gui, lib/api: Use effective listen address for no auth warning

This adds a field `guiAddressUsed` to the system status response, that
holds the current listening address actually in use. This may be
different from the one stored in the config because it may have been
overridden by environment or command line flag.

The GUI now checks this field to see if we are listening on localhost.
If we are not, the authentication required warning is displayed,
regardless of the *configured* listening address.
This commit is contained in:
Jakob Borg 2019-09-20 15:22:24 +01:00
parent 7bcdc5b08e
commit c0b5a70ce3
2 changed files with 24 additions and 9 deletions

View File

@ -386,15 +386,7 @@ angular.module('syncthing.core')
}); });
}); });
// If we're not listening on localhost, and there is no refreshNoAuthWarning();
// authentication configured, and the magic setting to silence the
// warning isn't set, then yell at the user.
var guiCfg = $scope.config.gui;
$scope.openNoAuth = guiCfg.address.substr(0, 4) !== "127."
&& guiCfg.address.substr(0, 6) !== "[::1]:"
&& (!guiCfg.user || !guiCfg.password)
&& guiCfg.authMode !== 'ldap'
&& !guiCfg.insecureAdminAccess;
if (!hasConfig) { if (!hasConfig) {
$scope.$emit('ConfigLoaded'); $scope.$emit('ConfigLoaded');
@ -427,10 +419,32 @@ angular.module('syncthing.core')
} }
} }
$scope.discoveryFailed = discoveryFailed; $scope.discoveryFailed = discoveryFailed;
refreshNoAuthWarning();
console.log("refreshSystem", data); console.log("refreshSystem", data);
}).error($scope.emitHTTPError); }).error($scope.emitHTTPError);
} }
function refreshNoAuthWarning() {
if (!$scope.system || !$scope.config) {
// We need both to be able to determine the state.
return
}
// If we're not listening on localhost, and there is no
// authentication configured, and the magic setting to silence the
// warning isn't set, then yell at the user.
var addr = $scope.system.guiAddressUsed;
var guiCfg = $scope.config.gui;
$scope.openNoAuth = addr.substr(0, 4) !== "127."
&& addr.substr(0, 6) !== "[::1]:"
&& (!guiCfg.user || !guiCfg.password)
&& guiCfg.authMode !== 'ldap'
&& !guiCfg.insecureAdminAccess;
}
function refreshDiscoveryCache() { function refreshDiscoveryCache() {
$http.get(urlbase + '/system/discovery').success(function (data) { $http.get(urlbase + '/system/discovery').success(function (data) {
for (var device in data) { for (var device in data) {

View File

@ -913,6 +913,7 @@ func (s *service) getSystemStatus(w http.ResponseWriter, r *http.Request) {
res["uptime"] = s.urService.UptimeS() res["uptime"] = s.urService.UptimeS()
res["startTime"] = ur.StartTime res["startTime"] = ur.StartTime
res["guiAddressOverridden"] = s.cfg.GUI().IsOverridden() res["guiAddressOverridden"] = s.cfg.GUI().IsOverridden()
res["guiAddressUsed"] = s.cfg.GUI().Address()
sendJSON(w, res) sendJSON(w, res)
} }