cmd/syncthing: Accept pre-hashed password in config POST (fixes #4458)
It must be a bcrypt hash. GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4466
This commit is contained in:
parent
62a4106a79
commit
941c9f1531
|
@ -16,6 +16,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
"regexp"
|
||||||
"runtime"
|
"runtime"
|
||||||
"runtime/pprof"
|
"runtime/pprof"
|
||||||
"sort"
|
"sort"
|
||||||
|
@ -43,6 +44,9 @@ import (
|
||||||
|
|
||||||
var (
|
var (
|
||||||
startTime = time.Now()
|
startTime = time.Now()
|
||||||
|
|
||||||
|
// matches a bcrypt hash and not too much else
|
||||||
|
bcryptExpr = regexp.MustCompile(`^\$2[aby]\$\d+\$.{50,}`)
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -790,7 +794,7 @@ func (s *apiService) postSystemConfig(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if to.GUI.Password != s.cfg.GUI().Password {
|
if to.GUI.Password != s.cfg.GUI().Password {
|
||||||
if to.GUI.Password != "" {
|
if to.GUI.Password != "" && !bcryptExpr.MatchString(to.GUI.Password) {
|
||||||
hash, err := bcrypt.GenerateFromPassword([]byte(to.GUI.Password), 0)
|
hash, err := bcrypt.GenerateFromPassword([]byte(to.GUI.Password), 0)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
l.Warnln("bcrypting password:", err)
|
l.Warnln("bcrypting password:", err)
|
||||||
|
|
Loading…
Reference in New Issue