diff --git a/domain-server/resources/describe-settings.json b/domain-server/resources/describe-settings.json index 58b1df08c1..20d2711743 100644 --- a/domain-server/resources/describe-settings.json +++ b/domain-server/resources/describe-settings.json @@ -372,6 +372,13 @@ "help": "Password used for basic HTTP authentication. Leave this blank if you do not want to change it.", "value-hidden": true }, + { + "name": "verify_http_password", + "label": "Verify HTTP Password", + "type": "password", + "help": "Must match the password entered above for change to be saved.", + "value-hidden": true + }, { "name": "maximum_user_capacity", "label": "Maximum User Capacity", diff --git a/domain-server/resources/web/settings/js/settings.js b/domain-server/resources/web/settings/js/settings.js index c31d6e2dfc..659372267c 100644 --- a/domain-server/resources/web/settings/js/settings.js +++ b/domain-server/resources/web/settings/js/settings.js @@ -904,10 +904,18 @@ function saveSettings() { var formJSON = form2js('settings-form', ".", false, cleanupFormValues, true); // check if we've set the basic http password - if so convert it to base64 + var canPost = true; if (formJSON["security"]) { var password = formJSON["security"]["http_password"]; + var verify_password = formJSON["security"]["verify_http_password"]; if (password && password.length > 0) { - formJSON["security"]["http_password"] = sha256_digest(password); + if (password != verify_password) { + bootbox.alert({"message": "Passwords must match!", "title":"Password Error"}); + canPost = false; + } else { + formJSON["security"]["http_password"] = sha256_digest(password); + delete formJSON["security"]["verify_http_password"]; + } } } @@ -923,7 +931,9 @@ function saveSettings() { $(this).blur(); // POST the form JSON to the domain-server settings.json endpoint so the settings are saved - postSettings(formJSON); + if (canPost) { + postSettings(formJSON); + } } $('body').on('click', '.save-button', function(e){