Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cmd/syncthing: Accept pre-hashed password in config POST (fixes #4458) 

It must be a bcrypt hash.

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4466
This commit is contained in:
Jakob Borg 2017-11-06 14:22:10 +00:00
parent 62a4106a79
commit 941c9f1531
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/syncthing/gui.go
View File

@ -16,6 +16,7 @@ import (
"os"
"path/filepath"
"reflect"
"regexp"
"runtime"
"runtime/pprof"
"sort"
@ -43,6 +44,9 @@ import (
var (
startTime = time.Now()
// matches a bcrypt hash and not too much else
bcryptExpr = regexp.MustCompile(`^\$2[aby]\$\d+\$.{50,}`)
)
const (
@ -790,7 +794,7 @@ func (s *apiService) postSystemConfig(w http.ResponseWriter, r *http.Request) {
}
if to.GUI.Password != s.cfg.GUI().Password {
if to.GUI.Password != "" {
if to.GUI.Password != "" && !bcryptExpr.MatchString(to.GUI.Password) {
hash, err := bcrypt.GenerateFromPassword([]byte(to.GUI.Password), 0)
if err != nil {
l.Warnln("bcrypting password:", err)