function createCustomProxyAgent(
   proxySettings: ProxySettings
 ) {
@@ -56,12 +60,9 @@ export default async function createCustomProxyAgent(
       : undefined;
 
   try {
-    const proxyUrl =
-      (proxySettings.useSsl ? 'https://' : 'http://') +
-      proxySettings.hostname +
-      ':' +
-      proxySettings.port;
-
+    const proxyUrl = `${proxySettings.useSsl ? 'https' : 'http'}://${
+      proxySettings.hostname
+    }:${proxySettings.port}`;
     const proxyAgent = new ProxyAgent({
       uri: proxyUrl,
       token,
@@ -70,15 +71,24 @@ export default async function createCustomProxyAgent(
 
     setGlobalDispatcher(proxyAgent.compose(noProxyInterceptor));
 
-    axios.defaults.httpAgent = new HttpProxyAgent(proxyUrl);
-    axios.defaults.httpsAgent = new HttpsProxyAgent(proxyUrl);
-    axios.interceptors.request.use((config) => {
-      if (config.url && skipUrl(config.url)) {
+    axios.defaults.httpAgent = new HttpProxyAgent(proxyUrl, {
+      headers: token ? { 'proxy-authorization': token } : undefined,
+    });
+    axios.defaults.httpsAgent = new HttpsProxyAgent(proxyUrl, {
+      headers: token ? { 'proxy-authorization': token } : undefined,
+    });
+
+    requestInterceptorFunction = (config) => {
+      const url = config.baseURL
+        ? new URL(config.baseURL + (config.url || ''))
+        : config.url;
+      if (url && skipUrl(url)) {
         config.httpAgent = false;
         config.httpsAgent = false;
       }
       return config;
-    });
+    };
+    axios.interceptors.request.use(requestInterceptorFunction);
   } catch (e) {
     logger.error('Failed to connect to the proxy: ' + e.message, {
       label: 'Proxy',

src/assets/extlogos/lunasea.svg

@@ -1 +0,0 @@
-<svg viewBox="0 0 750 750" xmlns="http://www.w3.org/2000/svg"><g fill="currentColor"><path d="m554.69 180.46c-333.63 0-452.75 389.23-556.05 389.23 185.37 0 237.85-247.18 419.12-247.18l47.24-102.05z"/><path d="m749.31 375.08c0 107.48-87.14 194.61-194.62 194.61s-194.62-87.13-194.62-194.61 87.13-194.62 194.62-194.62c7.391-2e-3 14.776 0.412 22.12 1.24-78.731 10.172-136.59 78.893-133.2 158.2 3.393 79.313 66.907 142.84 146.22 146.25 79.311 3.411 148.05-54.43 158.24-133.16 0.826 7.331 1.24 14.703 1.24 22.08z"/></g></svg>

src/components/Layout/UserDropdown/index.tsx

@@ -1,6 +1,6 @@
 import CachedImage from '@app/components/Common/CachedImage';
 import MiniQuotaDisplay from '@app/components/Layout/UserDropdown/MiniQuotaDisplay';
-import { useUser } from '@app/hooks/useUser';
+import { Permission, useUser } from '@app/hooks/useUser';
 import defineMessages from '@app/utils/defineMessages';
 import { Menu, Transition } from '@headlessui/react';
 import {
@@ -36,7 +36,7 @@ ForwardedLink.displayName = 'ForwardedLink';
 
 const UserDropdown = () => {
   const intl = useIntl();
-  const { user, revalidate } = useUser();
+  const { user, revalidate, hasPermission } = useUser();
 
   const logout = async () => {
     const response = await axios.post('/api/v1/auth/logout');
@@ -118,7 +118,14 @@ const UserDropdown = () => {
               <Menu.Item>
                 {({ active }) => (
                   <ForwardedLink
-                    href={`/users/${user?.id}/requests?filter=all`}
+                    href={
+                      hasPermission(
+                        [Permission.MANAGE_REQUESTS, Permission.REQUEST_VIEW],
+                        { type: 'or' }
+                      )
+                        ? `/users/${user?.id}/requests?filter=all`
+                        : '/requests'
+                    }
                     className={`flex items-center rounded px-4 py-2 text-sm font-medium text-gray-200 transition duration-150 ease-in-out ${
                       active
                         ? 'bg-gradient-to-br from-indigo-600 to-purple-600 text-white'

src/components/Login/PlexPinEntry.tsx

@@ -0,0 +1,195 @@
+import Button from '@app/components/Common/Button';
+import defineMessages from '@app/utils/defineMessages';
+import { LockClosedIcon } from '@heroicons/react/24/solid';
+import Image from 'next/image';
+import { useEffect, useRef, useState } from 'react';
+import { useIntl } from 'react-intl';
+
+const messages = defineMessages('components.Login.PlexPinEntry', {
+  pinRequired: 'PIN Required',
+  pinDescription: 'Enter the PIN for this profile',
+  submit: 'Submit',
+  cancel: 'Cancel',
+  invalidPin: 'Invalid PIN. Please try again.',
+  pinCheck: 'Checking PIN...',
+  accessDenied: 'Access denied.',
+});
+
+interface PlexPinEntryProps {
+  profileId: string;
+  profileName: string;
+  profileThumb?: string | null;
+  isProtected?: boolean;
+  isMainUser?: boolean;
+  error?: string | null;
+  onSubmit: (pin: string) => Promise<void>;
+  onCancel: () => void;
+}
+
+const PlexPinEntry = ({
+  profileName,
+  profileThumb,
+  isProtected,
+  isMainUser,
+  error,
+  onSubmit,
+  onCancel,
+}: PlexPinEntryProps) => {
+  const intl = useIntl();
+  const [pin, setPin] = useState('');
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  const inputRef = useRef<HTMLInputElement>(null);
+
+  useEffect(() => {
+    if (inputRef.current) {
+      inputRef.current.focus();
+    }
+  }, []);
+
+  const handleSubmit = async (pinToSubmit?: string) => {
+    const pinValue = pinToSubmit || pin;
+    if (!pinValue || isSubmitting) return;
+    setIsSubmitting(true);
+    try {
+      await onSubmit(pinValue);
+      setPin('');
+    } catch (err) {
+      setPin('');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const handleKeyDown = (e: React.KeyboardEvent) => {
+    if (e.key === 'Enter' && pin && !isSubmitting) {
+      handleSubmit();
+    }
+  };
+
+  const handleChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    const value = e.target.value.replace(/\D/g, '');
+    setPin(value);
+    if (value.length === 4 && !isSubmitting) {
+      handleSubmit(value);
+    }
+  };
+
+  const handleFocus = (e: React.FocusEvent<HTMLInputElement>) => {
+    e.target.select();
+  };
+
+  // PIN boxes rendering
+  const pinDigits = pin.split('').slice(0, 4);
+  const boxes = Array.from({ length: 4 }, (_, i) => (
+    <div
+      key={i}
+      className={`mx-2 flex h-12 w-12 items-center justify-center rounded-lg border-2 font-mono text-2xl transition-all
+        ${
+          i === pin.length
+            ? 'border-indigo-500 ring-2 ring-indigo-500'
+            : 'border-white/30'
+        }
+        ${pinDigits[i] ? 'text-white' : 'text-white/40'}`}
+      aria-label={pinDigits[i] ? 'Entered' : 'Empty'}
+    >
+      {pinDigits[i] ? '•' : ''}
+    </div>
+  ));
+
+  return (
+    <div className="mx-auto flex w-full max-w-md flex-col items-center rounded-2xl border border-white/20 bg-white/10 p-6 shadow-lg backdrop-blur">
+      <div className="flex w-full flex-col items-center">
+        {/* Avatar */}
+        <div className="relative mx-auto mb-1 flex h-20 w-20 shrink-0 grow-0 items-center justify-center overflow-hidden rounded-full bg-gray-900 shadow ring-2 ring-indigo-400">
+          {profileThumb ? (
+            <Image
+              src={profileThumb}
+              alt={profileName}
+              fill
+              sizes="80px"
+              className="object-cover"
+            />
+          ) : (
+            <span className="flex h-16 w-16 items-center justify-center rounded-full bg-gray-700 text-3xl font-bold text-white">
+              {profileName?.[0] || '?'}
+            </span>
+          )}
+        </div>
+        {/* Icons */}
+        <div className="mb-1 flex items-center justify-center gap-2">
+          {isProtected && (
+            <span className="z-10 rounded-full bg-black/80 p-1.5">
+              <LockClosedIcon className="h-4 w-4 text-indigo-400" />
+            </span>
+          )}
+          {isMainUser && (
+            <span className="z-10 rounded-full bg-black/80 p-1.5">
+              <svg
+                viewBox="0 0 20 20"
+                fill="currentColor"
+                className="h-4 w-4 text-yellow-400"
+              >
+                <path d="M2.166 6.5l3.5 7 4.334-7 4.334 7 3.5-7L17.5 17.5h-15z" />
+              </svg>
+            </span>
+          )}
+        </div>
+        <p className="mb-3 text-center text-base font-semibold text-white">
+          {profileName}
+        </p>
+        <h2 className="mb-3 text-center text-xl font-bold text-white">
+          {intl.formatMessage(messages.pinRequired)}
+        </h2>
+        <p className="mb-4 text-center text-sm text-gray-200">
+          {intl.formatMessage(messages.pinDescription)}
+        </p>
+        <div className="mb-4 flex flex-row items-center justify-center">
+          {boxes}
+          {/* Visually hidden input for keyboard entry */}
+          <input
+            ref={inputRef}
+            type="password"
+            className="absolute opacity-0"
+            value={pin}
+            onChange={handleChange}
+            onKeyDown={handleKeyDown}
+            onFocus={handleFocus}
+            maxLength={4}
+            pattern="[0-9]{4}"
+            inputMode="numeric"
+            aria-label="PIN Input"
+          />
+        </div>
+        {error && (
+          <div
+            className="mb-4 text-center font-medium text-red-400"
+            aria-live="polite"
+          >
+            {error}
+          </div>
+        )}
+        <div className="flex w-full justify-between">
+          <Button
+            buttonType="default"
+            onClick={onCancel}
+            className="mr-2 flex-1"
+          >
+            {intl.formatMessage(messages.cancel)}
+          </Button>
+          <Button
+            buttonType="primary"
+            disabled={!pin || isSubmitting}
+            onClick={() => handleSubmit()}
+            className="ml-2 flex-1"
+          >
+            {isSubmitting
+              ? intl.formatMessage(messages.pinCheck)
+              : intl.formatMessage(messages.submit)}
+          </Button>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default PlexPinEntry;

src/components/Login/PlexProfileSelector.tsx

@@ -0,0 +1,170 @@
+import { SmallLoadingSpinner } from '@app/components/Common/LoadingSpinner';
+import PlexPinEntry from '@app/components/Login/PlexPinEntry';
+import defineMessages from '@app/utils/defineMessages';
+import { LockClosedIcon } from '@heroicons/react/24/solid';
+import type { PlexProfile } from '@server/api/plextv';
+import Image from 'next/image';
+import { useState } from 'react';
+import { useIntl } from 'react-intl';
+
+const messages = defineMessages('components.Login.PlexProfileSelector', {
+  profile: 'Profile',
+  selectProfile: 'Select Profile',
+  selectProfileDescription: 'Select which Plex profile you want to use',
+  selectProfileError: 'Failed to select profile',
+});
+
+interface PlexProfileSelectorProps {
+  profiles: PlexProfile[];
+  mainUserId: number;
+  authToken: string | undefined;
+  onProfileSelected: (
+    profileId: string,
+    pin?: string,
+    onError?: (msg: string) => void
+  ) => Promise<void>;
+}
+
+const PlexProfileSelector = ({
+  profiles,
+  onProfileSelected,
+}: PlexProfileSelectorProps) => {
+  const intl = useIntl();
+  const [selectedProfileId, setSelectedProfileId] = useState<string | null>(
+    null
+  );
+  const [isSubmitting, setIsSubmitting] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [showPinEntry, setShowPinEntry] = useState(false);
+  const [selectedProfile, setSelectedProfile] = useState<PlexProfile | null>(
+    null
+  );
+
+  const handleProfileClick = (profile: PlexProfile) => {
+    setSelectedProfileId(profile.id);
+    setSelectedProfile(profile);
+
+    if (profile.protected) {
+      setShowPinEntry(true);
+    } else {
+      setIsSubmitting(true);
+
+      try {
+        onProfileSelected(profile.id);
+      } catch (err) {
+        setError(intl.formatMessage(messages.selectProfileError));
+      } finally {
+        setIsSubmitting(false);
+      }
+    }
+  };
+
+  const handlePinSubmit = async (pin: string) => {
+    if (!selectedProfileId) return;
+    await onProfileSelected(selectedProfileId, pin);
+  };
+
+  const handlePinCancel = () => {
+    setShowPinEntry(false);
+    setSelectedProfile(null);
+    setSelectedProfileId(null);
+  };
+
+  if (showPinEntry && selectedProfile && selectedProfileId) {
+    return (
+      <PlexPinEntry
+        profileId={selectedProfileId}
+        profileName={
+          selectedProfile.title ||
+          selectedProfile.username ||
+          intl.formatMessage(messages.profile)
+        }
+        profileThumb={selectedProfile.thumb}
+        isProtected={selectedProfile.protected}
+        isMainUser={selectedProfile.isMainUser}
+        onSubmit={handlePinSubmit}
+        onCancel={handlePinCancel}
+      />
+    );
+  }
+
+  return (
+    <div className="w-full">
+      <h2 className="mb-6 text-center text-xl font-bold text-gray-100">
+        {intl.formatMessage(messages.selectProfile)}
+      </h2>
+      <p className="mb-6 text-center text-sm text-gray-300">
+        {intl.formatMessage(messages.selectProfileDescription)}
+      </p>
+
+      {error && (
+        <div className="mb-4 rounded-md bg-red-600 p-3 text-white">
+          {intl.formatMessage(messages.selectProfileError)}
+        </div>
+      )}
+
+      <div className="relative mb-6">
+        {isSubmitting && (
+          <div className="absolute inset-0 z-10 flex items-center justify-center rounded-lg bg-black/50">
+            <SmallLoadingSpinner />
+          </div>
+        )}
+
+        <div className="grid grid-cols-2 justify-items-center gap-4 sm:grid-cols-3 sm:gap-6 md:gap-8">
+          {profiles.map((profile) => (
+            <button
+              key={profile.id}
+              type="button"
+              onClick={() => handleProfileClick(profile)}
+              disabled={
+                isSubmitting ||
+                (selectedProfileId === profile.id && !profile.protected)
+              }
+              className={`relative flex h-48 w-32 flex-col items-center justify-start rounded-2xl border border-white/20 bg-white/10 p-6 shadow-lg backdrop-blur transition-all hover:ring-2 hover:ring-indigo-400 ${
+                selectedProfileId === profile.id
+                  ? 'bg-indigo-600 ring-2 ring-indigo-400'
+                  : 'border border-white/20 bg-white/10 backdrop-blur-sm'
+              } ${isSubmitting ? 'cursor-not-allowed opacity-50' : ''}`}
+            >
+              <div className="relative mx-auto mb-2 flex h-20 w-20 shrink-0 grow-0 items-center justify-center overflow-hidden rounded-full bg-gray-900 shadow ring-2 ring-indigo-400">
+                <Image
+                  src={profile.thumb}
+                  alt={profile.title || profile.username || 'Profile'}
+                  fill
+                  sizes="80px"
+                  className="object-cover"
+                />
+              </div>
+              <div className="mb-2 flex items-center justify-center gap-2">
+                {profile.protected && (
+                  <span className="z-10 rounded-full bg-black/80 p-1.5">
+                    <LockClosedIcon className="h-4 w-4 text-indigo-400" />
+                  </span>
+                )}
+                {profile.isMainUser && (
+                  <span className="z-10 rounded-full bg-black/80 p-1.5">
+                    <svg
+                      viewBox="0 0 20 20"
+                      fill="currentColor"
+                      className="h-4 w-4 text-yellow-400"
+                    >
+                      <path d="M2.166 6.5l3.5 7 4.334-7 4.334 7 3.5-7L17.5 17.5h-15z" />
+                    </svg>
+                  </span>
+                )}
+              </div>
+              <span
+                className="mb-1 w-full break-words text-center text-base font-semibold text-white"
+                title={profile.username || profile.title}
+              >
+                {profile.username || profile.title}
+              </span>
+            </button>
+          ))}
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default PlexProfileSelector;

src/components/Login/index.tsx

@@ -8,11 +8,15 @@ import LanguagePicker from '@app/components/Layout/LanguagePicker';
 import JellyfinLogin from '@app/components/Login/JellyfinLogin';
 import LocalLogin from '@app/components/Login/LocalLogin';
 import PlexLoginButton from '@app/components/Login/PlexLoginButton';
+import PlexPinEntry from '@app/components/Login/PlexPinEntry';
+import PlexProfileSelector from '@app/components/Login/PlexProfileSelector';
 import useSettings from '@app/hooks/useSettings';
 import { useUser } from '@app/hooks/useUser';
 import defineMessages from '@app/utils/defineMessages';
 import { Transition } from '@headlessui/react';
 import { XCircleIcon } from '@heroicons/react/24/solid';
+import type { PlexProfile } from '@server/api/plextv';
+import { ApiErrorCode } from '@server/constants/error';
 import { MediaServerType } from '@server/constants/server';
 import axios from 'axios';
 import { useRouter } from 'next/dist/client/router';
@@ -29,6 +33,11 @@ const messages = defineMessages('components.Login', {
   signinwithjellyfin: 'Use your {mediaServerName} account',
   signinwithoverseerr: 'Use your {applicationTitle} account',
   orsigninwith: 'Or sign in with',
+  authFailed: 'Authentication failed',
+  invalidPin: 'Invalid PIN. Please try again.',
+  accessDenied: 'Access denied.',
+  profileUserExists:
+    'A profile user already exists for this Plex account. Please contact your administrator to resolve this duplicate.',
 });
 
 const Login = () => {
@@ -39,36 +48,158 @@ const Login = () => {
 
   const [error, setError] = useState('');
   const [isProcessing, setProcessing] = useState(false);
-  const [authToken, setAuthToken] = useState<string | undefined>(undefined);
+  const [authToken, setAuthToken] = useState<string | undefined>();
   const [mediaServerLogin, setMediaServerLogin] = useState(
     settings.currentSettings.mediaServerLogin
   );
+  const profilesRef = useRef<PlexProfile[]>([]);
+  const [profiles, setProfiles] = useState<PlexProfile[]>([]);
+  const [mainUserId, setMainUserId] = useState<number | null>(null);
+  const [showProfileSelector, setShowProfileSelector] = useState(false);
+  const [showPinEntry, setShowPinEntry] = useState(false);
+  const [pinProfileId, setPinProfileId] = useState<string | null>(null);
+  const [pinProfileName, setPinProfileName] = useState<string | null>(null);
+  const [pinProfileThumb, setPinProfileThumb] = useState<string | null>(null);
+  const [pinIsProtected, setPinIsProtected] = useState<boolean>(false);
+  const [pinIsMainUser, setPinIsMainUser] = useState<boolean>(false);
+  const [pinError, setPinError] = useState<string | null>(null);
 
   // Effect that is triggered when the `authToken` comes back from the Plex OAuth
-  // We take the token and attempt to sign in. If we get a success message, we will
-  // ask swr to revalidate the user which _should_ come back with a valid user.
   useEffect(() => {
     const login = async () => {
       setProcessing(true);
       try {
         const response = await axios.post('/api/v1/auth/plex', { authToken });
-
-        if (response.data?.id) {
-          revalidate();
+        switch (response.data?.status) {
+          case 'REQUIRES_PIN': {
+            setPinProfileId(response.data.profileId);
+            setPinProfileName(response.data.profileName);
+            setPinProfileThumb(response.data.profileThumb);
+            setPinIsProtected(response.data.isProtected);
+            setPinIsMainUser(response.data.isMainUser);
+            setShowPinEntry(true);
+            break;
+          }
+          case 'REQUIRES_PROFILE': {
+            setProfiles(response.data.profiles);
+            profilesRef.current = response.data.profiles;
+            const rawUserId = response.data.mainUserId;
+            let numericUserId = Number(rawUserId);
+            if (!numericUserId || isNaN(numericUserId) || numericUserId <= 0) {
+              numericUserId = 1;
+            }
+            setMainUserId(numericUserId);
+            setShowProfileSelector(true);
+            break;
+          }
+          default:
+            if (response.data?.id) {
+              revalidate();
+            }
+            break;
         }
       } catch (e) {
-        setError(e.response?.data?.message);
+        const httpStatus = e?.response?.status;
+        const msg =
+          httpStatus === 403
+            ? intl.formatMessage(messages.accessDenied)
+            : e?.response?.data?.message ??
+              intl.formatMessage(messages.authFailed);
+        setError(msg);
         setAuthToken(undefined);
+      } finally {
         setProcessing(false);
       }
     };
     if (authToken) {
       login();
     }
-  }, [authToken, revalidate]);
+  }, [authToken, revalidate, intl]);
+
+  const handleSubmitProfile = async (
+    profileId: string,
+    pin?: string,
+    onError?: (msg: string) => void
+  ) => {
+    setProcessing(true);
+    setError('');
+
+    try {
+      const payload = {
+        profileId,
+        mainUserId,
+        ...(pin && { pin }),
+        ...(authToken && { authToken }),
+      };
+
+      const response = await axios.post(
+        '/api/v1/auth/plex/profile/select',
+        payload
+      );
+
+      if (response.data?.status === 'REQUIRES_PIN') {
+        setShowPinEntry(true);
+        setPinProfileId(profileId);
+        setPinProfileName(
+          profiles.find((p) => p.id === profileId)?.title ||
+            profiles.find((p) => p.id === profileId)?.username ||
+            'Profile'
+        );
+        setPinProfileThumb(
+          profiles.find((p) => p.id === profileId)?.thumb || null
+        );
+        setPinIsProtected(
+          profiles.find((p) => p.id === profileId)?.protected || false
+        );
+        setPinIsMainUser(
+          profiles.find((p) => p.id === profileId)?.isMainUser || false
+        );
+        setPinError(intl.formatMessage(messages.invalidPin));
+        throw new Error('Invalid PIN');
+      } else {
+        setShowProfileSelector(false);
+        setShowPinEntry(false);
+        setPinError(null);
+        setPinProfileId(null);
+        setPinProfileName(null);
+        setPinProfileThumb(null);
+        setPinIsProtected(false);
+        setPinIsMainUser(false);
+        revalidate();
+      }
+    } catch (e) {
+      const code = e?.response?.data?.error as string | undefined;
+      const httpStatus = e?.response?.status;
+      let msg: string;
+
+      switch (code) {
+        case ApiErrorCode.NewPlexLoginDisabled:
+          msg = intl.formatMessage(messages.accessDenied);
+          break;
+        case ApiErrorCode.InvalidPin:
+          msg = intl.formatMessage(messages.invalidPin);
+          break;
+        case ApiErrorCode.ProfileUserExists:
+          msg = intl.formatMessage(messages.profileUserExists);
+          break;
+        default:
+          if (httpStatus === 401) {
+            msg = intl.formatMessage(messages.invalidPin);
+          } else if (httpStatus === 403) {
+            msg = intl.formatMessage(messages.accessDenied);
+          } else {
+            msg =
+              e?.response?.data?.message ??
+              intl.formatMessage(messages.authFailed);
+          }
+      }
+      setError(msg);
+      if (onError) {
+        onError(msg);
+      }
+    }
+  };
 
-  // Effect that is triggered whenever `useUser`'s user changes. If we get a new
-  // valid user, we redirect the user to the home page as the login was successful.
   useEffect(() => {
     if (user) {
       router.push('/');
@@ -197,48 +328,85 @@ const Login = () => {
               </div>
             </Transition>
             <div className="px-10 py-8">
-              <SwitchTransition mode="out-in">
-                <CSSTransition
-                  key={mediaServerLogin ? 'ms' : 'local'}
-                  nodeRef={loginRef}
-                  addEndListener={(done) => {
-                    loginRef.current?.addEventListener(
-                      'transitionend',
-                      done,
-                      false
-                    );
+              {showPinEntry && pinProfileId && pinProfileName ? (
+                <PlexPinEntry
+                  profileId={pinProfileId}
+                  profileName={pinProfileName}
+                  profileThumb={pinProfileThumb}
+                  isProtected={pinIsProtected}
+                  isMainUser={pinIsMainUser}
+                  error={pinError}
+                  onSubmit={(pin) => {
+                    return handleSubmitProfile(pinProfileId, pin);
                   }}
-                  onEntered={() => {
-                    document
-                      .querySelector<HTMLInputElement>('#email, #username')
-                      ?.focus();
+                  onCancel={() => {
+                    setShowPinEntry(false);
+                    setPinProfileId(null);
+                    setPinProfileName(null);
+                    setPinProfileThumb(null);
+                    setPinIsProtected(false);
+                    setPinIsMainUser(false);
+                    setPinError(null);
+                    setShowProfileSelector(true);
                   }}
-                  classNames={{
-                    appear: 'opacity-0',
-                    appearActive: 'transition-opacity duration-500 opacity-100',
-                    enter: 'opacity-0',
-                    enterActive: 'transition-opacity duration-500 opacity-100',
-                    exitActive: 'transition-opacity duration-0 opacity-0',
-                  }}
-                >
-                  <div ref={loginRef} className="button-container">
-                    {isJellyfin &&
-                    (mediaServerLogin ||
-                      !settings.currentSettings.localLogin) ? (
-                      <JellyfinLogin
-                        serverType={settings.currentSettings.mediaServerType}
-                        revalidate={revalidate}
-                      />
-                    ) : (
-                      settings.currentSettings.localLogin && (
-                        <LocalLogin revalidate={revalidate} />
-                      )
-                    )}
-                  </div>
-                </CSSTransition>
-              </SwitchTransition>
+                />
+              ) : showProfileSelector ? (
+                <PlexProfileSelector
+                  profiles={profiles}
+                  mainUserId={mainUserId || 1}
+                  authToken={authToken}
+                  onProfileSelected={(profileId, pin, onError) =>
+                    handleSubmitProfile(profileId, pin, onError)
+                  }
+                />
+              ) : (
+                <SwitchTransition mode="out-in">
+                  <CSSTransition
+                    key={mediaServerLogin ? 'ms' : 'local'}
+                    nodeRef={loginRef}
+                    addEndListener={(done) => {
+                      loginRef.current?.addEventListener(
+                        'transitionend',
+                        done,
+                        false
+                      );
+                    }}
+                    onEntered={() => {
+                      document
+                        .querySelector<HTMLInputElement>('#email, #username')
+                        ?.focus();
+                    }}
+                    classNames={{
+                      appear: 'opacity-0',
+                      appearActive:
+                        'transition-opacity duration-500 opacity-100',
+                      enter: 'opacity-0',
+                      enterActive:
+                        'transition-opacity duration-500 opacity-100',
+                      exitActive: 'transition-opacity duration-0 opacity-0',
+                    }}
+                  >
+                    <div ref={loginRef} className="button-container">
+                      {isJellyfin &&
+                      (mediaServerLogin ||
+                        !settings.currentSettings.localLogin) ? (
+                        <JellyfinLogin
+                          serverType={settings.currentSettings.mediaServerType}
+                          revalidate={revalidate}
+                        />
+                      ) : (
+                        settings.currentSettings.localLogin && (
+                          <LocalLogin revalidate={revalidate} />
+                        )
+                      )}
+                    </div>
+                  </CSSTransition>
+                </SwitchTransition>
+              )}
 
-              {additionalLoginOptions.length > 0 &&
+              {!showProfileSelector &&
+                !showPinEntry &&
+                additionalLoginOptions.length > 0 &&
                 (loginFormVisible ? (
                   <div className="flex items-center py-5">
                     <div className="flex-grow border-t border-gray-600"></div>
@@ -253,13 +421,15 @@ const Login = () => {
                   </h2>
                 ))}
 
-              <div
-                className={`flex w-full flex-wrap gap-2 ${
-                  !loginFormVisible ? 'flex-col' : ''
-                }`}
-              >
-                {additionalLoginOptions}
-              </div>
+              {!showProfileSelector && !showPinEntry && (
+                <div
+                  className={`flex w-full flex-wrap gap-2 ${
+                    !loginFormVisible ? 'flex-col' : ''
+                  }`}
+                >
+                  {additionalLoginOptions}
+                </div>
+              )}
             </div>
           </>
         </div>

src/components/Settings/Notifications/NotificationsEmail.tsx

@@ -77,18 +77,13 @@ const NotificationsEmail = () => {
           otherwise: Yup.string().nullable(),
         })
         .email(intl.formatMessage(messages.validationEmail)),
-      smtpHost: Yup.string()
-        .when('enabled', {
-          is: true,
-          then: Yup.string()
-            .nullable()
-            .required(intl.formatMessage(messages.validationSmtpHostRequired)),
-          otherwise: Yup.string().nullable(),
-        })
-        .matches(
-          /^(((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])):((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))@)?(([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])$/i,
-          intl.formatMessage(messages.validationSmtpHostRequired)
-        ),
+      smtpHost: Yup.string().when('enabled', {
+        is: true,
+        then: Yup.string()
+          .nullable()
+          .required(intl.formatMessage(messages.validationSmtpHostRequired)),
+        otherwise: Yup.string().nullable(),
+      }),
       smtpPort: Yup.number().when('enabled', {
         is: true,
         then: Yup.number()

src/components/Settings/Notifications/NotificationsLunaSea/index.tsx

@@ -1,272 +0,0 @@
-import Button from '@app/components/Common/Button';
-import LoadingSpinner from '@app/components/Common/LoadingSpinner';
-import NotificationTypeSelector from '@app/components/NotificationTypeSelector';
-import globalMessages from '@app/i18n/globalMessages';
-import defineMessages from '@app/utils/defineMessages';
-import { ArrowDownOnSquareIcon, BeakerIcon } from '@heroicons/react/24/outline';
-import axios from 'axios';
-import { Field, Form, Formik } from 'formik';
-import { useState } from 'react';
-import { useIntl } from 'react-intl';
-import { useToasts } from 'react-toast-notifications';
-import useSWR from 'swr';
-import * as Yup from 'yup';
-
-const messages = defineMessages(
-  'components.Settings.Notifications.NotificationsLunaSea',
-  {
-    agentenabled: 'Enable Agent',
-    webhookUrl: 'Webhook URL',
-    webhookUrlTip:
-      'Your user- or device-based <LunaSeaLink>notification webhook URL</LunaSeaLink>',
-    validationWebhookUrl: 'You must provide a valid URL',
-    profileName: 'Profile Name',
-    profileNameTip:
-      'Only required if not using the <code>default</code> profile',
-    settingsSaved: 'LunaSea notification settings saved successfully!',
-    settingsFailed: 'LunaSea notification settings failed to save.',
-    toastLunaSeaTestSending: 'Sending LunaSea test notification…',
-    toastLunaSeaTestSuccess: 'LunaSea test notification sent!',
-    toastLunaSeaTestFailed: 'LunaSea test notification failed to send.',
-    validationTypes: 'You must select at least one notification type',
-  }
-);
-
-const NotificationsLunaSea = () => {
-  const intl = useIntl();
-  const { addToast, removeToast } = useToasts();
-  const [isTesting, setIsTesting] = useState(false);
-  const {
-    data,
-    error,
-    mutate: revalidate,
-  } = useSWR('/api/v1/settings/notifications/lunasea');
-
-  const NotificationsLunaSeaSchema = Yup.object().shape({
-    webhookUrl: Yup.string()
-      .when('enabled', {
-        is: true,
-        then: Yup.string()
-          .nullable()
-          .required(intl.formatMessage(messages.validationWebhookUrl)),
-        otherwise: Yup.string().nullable(),
-      })
-      .url(intl.formatMessage(messages.validationWebhookUrl)),
-  });
-
-  if (!data && !error) {
-    return <LoadingSpinner />;
-  }
-
-  return (
-    <Formik
-      initialValues={{
-        enabled: data.enabled,
-        types: data.types,
-        webhookUrl: data.options.webhookUrl,
-        profileName: data.options.profileName,
-      }}
-      validationSchema={NotificationsLunaSeaSchema}
-      onSubmit={async (values) => {
-        try {
-          await axios.post('/api/v1/settings/notifications/lunasea', {
-            enabled: values.enabled,
-            types: values.types,
-            options: {
-              webhookUrl: values.webhookUrl,
-              profileName: values.profileName,
-            },
-          });
-          addToast(intl.formatMessage(messages.settingsSaved), {
-            appearance: 'success',
-            autoDismiss: true,
-          });
-        } catch (e) {
-          addToast(intl.formatMessage(messages.settingsFailed), {
-            appearance: 'error',
-            autoDismiss: true,
-          });
-        } finally {
-          revalidate();
-        }
-      }}
-    >
-      {({
-        errors,
-        touched,
-        isSubmitting,
-        values,
-        isValid,
-        setFieldValue,
-        setFieldTouched,
-      }) => {
-        const testSettings = async () => {
-          setIsTesting(true);
-          let toastId: string | undefined;
-          try {
-            addToast(
-              intl.formatMessage(messages.toastLunaSeaTestSending),
-              {
-                autoDismiss: false,
-                appearance: 'info',
-              },
-              (id) => {
-                toastId = id;
-              }
-            );
-            await axios.post('/api/v1/settings/notifications/lunasea/test', {
-              enabled: true,
-              types: values.types,
-              options: {
-                webhookUrl: values.webhookUrl,
-                profileName: values.profileName,
-              },
-            });
-
-            if (toastId) {
-              removeToast(toastId);
-            }
-            addToast(intl.formatMessage(messages.toastLunaSeaTestSuccess), {
-              autoDismiss: true,
-              appearance: 'success',
-            });
-          } catch (e) {
-            if (toastId) {
-              removeToast(toastId);
-            }
-            addToast(intl.formatMessage(messages.toastLunaSeaTestFailed), {
-              autoDismiss: true,
-              appearance: 'error',
-            });
-          } finally {
-            setIsTesting(false);
-          }
-        };
-
-        return (
-          <Form className="section">
-            <div className="form-row">
-              <label htmlFor="enabled" className="checkbox-label">
-                {intl.formatMessage(messages.agentenabled)}
-                <span className="label-required">*</span>
-              </label>
-              <div className="form-input-area">
-                <Field type="checkbox" id="enabled" name="enabled" />
-              </div>
-            </div>
-            <div className="form-row">
-              <label htmlFor="name" className="text-label">
-                {intl.formatMessage(messages.webhookUrl)}
-                <span className="label-required">*</span>
-                <span className="label-tip">
-                  {intl.formatMessage(messages.webhookUrlTip, {
-                    LunaSeaLink: (msg: React.ReactNode) => (
-                      <a
-                        href="https://docs.lunasea.app/lunasea/notifications/overseerr"
-                        className="text-white transition duration-300 hover:underline"
-                        target="_blank"
-                        rel="noreferrer"
-                      >
-                        {msg}
-                      </a>
-                    ),
-                  })}
-                </span>
-              </label>
-              <div className="form-input-area">
-                <div className="form-input-field">
-                  <Field
-                    id="webhookUrl"
-                    name="webhookUrl"
-                    type="text"
-                    inputMode="url"
-                  />
-                </div>
-                {errors.webhookUrl &&
-                  touched.webhookUrl &&
-                  typeof errors.webhookUrl === 'string' && (
-                    <div className="error">{errors.webhookUrl}</div>
-                  )}
-              </div>
-            </div>
-            <div className="form-row">
-              <label htmlFor="profileName" className="text-label">
-                {intl.formatMessage(messages.profileName)}
-                <span className="label-tip">
-                  {intl.formatMessage(messages.profileNameTip, {
-                    code: (msg: React.ReactNode) => (
-                      <code className="bg-opacity-50">{msg}</code>
-                    ),
-                  })}
-                </span>
-              </label>
-              <div className="form-input-area">
-                <div className="form-input-field">
-                  <Field id="profileName" name="profileName" type="text" />
-                </div>
-              </div>
-            </div>
-            <NotificationTypeSelector
-              currentTypes={values.enabled ? values.types : 0}
-              onUpdate={(newTypes) => {
-                setFieldValue('types', newTypes);
-                setFieldTouched('types');
-
-                if (newTypes) {
-                  setFieldValue('enabled', true);
-                }
-              }}
-              error={
-                values.enabled && !values.types && touched.types
-                  ? intl.formatMessage(messages.validationTypes)
-                  : undefined
-              }
-            />
-            <div className="actions">
-              <div className="flex justify-end">
-                <span className="ml-3 inline-flex rounded-md shadow-sm">
-                  <Button
-                    buttonType="warning"
-                    disabled={isSubmitting || !isValid || isTesting}
-                    onClick={(e) => {
-                      e.preventDefault();
-                      testSettings();
-                    }}
-                  >
-                    <BeakerIcon />
-                    <span>
-                      {isTesting
-                        ? intl.formatMessage(globalMessages.testing)
-                        : intl.formatMessage(globalMessages.test)}
-                    </span>
-                  </Button>
-                </span>
-                <span className="ml-3 inline-flex rounded-md shadow-sm">
-                  <Button
-                    buttonType="primary"
-                    type="submit"
-                    disabled={
-                      isSubmitting ||
-                      !isValid ||
-                      isTesting ||
-                      (values.enabled && !values.types)
-                    }
-                  >
-                    <ArrowDownOnSquareIcon />
-                    <span>
-                      {isSubmitting
-                        ? intl.formatMessage(globalMessages.saving)
-                        : intl.formatMessage(globalMessages.save)}
-                    </span>
-                  </Button>
-                </span>
-              </div>
-            </div>
-          </Form>
-        );
-      }}
-    </Formik>
-  );
-};
-
-export default NotificationsLunaSea;

src/components/Settings/RadarrModal/index.tsx

@@ -96,12 +96,9 @@ const RadarrModal = ({ onClose, radarr, onSave }: RadarrModalProps) => {
     name: Yup.string().required(
       intl.formatMessage(messages.validationNameRequired)
     ),
-    hostname: Yup.string()
-      .required(intl.formatMessage(messages.validationHostnameRequired))
-      .matches(
-        /^(((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])):((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))@)?(([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])$/i,
-        intl.formatMessage(messages.validationHostnameRequired)
-      ),
+    hostname: Yup.string().required(
+      intl.formatMessage(messages.validationHostnameRequired)
+    ),
     port: Yup.number()
       .nullable()
       .required(intl.formatMessage(messages.validationPortRequired)),

src/components/Settings/SettingsJellyfin.tsx

@@ -113,11 +113,7 @@ const SettingsJellyfin: React.FC<SettingsJellyfinProps> = ({
   const JellyfinSettingsSchema = Yup.object().shape({
     hostname: Yup.string()
       .nullable()
-      .required(intl.formatMessage(messages.validationHostnameRequired))
-      .matches(
-        /^(((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])):((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))@)?(([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])$/i,
-        intl.formatMessage(messages.validationHostnameRequired)
-      ),
+      .required(intl.formatMessage(messages.validationHostnameRequired)),
     port: Yup.number().when(['hostname'], {
       is: (value: unknown) => !!value,
       then: Yup.number()

src/components/Settings/SettingsNetwork/index.tsx

@@ -42,6 +42,9 @@ const messages = defineMessages('components.Settings.SettingsNetwork', {
   networkDisclaimer:
     'Network parameters from your container/system should be used instead of these settings. See the {docs} for more information.',
   docs: 'documentation',
+  forceIpv4First: 'Force IPv4 Resolution First',
+  forceIpv4FirstTip:
+    'Force Jellyseerr to resolve IPv4 addresses first instead of IPv6',
 });
 
 const SettingsNetwork = () => {
@@ -86,6 +89,7 @@ const SettingsNetwork = () => {
         <Formik
           initialValues={{
             csrfProtection: data?.csrfProtection,
+            forceIpv4First: data?.forceIpv4First,
             trustProxy: data?.trustProxy,
             proxyEnabled: data?.proxy?.enabled,
             proxyHostname: data?.proxy?.hostname,
@@ -102,6 +106,7 @@ const SettingsNetwork = () => {
             try {
               await axios.post('/api/v1/settings/network', {
                 csrfProtection: values.csrfProtection,
+                forceIpv4First: values.forceIpv4First,
                 trustProxy: values.trustProxy,
                 proxy: {
                   enabled: values.proxyEnabled,
@@ -193,6 +198,29 @@ const SettingsNetwork = () => {
                     </Tooltip>
                   </div>
                 </div>
+                <div className="form-row">
+                  <label htmlFor="forceIpv4First" className="checkbox-label">
+                    <span className="mr-2">
+                      {intl.formatMessage(messages.forceIpv4First)}
+                    </span>
+                    <SettingsBadge badgeType="advanced" className="mr-2" />
+                    <SettingsBadge badgeType="restartRequired" />
+                    <SettingsBadge badgeType="experimental" />
+                    <span className="label-tip">
+                      {intl.formatMessage(messages.forceIpv4FirstTip)}
+                    </span>
+                  </label>
+                  <div className="form-input-area">
+                    <Field
+                      type="checkbox"
+                      id="forceIpv4First"
+                      name="forceIpv4First"
+                      onChange={() => {
+                        setFieldValue('forceIpv4First', !values.forceIpv4First);
+                      }}
+                    />
+                  </div>
+                </div>
                 <div className="form-row">
                   <label htmlFor="proxyEnabled" className="checkbox-label">
                     <span className="mr-2">

src/components/Settings/SettingsNotifications.tsx

@@ -1,6 +1,5 @@
 import DiscordLogo from '@app/assets/extlogos/discord.svg';
 import GotifyLogo from '@app/assets/extlogos/gotify.svg';
-import LunaSeaLogo from '@app/assets/extlogos/lunasea.svg';
 import NtfyLogo from '@app/assets/extlogos/ntfy.svg';
 import PushbulletLogo from '@app/assets/extlogos/pushbullet.svg';
 import PushoverLogo from '@app/assets/extlogos/pushover.svg';
@@ -87,17 +86,6 @@ const SettingsNotifications = ({ children }: SettingsNotificationsProps) => {
       route: '/settings/notifications/ntfy',
       regex: /^\/settings\/notifications\/ntfy/,
     },
-    {
-      text: 'LunaSea',
-      content: (
-        <span className="flex items-center">
-          <LunaSeaLogo className="mr-2 h-4" />
-          LunaSea
-        </span>
-      ),
-      route: '/settings/notifications/lunasea',
-      regex: /^\/settings\/notifications\/lunasea/,
-    },
     {
       text: 'Pushbullet',
       content: (

src/components/Settings/SettingsPlex.tsx

@@ -136,11 +136,7 @@ const SettingsPlex = ({ onComplete }: SettingsPlexProps) => {
   const PlexSettingsSchema = Yup.object().shape({
     hostname: Yup.string()
       .nullable()
-      .required(intl.formatMessage(messages.validationHostnameRequired))
-      .matches(
-        /^(((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])):((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))@)?(([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])$/i,
-        intl.formatMessage(messages.validationHostnameRequired)
-      ),
+      .required(intl.formatMessage(messages.validationHostnameRequired)),
     port: Yup.number()
       .nullable()
       .required(intl.formatMessage(messages.validationPortRequired)),

src/components/Settings/SonarrModal/index.tsx

@@ -103,12 +103,9 @@ const SonarrModal = ({ onClose, sonarr, onSave }: SonarrModalProps) => {
     name: Yup.string().required(
       intl.formatMessage(messages.validationNameRequired)
     ),
-    hostname: Yup.string()
-      .required(intl.formatMessage(messages.validationHostnameRequired))
-      .matches(
-        /^(((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])):((([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))@)?(([a-z]|\d|_|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*)?([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])$/i,
-        intl.formatMessage(messages.validationHostnameRequired)
-      ),
+    hostname: Yup.string().required(
+      intl.formatMessage(messages.validationHostnameRequired)
+    ),
     port: Yup.number()
       .nullable()
       .required(intl.formatMessage(messages.validationPortRequired)),

src/components/Setup/JellyfinSetup.tsx

@@ -27,7 +27,6 @@ const messages = defineMessages('components.Login', {
   validationusernamerequired: 'Username required',
   validationpasswordrequired: 'You must provide a password',
   validationservertyperequired: 'Please select a server type',
-  validationHostnameRequired: 'You must provide a valid hostname or IP address',
   validationPortRequired: 'You must provide a valid port number',
   validationUrlTrailingSlash: 'URL must not end in a trailing slash',
   validationUrlBaseLeadingSlash: 'URL base must have a leading slash',

src/components/Setup/SetupLogin.tsx

@@ -34,22 +34,37 @@ const SetupLogin: React.FC<LoginWithMediaServerProps> = ({
     MediaServerType.NOT_CONFIGURED
   );
   const { user, revalidate } = useUser();
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
 
   // Effect that is triggered when the `authToken` comes back from the Plex OAuth
-  // We take the token and attempt to login. If we get a success message, we will
-  // ask swr to revalidate the user which _shouid_ come back with a valid user.
-
   useEffect(() => {
     const login = async () => {
-      const response = await axios.post('/api/v1/auth/plex', {
-        authToken: authToken,
-      });
+      if (!authToken) return;
 
-      if (response.data?.email) {
-        revalidate();
+      setIsLoading(true);
+      setError(null);
+
+      try {
+        const response = await axios.post('/api/v1/auth/plex', {
+          authToken,
+          isSetup: true,
+        });
+
+        if (response.status >= 200 && response.status < 300) {
+          revalidate();
+        }
+      } catch (err) {
+        setError(
+          err.response?.data?.message ||
+            'Failed to connect to Plex. Please try again.'
+        );
+      } finally {
+        setIsLoading(false);
       }
     };
-    if (authToken && mediaServerType == MediaServerType.PLEX) {
+
+    if (authToken && mediaServerType === MediaServerType.PLEX) {
       login();
     }
   }, [authToken, mediaServerType, revalidate]);
@@ -58,7 +73,7 @@ const SetupLogin: React.FC<LoginWithMediaServerProps> = ({
     if (user) {
       onComplete();
     }
-  }, [user, mediaServerType, onComplete]);
+  }, [user, onComplete]);
 
   return (
     <div className="p-4">
@@ -74,14 +89,20 @@ const SetupLogin: React.FC<LoginWithMediaServerProps> = ({
           <FormattedMessage {...messages.signinWithPlex} />
         )}
       </div>
+
+      {error && (
+        <div className="mb-4 rounded bg-red-600 p-3 text-white">{error}</div>
+      )}
+
       {serverType === MediaServerType.PLEX && (
         <>
           <div className="flex justify-center bg-black/30 px-10 py-8">
             <PlexLoginButton
+              isProcessing={isLoading}
               large
-              onAuthToken={(authToken) => {
+              onAuthToken={(token) => {
                 setMediaServerType(MediaServerType.PLEX);
-                setAuthToken(authToken);
+                setAuthToken(token);
               }}
             />
           </div>

src/components/UserList/PlexImportModal.tsx

@@ -5,7 +5,7 @@ import globalMessages from '@app/i18n/globalMessages';
 import defineMessages from '@app/utils/defineMessages';
 import axios from 'axios';
 import Image from 'next/image';
-import { useState } from 'react';
+import { useEffect, useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR from 'swr';
@@ -16,14 +16,31 @@ interface PlexImportProps {
 }
 
 const messages = defineMessages('components.UserList', {
-  importfromplex: 'Import Plex Users',
-  importfromplexerror: 'Something went wrong while importing Plex users.',
-  importedfromplex:
-    '<strong>{userCount}</strong> Plex {userCount, plural, one {user} other {users}} imported successfully!',
+  importfromplex: 'Import Plex Users & Profiles',
+  importfromplexerror:
+    'Something went wrong while importing Plex users and profiles.',
   user: 'User',
-  nouserstoimport: 'There are no Plex users to import.',
+  profile: 'Profile',
+  nouserstoimport: 'There are no Plex users or profiles to import.',
   newplexsigninenabled:
     'The <strong>Enable New Plex Sign-In</strong> setting is currently enabled. Plex users with library access do not need to be imported in order to sign in.',
+  possibleDuplicate: 'Possible duplicate',
+  duplicateUserWarning:
+    'This user appears to be a duplicate of an existing user or profile.',
+  duplicateProfileWarning:
+    'This profile appears to be a duplicate of an existing user or profile.',
+  importSuccess:
+    '{count, plural, one {# item was} other {# items were}} imported successfully.',
+  importSuccessUsers:
+    '{count, plural, one {# user was} other {# users were}} imported successfully.',
+  importSuccessProfiles:
+    '{count, plural, one {# profile was} other {# profiles were}} imported successfully.',
+  importSuccessMixed:
+    '{userCount, plural, one {# user} other {# users}} and {profileCount, plural, one {# profile} other {# profiles}} were imported successfully.',
+  skippedUsersDuplicates:
+    '{count, plural, one {# user was} other {# users were}} skipped due to duplicates.',
+  skippedProfilesDuplicates:
+    '{count, plural, one {# profile was} other {# profiles were}} skipped due to duplicates.',
 });
 
 const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
@@ -32,44 +49,148 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
   const { addToast } = useToasts();
   const [isImporting, setImporting] = useState(false);
   const [selectedUsers, setSelectedUsers] = useState<string[]>([]);
-  const { data, error } = useSWR<
-    {
+  const [selectedProfiles, setSelectedProfiles] = useState<string[]>([]);
+  const [duplicateMap, setDuplicateMap] = useState<{
+    [key: string]: { type: 'user' | 'profile'; duplicateWith: string[] };
+  }>({});
+
+  const { data, error } = useSWR<{
+    users: {
       id: string;
       title: string;
       username: string;
       email: string;
       thumb: string;
-    }[]
-  >(`/api/v1/settings/plex/users`, {
+    }[];
+    profiles: {
+      id: string;
+      title: string;
+      username?: string;
+      thumb: string;
+      isMainUser?: boolean;
+      protected?: boolean;
+    }[];
+  }>('/api/v1/settings/plex/users', {
     revalidateOnMount: true,
   });
 
+  useEffect(() => {
+    if (data) {
+      const duplicates: {
+        [key: string]: { type: 'user' | 'profile'; duplicateWith: string[] };
+      } = {};
+
+      const usernameMap = new Map<string, string>();
+
+      data.users.forEach((user) => {
+        usernameMap.set(user.username.toLowerCase(), user.id);
+      });
+
+      data.profiles.forEach((profile) => {
+        const profileName = (profile.username || profile.title).toLowerCase();
+
+        if (usernameMap.has(profileName)) {
+          const userId = usernameMap.get(profileName);
+
+          duplicates[`profile-${profile.id}`] = {
+            type: 'profile',
+            duplicateWith: [`user-${userId}`],
+          };
+
+          duplicates[`user-${userId}`] = {
+            type: 'user',
+            duplicateWith: [`profile-${profile.id}`],
+          };
+        }
+      });
+
+      setDuplicateMap(duplicates);
+    }
+  }, [data]);
+
   const importUsers = async () => {
     setImporting(true);
 
     try {
-      const { data: createdUsers } = await axios.post(
+      const { data: response } = await axios.post(
         '/api/v1/user/import-from-plex',
-        { plexIds: selectedUsers }
-      );
-
-      if (!Array.isArray(createdUsers) || createdUsers.length === 0) {
-        throw new Error('No users were imported from Plex.');
-      }
-
-      addToast(
-        intl.formatMessage(messages.importedfromplex, {
-          userCount: createdUsers.length,
-          strong: (msg: React.ReactNode) => <strong>{msg}</strong>,
-        }),
         {
-          autoDismiss: true,
-          appearance: 'success',
+          plexIds: selectedUsers,
+          profileIds: selectedProfiles,
         }
       );
 
-      if (onComplete) {
-        onComplete();
+      if (response.data) {
+        const importedUsers = response.data.filter(
+          (item: { isPlexProfile: boolean }) => !item.isPlexProfile
+        ).length;
+        const importedProfiles = response.data.filter(
+          (item: { isPlexProfile: boolean }) => item.isPlexProfile
+        ).length;
+
+        let successMessage;
+        if (importedUsers > 0 && importedProfiles > 0) {
+          successMessage = intl.formatMessage(messages.importSuccessMixed, {
+            userCount: importedUsers,
+            profileCount: importedProfiles,
+          });
+        } else if (importedUsers > 0) {
+          successMessage = intl.formatMessage(messages.importSuccessUsers, {
+            count: importedUsers,
+          });
+        } else if (importedProfiles > 0) {
+          successMessage = intl.formatMessage(messages.importSuccessProfiles, {
+            count: importedProfiles,
+          });
+        } else {
+          successMessage = intl.formatMessage(messages.importSuccess, {
+            count: response.data.length,
+          });
+        }
+
+        let finalMessage = successMessage;
+
+        if (response.skipped && response.skipped.length > 0) {
+          const skippedUsers = response.skipped.filter(
+            (item: { type: string }) => item.type === 'user'
+          ).length;
+          const skippedProfiles = response.skipped.filter(
+            (item: { type: string }) => item.type === 'profile'
+          ).length;
+
+          let skippedMessage = '';
+          if (skippedUsers > 0) {
+            skippedMessage += intl.formatMessage(
+              messages.skippedUsersDuplicates,
+              {
+                count: skippedUsers,
+              }
+            );
+          }
+
+          if (skippedProfiles > 0) {
+            if (skippedMessage) skippedMessage += ' ';
+            skippedMessage += intl.formatMessage(
+              messages.skippedProfilesDuplicates,
+              {
+                count: skippedProfiles,
+              }
+            );
+          }
+
+          finalMessage += ` ${skippedMessage}`;
+        }
+
+        addToast(finalMessage, {
+          autoDismiss: true,
+          appearance: 'success',
+        });
+
+        if (onComplete) {
+          onComplete();
+        }
+      } else {
+        throw new Error('Invalid response format');
       }
     } catch (e) {
       addToast(intl.formatMessage(messages.importfromplexerror), {
@@ -84,24 +205,116 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
   const isSelectedUser = (plexId: string): boolean =>
     selectedUsers.includes(plexId);
 
-  const isAllUsers = (): boolean => selectedUsers.length === data?.length;
+  const isSelectedProfile = (plexId: string): boolean =>
+    selectedProfiles.includes(plexId);
+
+  const isDuplicate = (type: 'user' | 'profile', id: string): boolean => {
+    const key = `${type}-${id}`;
+    return !!duplicateMap[key];
+  };
+
+  const isDuplicateWithSelected = (
+    type: 'user' | 'profile',
+    id: string
+  ): boolean => {
+    const key = `${type}-${id}`;
+    if (!duplicateMap[key]) return false;
+
+    return duplicateMap[key].duplicateWith.some((dup) => {
+      if (dup.startsWith('user-')) {
+        const userId = dup.replace('user-', '');
+        return selectedUsers.includes(userId);
+      } else if (dup.startsWith('profile-')) {
+        const profileId = dup.replace('profile-', '');
+        return selectedProfiles.includes(profileId);
+      }
+      return false;
+    });
+  };
+
+  const hasSelectedDuplicate = (
+    type: 'user' | 'profile',
+    id: string
+  ): boolean => {
+    if (type === 'user' && selectedUsers.includes(id)) {
+      return isDuplicateWithSelected('user', id);
+    } else if (type === 'profile' && selectedProfiles.includes(id)) {
+      return isDuplicateWithSelected('profile', id);
+    }
+    return false;
+  };
+
+  const isAllUsers = (): boolean =>
+    data?.users && data.users.length > 0
+      ? selectedUsers.length === data.users.length
+      : false;
+
+  const isAllProfiles = (): boolean =>
+    data?.profiles && data.profiles.length > 0
+      ? selectedProfiles.length === data.profiles.length
+      : false;
 
   const toggleUser = (plexId: string): void => {
     if (selectedUsers.includes(plexId)) {
-      setSelectedUsers((users) => users.filter((user) => user !== plexId));
+      setSelectedUsers((users: string[]) =>
+        users.filter((user: string) => user !== plexId)
+      );
     } else {
-      setSelectedUsers((users) => [...users, plexId]);
+      const willCreateDuplicate = isDuplicateWithSelected('user', plexId);
+
+      if (willCreateDuplicate) {
+        addToast(intl.formatMessage(messages.duplicateUserWarning), {
+          autoDismiss: true,
+          appearance: 'warning',
+        });
+      }
+
+      setSelectedUsers((users: string[]) => [...users, plexId]);
+    }
+  };
+
+  const toggleProfile = (plexId: string): void => {
+    if (selectedProfiles.includes(plexId)) {
+      setSelectedProfiles((profiles: string[]) =>
+        profiles.filter((profile: string) => profile !== plexId)
+      );
+    } else {
+      const willCreateDuplicate = isDuplicateWithSelected('profile', plexId);
+
+      if (willCreateDuplicate) {
+        addToast(intl.formatMessage(messages.duplicateProfileWarning), {
+          autoDismiss: true,
+          appearance: 'warning',
+        });
+      }
+
+      setSelectedProfiles((profiles: string[]) => [...profiles, plexId]);
     }
   };
 
   const toggleAllUsers = (): void => {
-    if (data && selectedUsers.length >= 0 && !isAllUsers()) {
-      setSelectedUsers(data.map((user) => user.id));
+    if (data?.users && data.users.length > 0 && !isAllUsers()) {
+      setSelectedUsers(data.users.map((user) => user.id));
     } else {
       setSelectedUsers([]);
     }
   };
 
+  const toggleAllProfiles = (): void => {
+    if (data?.profiles && data.profiles.length > 0 && !isAllProfiles()) {
+      setSelectedProfiles(data.profiles.map((profile) => profile.id));
+    } else {
+      setSelectedProfiles([]);
+    }
+  };
+
+  const hasImportableContent =
+    (data?.users && data.users.length > 0) ||
+    (data?.profiles && data.profiles.length > 0);
+
+  const hasSelectedContent =
+    selectedUsers.length > 0 || selectedProfiles.length > 0;
+
   return (
     <Modal
       loading={!data && !error}
@@ -109,13 +322,13 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
       onOk={() => {
         importUsers();
       }}
-      okDisabled={isImporting || !selectedUsers.length}
+      okDisabled={isImporting || !hasSelectedContent}
       okText={intl.formatMessage(
         isImporting ? globalMessages.importing : globalMessages.import
       )}
       onCancel={onCancel}
     >
-      {data?.length ? (
+      {hasImportableContent ? (
         <>
           {settings.currentSettings.newPlexLogin && (
             <Alert
@@ -127,57 +340,26 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
               type="info"
             />
           )}
-          <div className="flex flex-col">
-            <div className="-mx-4 sm:mx-0">
-              <div className="inline-block min-w-full py-2 align-middle">
-                <div className="overflow-hidden shadow sm:rounded-lg">
-                  <table className="min-w-full">
-                    <thead>
-                      <tr>
-                        <th className="w-16 bg-gray-500 px-4 py-3">
-                          <span
-                            role="checkbox"
-                            tabIndex={0}
-                            aria-checked={isAllUsers()}
-                            onClick={() => toggleAllUsers()}
-                            onKeyDown={(e) => {
-                              if (e.key === 'Enter' || e.key === 'Space') {
-                                toggleAllUsers();
-                              }
-                            }}
-                            className="relative inline-flex h-5 w-10 flex-shrink-0 cursor-pointer items-center justify-center pt-2 focus:outline-none"
-                          >
-                            <span
-                              aria-hidden="true"
-                              className={`${
-                                isAllUsers() ? 'bg-indigo-500' : 'bg-gray-800'
-                              } absolute mx-auto h-4 w-9 rounded-full transition-colors duration-200 ease-in-out`}
-                            ></span>
-                            <span
-                              aria-hidden="true"
-                              className={`${
-                                isAllUsers() ? 'translate-x-5' : 'translate-x-0'
-                              } absolute left-0 inline-block h-5 w-5 rounded-full border border-gray-200 bg-white shadow transition-transform duration-200 ease-in-out group-focus:border-blue-300 group-focus:ring`}
-                            ></span>
-                          </span>
-                        </th>
-                        <th className="bg-gray-500 px-1 py-3 text-left text-xs font-medium uppercase leading-4 tracking-wider text-gray-200 md:px-6">
-                          {intl.formatMessage(messages.user)}
-                        </th>
-                      </tr>
-                    </thead>
-                    <tbody className="divide-y divide-gray-700 bg-gray-600">
-                      {data?.map((user) => (
-                        <tr key={`user-${user.id}`}>
-                          <td className="whitespace-nowrap px-4 py-4 text-sm font-medium leading-5 text-gray-100">
+
+          {/* Plex Users Section */}
+          {data?.users && data.users.length > 0 && (
+            <div className="mb-6 flex flex-col">
+              <h3 className="mb-2 text-lg font-medium">Plex Users</h3>
+              <div className="-mx-4 sm:mx-0">
+                <div className="inline-block min-w-full py-2 align-middle">
+                  <div className="overflow-hidden shadow sm:rounded-lg">
+                    <table className="min-w-full">
+                      <thead>
+                        <tr>
+                          <th className="w-16 bg-gray-500 px-4 py-3">
                             <span
                               role="checkbox"
                               tabIndex={0}
-                              aria-checked={isSelectedUser(user.id)}
-                              onClick={() => toggleUser(user.id)}
+                              aria-checked={isAllUsers()}
+                              onClick={() => toggleAllUsers()}
                               onKeyDown={(e) => {
                                 if (e.key === 'Enter' || e.key === 'Space') {
-                                  toggleUser(user.id);
+                                  toggleAllUsers();
                                 }
                               }}
                               className="relative inline-flex h-5 w-10 flex-shrink-0 cursor-pointer items-center justify-center pt-2 focus:outline-none"
@@ -185,7 +367,132 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
                               <span
                                 aria-hidden="true"
                                 className={`${
-                                  isSelectedUser(user.id)
+                                  isAllUsers() ? 'bg-indigo-500' : 'bg-gray-800'
+                                } absolute mx-auto h-4 w-9 rounded-full transition-colors duration-200 ease-in-out`}
+                              ></span>
+                              <span
+                                aria-hidden="true"
+                                className={`${
+                                  isAllUsers()
+                                    ? 'translate-x-5'
+                                    : 'translate-x-0'
+                                } absolute left-0 inline-block h-5 w-5 rounded-full border border-gray-200 bg-white shadow transition-transform duration-200 ease-in-out group-focus:border-blue-300 group-focus:ring`}
+                              ></span>
+                            </span>
+                          </th>
+                          <th className="bg-gray-500 px-1 py-3 text-left text-xs font-medium uppercase leading-4 tracking-wider text-gray-200 md:px-6">
+                            {intl.formatMessage(messages.user)}
+                          </th>
+                        </tr>
+                      </thead>
+                      <tbody className="divide-y divide-gray-700 bg-gray-600">
+                        {data.users.map((user) => (
+                          <tr
+                            key={`user-${user.id}`}
+                            className={
+                              hasSelectedDuplicate('user', user.id)
+                                ? 'bg-yellow-800/20'
+                                : ''
+                            }
+                          >
+                            <td className="whitespace-nowrap px-4 py-4 text-sm font-medium leading-5 text-gray-100">
+                              <span
+                                role="checkbox"
+                                tabIndex={0}
+                                aria-checked={isSelectedUser(user.id)}
+                                onClick={() => toggleUser(user.id)}
+                                onKeyDown={(e) => {
+                                  if (e.key === 'Enter' || e.key === 'Space') {
+                                    toggleUser(user.id);
+                                  }
+                                }}
+                                className="relative inline-flex h-5 w-10 flex-shrink-0 cursor-pointer items-center justify-center pt-2 focus:outline-none"
+                              >
+                                <span
+                                  aria-hidden="true"
+                                  className={`${
+                                    isSelectedUser(user.id)
+                                      ? 'bg-indigo-500'
+                                      : 'bg-gray-800'
+                                  } absolute mx-auto h-4 w-9 rounded-full transition-colors duration-200 ease-in-out`}
+                                ></span>
+                                <span
+                                  aria-hidden="true"
+                                  className={`${
+                                    isSelectedUser(user.id)
+                                      ? 'translate-x-5'
+                                      : 'translate-x-0'
+                                  } absolute left-0 inline-block h-5 w-5 rounded-full border border-gray-200 bg-white shadow transition-transform duration-200 ease-in-out group-focus:border-blue-300 group-focus:ring`}
+                                ></span>
+                              </span>
+                            </td>
+                            <td className="whitespace-nowrap px-1 py-4 text-sm font-medium leading-5 text-gray-100 md:px-6">
+                              <div className="flex items-center">
+                                <Image
+                                  className="h-10 w-10 flex-shrink-0 rounded-full"
+                                  src={user.thumb}
+                                  alt=""
+                                  width={40}
+                                  height={40}
+                                />
+                                <div className="ml-4">
+                                  <div className="flex items-center text-base font-bold leading-5">
+                                    {user.username}
+                                    {isDuplicate('user', user.id) && (
+                                      <span className="ml-2 rounded-full bg-yellow-600 px-2 py-0.5 text-xs font-normal">
+                                        {intl.formatMessage(
+                                          messages.possibleDuplicate
+                                        )}
+                                      </span>
+                                    )}
+                                  </div>
+                                  {user.username &&
+                                    user.username.toLowerCase() !==
+                                      user.email && (
+                                      <div className="text-sm leading-5 text-gray-300">
+                                        {user.email}
+                                      </div>
+                                    )}
+                                </div>
+                              </div>
+                            </td>
+                          </tr>
+                        ))}
+                      </tbody>
+                    </table>
+                  </div>
+                </div>
+              </div>
+            </div>
+          )}
+
+          {/* Plex Profiles Section */}
+          {data?.profiles && data.profiles.length > 0 && (
+            <div className="flex flex-col">
+              <h3 className="mb-2 text-lg font-medium">Plex Profiles</h3>
+              <div className="-mx-4 sm:mx-0">
+                <div className="inline-block min-w-full py-2 align-middle">
+                  <div className="overflow-hidden shadow sm:rounded-lg">
+                    <table className="min-w-full">
+                      <thead>
+                        <tr>
+                          <th className="w-16 bg-gray-500 px-4 py-3">
+                            <span
+                              role="checkbox"
+                              tabIndex={0}
+                              aria-checked={isAllProfiles()}
+                              onClick={() => toggleAllProfiles()}
+                              onKeyDown={(e) => {
+                                if (e.key === 'Enter' || e.key === 'Space') {
+                                  toggleAllProfiles();
+                                }
+                              }}
+                              className="relative inline-flex h-5 w-10 flex-shrink-0 cursor-pointer items-center justify-center pt-2 focus:outline-none"
+                            >
+                              <span
+                                aria-hidden="true"
+                                className={`${
+                                  isAllProfiles()
                                     ? 'bg-indigo-500'
                                     : 'bg-gray-800'
                                 } absolute mx-auto h-4 w-9 rounded-full transition-colors duration-200 ease-in-out`}
@@ -193,44 +500,96 @@ const PlexImportModal = ({ onCancel, onComplete }: PlexImportProps) => {
                               <span
                                 aria-hidden="true"
                                 className={`${
-                                  isSelectedUser(user.id)
+                                  isAllProfiles()
                                     ? 'translate-x-5'
                                     : 'translate-x-0'
                                 } absolute left-0 inline-block h-5 w-5 rounded-full border border-gray-200 bg-white shadow transition-transform duration-200 ease-in-out group-focus:border-blue-300 group-focus:ring`}
                               ></span>
                             </span>
-                          </td>
-                          <td className="whitespace-nowrap px-1 py-4 text-sm font-medium leading-5 text-gray-100 md:px-6">
-                            <div className="flex items-center">
-                              <Image
-                                className="h-10 w-10 flex-shrink-0 rounded-full"
-                                src={user.thumb}
-                                alt=""
-                                width={40}
-                                height={40}
-                              />
-                              <div className="ml-4">
-                                <div className="text-base font-bold leading-5">
-                                  {user.username}
-                                </div>
-                                {user.username &&
-                                  user.username.toLowerCase() !==
-                                    user.email && (
+                          </th>
+                          <th className="bg-gray-500 px-1 py-3 text-left text-xs font-medium uppercase leading-4 tracking-wider text-gray-200 md:px-6">
+                            {intl.formatMessage(messages.profile)}
+                          </th>
+                        </tr>
+                      </thead>
+                      <tbody className="divide-y divide-gray-700 bg-gray-600">
+                        {data.profiles.map((profile) => (
+                          <tr
+                            key={`profile-${profile.id}`}
+                            className={
+                              hasSelectedDuplicate('profile', profile.id)
+                                ? 'bg-yellow-800/20'
+                                : ''
+                            }
+                          >
+                            <td className="whitespace-nowrap px-4 py-4 text-sm font-medium leading-5 text-gray-100">
+                              <span
+                                role="checkbox"
+                                tabIndex={0}
+                                aria-checked={isSelectedProfile(profile.id)}
+                                onClick={() => toggleProfile(profile.id)}
+                                onKeyDown={(e) => {
+                                  if (e.key === 'Enter' || e.key === 'Space') {
+                                    toggleProfile(profile.id);
+                                  }
+                                }}
+                                className="relative inline-flex h-5 w-10 flex-shrink-0 cursor-pointer items-center justify-center pt-2 focus:outline-none"
+                              >
+                                <span
+                                  aria-hidden="true"
+                                  className={`${
+                                    isSelectedProfile(profile.id)
+                                      ? 'bg-indigo-500'
+                                      : 'bg-gray-800'
+                                  } absolute mx-auto h-4 w-9 rounded-full transition-colors duration-200 ease-in-out`}
+                                ></span>
+                                <span
+                                  aria-hidden="true"
+                                  className={`${
+                                    isSelectedProfile(profile.id)
+                                      ? 'translate-x-5'
+                                      : 'translate-x-0'
+                                  } absolute left-0 inline-block h-5 w-5 rounded-full border border-gray-200 bg-white shadow transition-transform duration-200 ease-in-out group-focus:border-blue-300 group-focus:ring`}
+                                ></span>
+                              </span>
+                            </td>
+                            <td className="whitespace-nowrap px-1 py-4 text-sm font-medium leading-5 text-gray-100 md:px-6">
+                              <div className="flex items-center">
+                                <Image
+                                  className="h-10 w-10 flex-shrink-0 rounded-full"
+                                  src={profile.thumb}
+                                  alt=""
+                                  width={40}
+                                  height={40}
+                                />
+                                <div className="ml-4">
+                                  <div className="flex items-center text-base font-bold leading-5">
+                                    {profile.title || profile.username}
+                                    {isDuplicate('profile', profile.id) && (
+                                      <span className="ml-2 rounded-full bg-yellow-600 px-2 py-0.5 text-xs font-normal">
+                                        {intl.formatMessage(
+                                          messages.possibleDuplicate
+                                        )}
+                                      </span>
+                                    )}
+                                  </div>
+                                  {profile.protected && (
                                     <div className="text-sm leading-5 text-gray-300">
-                                      {user.email}
+                                      (PIN protected)
                                     </div>
                                   )}
+                                </div>
                               </div>
-                            </div>
-                          </td>
-                        </tr>
-                      ))}
-                    </tbody>
-                  </table>
+                            </td>
+                          </tr>
+                        ))}
+                      </tbody>
+                    </table>
+                  </div>
                 </div>
               </div>
             </div>
-          </div>
+          )}
         </>
       ) : (
         <Alert

src/components/UserProfile/index.tsx

@@ -160,9 +160,12 @@ const UserProfile = () => {
                 <dd className="mt-1 text-3xl font-semibold text-white">
                   <Link
                     href={
-                      user.id === currentUser?.id
-                        ? '/profile/requests?filter=all'
-                        : `/users/${user?.id}/requests?filter=all`
+                      currentHasPermission(
+                        [Permission.MANAGE_REQUESTS, Permission.REQUEST_VIEW],
+                        { type: 'or' }
+                      )
+                        ? `/users/${user?.id}/requests?filter=all`
+                        : '/requests'
                     }
                   >
                     {intl.formatNumber(user.requestCount)}
@@ -293,9 +296,12 @@ const UserProfile = () => {
             <div className="slider-header">
               <Link
                 href={
-                  user.id === currentUser?.id
-                    ? '/profile/requests?filter=all'
-                    : `/users/${user?.id}/requests?filter=all`
+                  currentHasPermission(
+                    [Permission.MANAGE_REQUESTS, Permission.REQUEST_VIEW],
+                    { type: 'or' }
+                  )
+                    ? `/users/${user?.id}/requests?filter=all`
+                    : '/requests'
                 }
                 className="slider-title"
               >

src/i18n/locale/en.json

@@ -237,7 +237,20 @@
   "components.Layout.VersionStatus.outofdate": "Out of Date",
   "components.Layout.VersionStatus.streamdevelop": "Jellyseerr Develop",
   "components.Layout.VersionStatus.streamstable": "Jellyseerr Stable",
+  "components.Login.PlexPinEntry.accessDenied": "Access denied.",
+  "components.Login.PlexPinEntry.cancel": "Cancel",
+  "components.Login.PlexPinEntry.invalidPin": "Invalid PIN. Please try again.",
+  "components.Login.PlexPinEntry.pinCheck": "Checking PIN...",
+  "components.Login.PlexPinEntry.pinDescription": "Enter the PIN for this profile",
+  "components.Login.PlexPinEntry.pinRequired": "PIN Required",
+  "components.Login.PlexPinEntry.submit": "Submit",
+  "components.Login.PlexProfileSelector.profile": "Profile",
+  "components.Login.PlexProfileSelector.selectProfile": "Select Profile",
+  "components.Login.PlexProfileSelector.selectProfileDescription": "Select which Plex profile you want to use",
+  "components.Login.PlexProfileSelector.selectProfileError": "Failed to select profile",
+  "components.Login.accessDenied": "Access denied.",
   "components.Login.adminerror": "You must use an admin account to sign in.",
+  "components.Login.authFailed": "Authentication failed",
   "components.Login.back": "Go back",
   "components.Login.credentialerror": "The username or password is incorrect.",
   "components.Login.description": "Since this is your first time logging into {applicationName}, you are required to add a valid email address.",
@@ -248,6 +261,7 @@
   "components.Login.hostname": "{mediaServerName} URL",
   "components.Login.initialsignin": "Connect",
   "components.Login.initialsigningin": "Connecting…",
+  "components.Login.invalidPin": "Invalid PIN. Please try again.",
   "components.Login.invalidurlerror": "Unable to connect to {mediaServerName} server.",
   "components.Login.loginerror": "Something went wrong while trying to sign in.",
   "components.Login.loginwithapp": "Login with {appName}",
@@ -255,6 +269,7 @@
   "components.Login.orsigninwith": "Or sign in with",
   "components.Login.password": "Password",
   "components.Login.port": "Port",
+  "components.Login.profileUserExists": "A profile user already exists for this Plex account. Please contact your administrator to resolve this duplicate.",
   "components.Login.save": "Add",
   "components.Login.saving": "Adding…",
   "components.Login.servertype": "Server Type",
@@ -269,7 +284,6 @@
   "components.Login.username": "Username",
   "components.Login.validationEmailFormat": "Invalid email",
   "components.Login.validationEmailRequired": "You must provide an email",
-  "components.Login.validationHostnameRequired": "You must provide a valid hostname or IP address",
   "components.Login.validationPortRequired": "You must provide a valid port number",
   "components.Login.validationUrlBaseLeadingSlash": "URL base must have a leading slash",
   "components.Login.validationUrlBaseTrailingSlash": "URL base must not end in a trailing slash",
@@ -620,18 +634,6 @@
   "components.Settings.Notifications.NotificationsGotify.validationTypes": "You must select at least one notification type",
   "components.Settings.Notifications.NotificationsGotify.validationUrlRequired": "You must provide a valid URL",
   "components.Settings.Notifications.NotificationsGotify.validationUrlTrailingSlash": "URL must not end in a trailing slash",
-  "components.Settings.Notifications.NotificationsLunaSea.agentenabled": "Enable Agent",
-  "components.Settings.Notifications.NotificationsLunaSea.profileName": "Profile Name",
-  "components.Settings.Notifications.NotificationsLunaSea.profileNameTip": "Only required if not using the <code>default</code> profile",
-  "components.Settings.Notifications.NotificationsLunaSea.settingsFailed": "LunaSea notification settings failed to save.",
-  "components.Settings.Notifications.NotificationsLunaSea.settingsSaved": "LunaSea notification settings saved successfully!",
-  "components.Settings.Notifications.NotificationsLunaSea.toastLunaSeaTestFailed": "LunaSea test notification failed to send.",
-  "components.Settings.Notifications.NotificationsLunaSea.toastLunaSeaTestSending": "Sending LunaSea test notification…",
-  "components.Settings.Notifications.NotificationsLunaSea.toastLunaSeaTestSuccess": "LunaSea test notification sent!",
-  "components.Settings.Notifications.NotificationsLunaSea.validationTypes": "You must select at least one notification type",
-  "components.Settings.Notifications.NotificationsLunaSea.validationWebhookUrl": "You must provide a valid URL",
-  "components.Settings.Notifications.NotificationsLunaSea.webhookUrl": "Webhook URL",
-  "components.Settings.Notifications.NotificationsLunaSea.webhookUrlTip": "Your user- or device-based <LunaSeaLink>notification webhook URL</LunaSeaLink>",
   "components.Settings.Notifications.NotificationsNtfy.agentenabled": "Enable Agent",
   "components.Settings.Notifications.NotificationsNtfy.ntfysettingsfailed": "Ntfy notification settings failed to save.",
   "components.Settings.Notifications.NotificationsNtfy.ntfysettingssaved": "Ntfy notification settings saved successfully!",
@@ -978,10 +980,13 @@
   "components.Settings.SettingsMain.validationUrl": "You must provide a valid URL",
   "components.Settings.SettingsMain.validationUrlTrailingSlash": "URL must not end in a trailing slash",
   "components.Settings.SettingsMain.youtubeUrl": "YouTube URL",
+  "components.Settings.SettingsMain.youtubeUrlTip": "Base URL for YouTube videos if a self-hosted YouTube instance is used.",
   "components.Settings.SettingsNetwork.csrfProtection": "Enable CSRF Protection",
   "components.Settings.SettingsNetwork.csrfProtectionHoverTip": "Do NOT enable this setting unless you understand what you are doing!",
   "components.Settings.SettingsNetwork.csrfProtectionTip": "Set external API access to read-only (requires HTTPS)",
   "components.Settings.SettingsNetwork.docs": "documentation",
+  "components.Settings.SettingsNetwork.forceIpv4First": "Force IPv4 Resolution First",
+  "components.Settings.SettingsNetwork.forceIpv4FirstTip": "Force Jellyseerr to resolve IPv4 addresses first instead of IPv6",
   "components.Settings.SettingsNetwork.network": "Network",
   "components.Settings.SettingsNetwork.networkDisclaimer": "Network parameters from your container/system should be used instead of these settings. See the {docs} for more information.",
   "components.Settings.SettingsNetwork.networksettings": "Network Settings",
@@ -1213,7 +1218,7 @@
   "components.Setup.librarieserror": "Validation failed. Please toggle the libraries again to continue.",
   "components.Setup.servertype": "Choose Server Type",
   "components.Setup.setup": "Setup",
-  "components.Setup.signin": "Sign in to your account",
+  "components.Setup.signin": "Sign In",
   "components.Setup.signinMessage": "Get started by signing in",
   "components.Setup.signinWithEmby": "Enter your Emby details",
   "components.Setup.signinWithJellyfin": "Enter your Jellyfin details",
@@ -1291,27 +1296,36 @@
   "components.UserList.creating": "Creating…",
   "components.UserList.deleteconfirm": "Are you sure you want to delete this user? All of their request data will be permanently removed.",
   "components.UserList.deleteuser": "Delete User",
+  "components.UserList.duplicateProfileWarning": "This profile appears to be a duplicate of an existing user or profile.",
+  "components.UserList.duplicateUserWarning": "This user appears to be a duplicate of an existing user or profile.",
   "components.UserList.edituser": "Edit User Permissions",
   "components.UserList.email": "Email Address",
+  "components.UserList.importSuccess": "{count, plural, one {# item was} other {# items were}} imported successfully.",
+  "components.UserList.importSuccessMixed": "{userCount, plural, one {# user} other {# users}} and {profileCount, plural, one {# profile} other {# profiles}} were imported successfully.",
+  "components.UserList.importSuccessProfiles": "{count, plural, one {# profile was} other {# profiles were}} imported successfully.",
+  "components.UserList.importSuccessUsers": "{count, plural, one {# user was} other {# users were}} imported successfully.",
   "components.UserList.importedfromJellyfin": "<strong>{userCount}</strong> {mediaServerName} {userCount, plural, one {user} other {users}} imported successfully!",
-  "components.UserList.importedfromplex": "<strong>{userCount}</strong> Plex {userCount, plural, one {user} other {users}} imported successfully!",
   "components.UserList.importfromJellyfin": "Import {mediaServerName} Users",
   "components.UserList.importfromJellyfinerror": "Something went wrong while importing {mediaServerName} users.",
   "components.UserList.importfrommediaserver": "Import {mediaServerName} Users",
-  "components.UserList.importfromplex": "Import Plex Users",
-  "components.UserList.importfromplexerror": "Something went wrong while importing Plex users.",
+  "components.UserList.importfromplex": "Import Plex Users & Profiles",
+  "components.UserList.importfromplexerror": "Something went wrong while importing Plex users and profiles.",
   "components.UserList.localLoginDisabled": "The <strong>Enable Local Sign-In</strong> setting is currently disabled.",
   "components.UserList.localuser": "Local User",
   "components.UserList.mediaServerUser": "{mediaServerName} User",
   "components.UserList.newJellyfinsigninenabled": "The <strong>Enable New {mediaServerName} Sign-In</strong> setting is currently enabled. {mediaServerName} users with library access do not need to be imported in order to sign in.",
   "components.UserList.newplexsigninenabled": "The <strong>Enable New Plex Sign-In</strong> setting is currently enabled. Plex users with library access do not need to be imported in order to sign in.",
   "components.UserList.noJellyfinuserstoimport": "There are no {mediaServerName} users to import.",
-  "components.UserList.nouserstoimport": "There are no Plex users to import.",
+  "components.UserList.nouserstoimport": "There are no Plex users or profiles to import.",
   "components.UserList.owner": "Owner",
   "components.UserList.password": "Password",
   "components.UserList.passwordinfodescription": "Configure an application URL and enable email notifications to allow automatic password generation.",
   "components.UserList.plexuser": "Plex User",
+  "components.UserList.possibleDuplicate": "Possible duplicate",
+  "components.UserList.profile": "Profile",
   "components.UserList.role": "Role",
+  "components.UserList.skippedProfilesDuplicates": "{count, plural, one {# profile was} other {# profiles were}} skipped due to duplicates.",
+  "components.UserList.skippedUsersDuplicates": "{count, plural, one {# user was} other {# users were}} skipped due to duplicates.",
   "components.UserList.sortCreated": "Join Date",
   "components.UserList.sortDisplayName": "Display Name",
   "components.UserList.sortRequests": "Request Count",

src/pages/profile/requests.tsx

@@ -1,8 +0,0 @@
-import RequestList from '@app/components/RequestList';
-import type { NextPage } from 'next';
-
-const UserRequestsPage: NextPage = () => {
-  return <RequestList />;
-};
-
-export default UserRequestsPage;

src/pages/settings/notifications/lunasea.tsx

@@ -1,19 +0,0 @@
-import NotificationsLunaSea from '@app/components/Settings/Notifications/NotificationsLunaSea';
-import SettingsLayout from '@app/components/Settings/SettingsLayout';
-import SettingsNotifications from '@app/components/Settings/SettingsNotifications';
-import useRouteGuard from '@app/hooks/useRouteGuard';
-import { Permission } from '@app/hooks/useUser';
-import type { NextPage } from 'next';
-
-const NotificationsPage: NextPage = () => {
-  useRouteGuard(Permission.ADMIN);
-  return (
-    <SettingsLayout>
-      <SettingsNotifications>
-        <NotificationsLunaSea />
-      </SettingsNotifications>
-    </SettingsLayout>
-  );
-};
-
-export default NotificationsPage;