Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #686 from AudriusButkevicius/auth 

Send the real hash as part of the config (fixes #681)
This commit is contained in:
Jakob Borg 2014-09-14 10:50:17 +02:00
parent 9f9de01c51 c45e3fa4d5
commit 6471ba70e4
1 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
cmd/syncthing/gui.go
View File

@ -45,10 +45,6 @@ var (
eventSub *events.BufferedSubscription eventSub *events.BufferedSubscription
) )
const (
unchangedPassword = "--password-unchanged--"
)
func init() { func init() {
l.AddHandler(logger.LevelWarn, showGuiError) l.AddHandler(logger.LevelWarn, showGuiError)
sub := events.Default.Subscribe(events.AllEvents) sub := events.Default.Subscribe(events.AllEvents)
@ -140,7 +136,7 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
handler = withVersionMiddleware(handler) handler = withVersionMiddleware(handler)
// Wrap everything in basic auth, if user/password is set. // Wrap everything in basic auth, if user/password is set.
if len(cfg.User) > 0 { if len(cfg.User) > 0 && len(cfg.Password) > 0 {
handler = basicAuthAndSessionMiddleware(cfg, handler) handler = basicAuthAndSessionMiddleware(cfg, handler)
} }
@ -274,12 +270,8 @@ func restGetNodeStats(m *model.Model, w http.ResponseWriter, r *http.Request) {
} }
func restGetConfig(w http.ResponseWriter, r *http.Request) { func restGetConfig(w http.ResponseWriter, r *http.Request) {
encCfg := cfg
if encCfg.GUI.Password != "" {
encCfg.GUI.Password = unchangedPassword
}
w.Header().Set("Content-Type", "application/json; charset=utf-8") w.Header().Set("Content-Type", "application/json; charset=utf-8")
json.NewEncoder(w).Encode(encCfg) json.NewEncoder(w).Encode(cfg)
} }
func restPostConfig(m *model.Model, w http.ResponseWriter, r *http.Request) { func restPostConfig(m *model.Model, w http.ResponseWriter, r *http.Request) {
@ -290,18 +282,16 @@ func restPostConfig(m *model.Model, w http.ResponseWriter, r *http.Request) {
http.Error(w, err.Error(), 500) http.Error(w, err.Error(), 500)
return return
} else { } else {
if newCfg.GUI.Password == "" { if newCfg.GUI.Password != cfg.GUI.Password {
// Leave it empty if newCfg.GUI.Password != "" {
} else if newCfg.GUI.Password == unchangedPassword { hash, err := bcrypt.GenerateFromPassword([]byte(newCfg.GUI.Password), 0)
newCfg.GUI.Password = cfg.GUI.Password if err != nil {
} else { l.Warnln("bcrypting password:", err)
hash, err := bcrypt.GenerateFromPassword([]byte(newCfg.GUI.Password), 0) http.Error(w, err.Error(), 500)
if err != nil { return
l.Warnln("bcrypting password:", err) } else {
http.Error(w, err.Error(), 500) newCfg.GUI.Password = string(hash)
return }
} else {
newCfg.GUI.Password = string(hash)
} }
} }