Browse Source
Trim spaces from admin token during authentication and validate that the admin panel token is not empty
pull/437/head
Daniel García
6 years ago
No known key found for this signature in database
GPG Key ID: FC8A7D14C3CD543A
2 changed files with
7 additions and
1 deletions
-
src/api/admin.rs
-
src/config.rs
|
|
|
@ -89,7 +89,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) - |
|
|
|
fn _validate_token(token: &str) -> bool { |
|
|
|
match CONFIG.admin_token().as_ref() { |
|
|
|
None => false, |
|
|
|
Some(t) => crate::crypto::ct_eq(t, token), |
|
|
|
Some(t) => crate::crypto::ct_eq(t.trim(), token.trim()), |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@ -317,6 +317,12 @@ make_config! { |
|
|
|
} |
|
|
|
|
|
|
|
fn validate_config(cfg: &ConfigItems) -> Result<(), Error> { |
|
|
|
if let Some(ref token) = cfg.admin_token { |
|
|
|
if token.trim().is_empty() { |
|
|
|
err!("`ADMIN_TOKEN` is enabled but has an empty value. To enable the admin page without token, use `DISABLE_ADMIN_TOKEN`") |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() { |
|
|
|
err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` need to be set for Yubikey OTP support") |
|
|
|
} |
|
|
|
|
