1
0
Fork 0

Trim spaces from admin token during authentication and validate that the admin panel token is not empty

Dieser Commit ist enthalten in:
Daniel García 2019-03-07 20:21:50 +01:00
Ursprung 9e1f030a80
Commit 0718a090e1
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: FC8A7D14C3CD543A
2 geänderte Dateien mit 7 neuen und 1 gelöschten Zeilen

Datei anzeigen

@ -89,7 +89,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
fn _validate_token(token: &str) -> bool { fn _validate_token(token: &str) -> bool {
match CONFIG.admin_token().as_ref() { match CONFIG.admin_token().as_ref() {
None => false, None => false,
Some(t) => crate::crypto::ct_eq(t, token), Some(t) => crate::crypto::ct_eq(t.trim(), token.trim()),
} }
} }

Datei anzeigen

@ -317,6 +317,12 @@ make_config! {
} }
fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
if let Some(ref token) = cfg.admin_token {
if token.trim().is_empty() {
err!("`ADMIN_TOKEN` is enabled but has an empty value. To enable the admin page without token, use `DISABLE_ADMIN_TOKEN`")
}
}
if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() { if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` need to be set for Yubikey OTP support") err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` need to be set for Yubikey OTP support")
} }