Merge pull request #7635 from birarda/master

fix domain-server settings change without password change
2025-04-08 19:23:58 +02:00 · 2016-04-12 12:49:55 -07:00 · 2016-04-12 12:49:55 -07:00 · b952147fca
commit b952147fca
parent 2b63c2a8ba 455d2d5048
2 changed files with 4 additions and 2 deletions
--- a/domain-server/resources/web/settings/js/settings.js
+++ b/domain-server/resources/web/settings/js/settings.js
@ -870,7 +870,7 @@ function saveSettings() {
  // check if we've set the basic http password - if so convert it to base64
  if (formJSON["security"]) {
    var password = formJSON["security"]["http_password"];
-    if (password.length > 0) {
+    if (password && password.length > 0) {
      formJSON["security"]["http_password"] = sha256_digest(password);
    }
  }
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -1678,10 +1678,12 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl
                    // we've pulled a username and password - now check if there is a match in our basic auth hash
                    QString settingsUsername = valueForKeyPath(settingsMap, BASIC_AUTH_USERNAME_KEY_PATH)->toString();
                    const QVariant* settingsPasswordVariant = valueForKeyPath(settingsMap, BASIC_AUTH_PASSWORD_KEY_PATH);
+
                    QString settingsPassword = settingsPasswordVariant ? settingsPasswordVariant->toString() : "";
                    QString hexHeaderPassword = QCryptographicHash::hash(headerPassword.toUtf8(), QCryptographicHash::Sha256).toHex();

-                    if (settingsUsername == headerUsername && hexHeaderPassword == settingsPassword) {
+                    if (settingsUsername == headerUsername
+                        && (settingsPassword.isEmpty() || hexHeaderPassword == settingsPassword)) {
                        return true;
                    }
                }