d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Apply PBKDF2 when storing passwords

adaptive-webui-19844
Chocobo1 6 years ago
parent
8a6cac8338
commit
05d6a29416
No known key found for this signature in database
GPG Key ID: 210D9C873253A68C
14 changed files with 208 additions and 70 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/app/application.cpp
  2. 2
      src/base/CMakeLists.txt
  3. 2
      src/base/base.pri
  4. 24
      src/base/preferences.cpp
  5. 4
      src/base/preferences.h
  6. 120
      src/base/utils/password.cpp
  7. 51
      src/base/utils/password.h
  8. 15
      src/base/utils/string.cpp
  9. 7
      src/base/utils/string.h
  10. 7
      src/gui/optionsdialog.cpp
  11. 9
      src/gui/optionsdialog.ui
  12. 4
      src/webui/api/appcontroller.cpp
  13. 19
      src/webui/api/authcontroller.cpp
  14. 8
      src/webui/www/private/preferences_content.html

4
src/app/application.cpp
Unescape View File

@ -525,8 +525,8 @@ int Application::exec(const QStringList &params)
.arg(QString("http://localhost:") + QString::number(pref->getWebUiPort())) + '\n' .arg(QString("http://localhost:") + QString::number(pref->getWebUiPort())) + '\n'
+ tr("The Web UI administrator user name is: %1").arg(pref->getWebUiUsername()) + '\n'; + tr("The Web UI administrator user name is: %1").arg(pref->getWebUiUsername()) + '\n';
printf("%s", qUtf8Printable(mesg)); printf("%s", qUtf8Printable(mesg));
qDebug() << "Password:" << pref->getWebUiPassword();
if (pref->getWebUiPassword() == "f6fdffe48c908deb0f4c3bd36c032e72") { if (pref->getWebUIPassword() == "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==") {
const QString warning = tr("The Web UI administrator password is still the default one: %1").arg("adminadmin") + '\n' const QString warning = tr("The Web UI administrator password is still the default one: %1").arg("adminadmin") + '\n'
+ tr("This is a security risk, please consider changing your password from program preferences.") + '\n'; + tr("This is a security risk, please consider changing your password from program preferences.") + '\n';
printf("%s", qUtf8Printable(warning)); printf("%s", qUtf8Printable(warning));

2
src/base/CMakeLists.txt
Unescape View File

@ -54,6 +54,7 @@ utils/fs.h
utils/gzip.h utils/gzip.h
utils/misc.h utils/misc.h
utils/net.h utils/net.h
utils/password.h
utils/random.h utils/random.h
utils/string.h utils/string.h
utils/version.h utils/version.h
@ -123,6 +124,7 @@ utils/fs.cpp
utils/gzip.cpp utils/gzip.cpp
utils/misc.cpp utils/misc.cpp
utils/net.cpp utils/net.cpp
utils/password.cpp
utils/random.cpp utils/random.cpp
utils/string.cpp utils/string.cpp
asyncfilestorage.cpp asyncfilestorage.cpp

2
src/base/base.pri
Unescape View File

@ -69,6 +69,7 @@ HEADERS += \
$$PWD/utils/gzip.h \ $$PWD/utils/gzip.h \
$$PWD/utils/misc.h \ $$PWD/utils/misc.h \
$$PWD/utils/net.h \ $$PWD/utils/net.h \
$$PWD/utils/password.h \
$$PWD/utils/random.h \ $$PWD/utils/random.h \
$$PWD/utils/string.h \ $$PWD/utils/string.h \
$$PWD/utils/version.h $$PWD/utils/version.h
@ -133,5 +134,6 @@ SOURCES += \
$$PWD/utils/gzip.cpp \ $$PWD/utils/gzip.cpp \
$$PWD/utils/misc.cpp \ $$PWD/utils/misc.cpp \
$$PWD/utils/net.cpp \ $$PWD/utils/net.cpp \
$$PWD/utils/password.cpp \
$$PWD/utils/random.cpp \ $$PWD/utils/random.cpp \
$$PWD/utils/string.cpp $$PWD/utils/string.cpp

24
src/base/preferences.cpp
Unescape View File

@ -582,28 +582,16 @@ void Preferences::setWebUiUsername(const QString &username)
setValue("Preferences/WebUI/Username", username); setValue("Preferences/WebUI/Username", username);
} }
QString Preferences::getWebUiPassword() const QByteArray Preferences::getWebUIPassword() const
{ {
QString passHa1 = value("Preferences/WebUI/Password_ha1").toString(); // default: adminadmin
if (passHa1.isEmpty()) { const QByteArray defaultValue = "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==";
QCryptographicHash md5(QCryptographicHash::Md5); return value("Preferences/WebUI/Password_PBKDF2", defaultValue).toByteArray();
md5.addData("adminadmin");
passHa1 = md5.result().toHex();
}
return passHa1;
} }
void Preferences::setWebUiPassword(const QString &newPassword) void Preferences::setWebUIPassword(const QByteArray &password)
{ {
// Do not overwrite current password with its hash setValue("Preferences/WebUI/Password_PBKDF2", password);
if (newPassword == getWebUiPassword())
return;
// Encode to md5 and save
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(newPassword.toLocal8Bit());
setValue("Preferences/WebUI/Password_ha1", md5.result().toHex());
} }
bool Preferences::isWebUiClickjackingProtectionEnabled() const bool Preferences::isWebUiClickjackingProtectionEnabled() const

4
src/base/preferences.h
Unescape View File

@ -193,8 +193,8 @@ public:
void setWebUiAuthSubnetWhitelist(QStringList subnets); void setWebUiAuthSubnetWhitelist(QStringList subnets);
QString getWebUiUsername() const; QString getWebUiUsername() const;
void setWebUiUsername(const QString &username); void setWebUiUsername(const QString &username);
QString getWebUiPassword() const; QByteArray getWebUIPassword() const;
void setWebUiPassword(const QString &newPassword); void setWebUIPassword(const QByteArray &password);
// WebUI security // WebUI security
bool isWebUiClickjackingProtectionEnabled() const; bool isWebUiClickjackingProtectionEnabled() const;

120
src/base/utils/password.cpp
Unescape View File

@ -0,0 +1,120 @@
/*
* Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* In addition, as a special exception, the copyright holders give permission to
* link this program with the OpenSSL project's "OpenSSL" library (or with
* modified versions of it that use the same license as the "OpenSSL" library),
* and distribute the linked executables. You must obey the GNU General Public
* License in all respects for all of the code used other than "OpenSSL". If you
* modify file(s), you may extend this exception to your version of the file(s),
* but you are not obligated to do so. If you do not wish to do so, delete this
* exception statement from your version.
*/
#include "password.h"
#include <array>
#include <openssl/evp.h>
#include <QByteArray>
#include <QList>
#include <QString>
#include "bytearray.h"
#include "random.h"
#include "string.h"
namespace Utils
{
namespace Password
{
namespace PBKDF2
{
const int hashIterations = 100000;
const auto hashMethod = EVP_sha512();
}
}
}
// Implements constant-time comparison to protect against timing attacks
// Taken from https://crackstation.net/hashing-security.htm
bool Utils::Password::slowEquals(const QByteArray &a, const QByteArray &b)
{
const int lengthA = a.length();
const int lengthB = b.length();
int diff = lengthA ^ lengthB;
for (int i = 0; (i < lengthA) && (i < lengthB); ++i)
diff |= a[i] ^ b[i];
return (diff == 0);
}
QByteArray Utils::Password::PBKDF2::generate(const QString &password)
{
return generate(password.toUtf8());
}
QByteArray Utils::Password::PBKDF2::generate(const QByteArray &password)
{
const std::array<uint32_t, 4> salt {{Random::rand(), Random::rand()
, Random::rand(), Random::rand()}};
std::array<unsigned char, 64> outBuf {};
const int hmacResult = PKCS5_PBKDF2_HMAC(password.constData(), password.size()
, reinterpret_cast<const unsigned char *>(salt.data()), (sizeof(salt[0]) * salt.size())
, hashIterations, hashMethod
, outBuf.size(), outBuf.data());
if (hmacResult != 1)
return {};
const QByteArray saltView = QByteArray::fromRawData(
reinterpret_cast<const char *>(salt.data()), (sizeof(salt[0]) * salt.size()));
const QByteArray outBufView = QByteArray::fromRawData(
reinterpret_cast<const char *>(outBuf.data()), outBuf.size());
return (saltView.toBase64() + ':' + outBufView.toBase64());
}
bool Utils::Password::PBKDF2::verify(const QByteArray &secret, const QString &password)
{
return verify(secret, password.toUtf8());
}
bool Utils::Password::PBKDF2::verify(const QByteArray &secret, const QByteArray &password)
{
const QList<QByteArray> list = ByteArray::splitToViews(secret, ":", QString::SkipEmptyParts);
if (list.size() != 2)
return false;
const QByteArray salt = QByteArray::fromBase64(list[0]);
const QByteArray key = QByteArray::fromBase64(list[1]);
std::array<unsigned char, 64> outBuf {};
const int hmacResult = PKCS5_PBKDF2_HMAC(password.constData(), password.size()
, reinterpret_cast<const unsigned char *>(salt.constData()), salt.size()
, hashIterations, hashMethod
, outBuf.size(), outBuf.data());
if (hmacResult != 1)
return false;
const QByteArray outBufView = QByteArray::fromRawData(
reinterpret_cast<const char *>(outBuf.data()), outBuf.size());
return slowEquals(key, outBufView);
}

51
src/base/utils/password.h
Unescape View File

@ -0,0 +1,51 @@
/*
* Bittorrent Client using Qt and libtorrent.
* Copyright (C) 2018 Mike Tzou (Chocobo1)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* In addition, as a special exception, the copyright holders give permission to
* link this program with the OpenSSL project's "OpenSSL" library (or with
* modified versions of it that use the same license as the "OpenSSL" library),
* and distribute the linked executables. You must obey the GNU General Public
* License in all respects for all of the code used other than "OpenSSL". If you
* modify file(s), you may extend this exception to your version of the file(s),
* but you are not obligated to do so. If you do not wish to do so, delete this
* exception statement from your version.
*/
#pragma once
class QByteArray;
class QString;
namespace Utils
{
namespace Password
{
// Implements constant-time comparison to protect against timing attacks
// Taken from https://crackstation.net/hashing-security.htm
bool slowEquals(const QByteArray &a, const QByteArray &b);
namespace PBKDF2
{
QByteArray generate(const QString &password);
QByteArray generate(const QByteArray &password);
bool verify(const QByteArray &secret, const QString &password);
bool verify(const QByteArray &secret, const QByteArray &password);
}
}
}

15
src/base/utils/string.cpp
Unescape View File

@ -31,7 +31,6 @@
#include <cmath> #include <cmath>
#include <QByteArray>
#include <QCollator> #include <QCollator>
#include <QLocale> #include <QLocale>
#include <QRegExp> #include <QRegExp>
@ -164,20 +163,6 @@ QString Utils::String::fromDouble(double n, int precision)
return QLocale::system().toString(std::floor(n * prec) / prec, 'f', precision); return QLocale::system().toString(std::floor(n * prec) / prec, 'f', precision);
} }
// Implements constant-time comparison to protect against timing attacks
// Taken from https://crackstation.net/hashing-security.htm
bool Utils::String::slowEquals(const QByteArray &a, const QByteArray &b)
{
int lengthA = a.length();
int lengthB = b.length();
int diff = lengthA ^ lengthB;
for (int i = 0; (i < lengthA) && (i < lengthB); ++i)
diff |= a[i] ^ b[i];
return (diff == 0);
}
// This is marked as internal in QRegExp.cpp, but is exported. The alternative would be to // This is marked as internal in QRegExp.cpp, but is exported. The alternative would be to
// copy the code from QRegExp::wc2rx(). // copy the code from QRegExp::wc2rx().
QString qt_regexp_toCanonical(const QString &pattern, QRegExp::PatternSyntax patternSyntax); QString qt_regexp_toCanonical(const QString &pattern, QRegExp::PatternSyntax patternSyntax);

7
src/base/utils/string.h
Unescape View File

@ -30,10 +30,9 @@
#ifndef UTILS_STRING_H #ifndef UTILS_STRING_H
#define UTILS_STRING_H #define UTILS_STRING_H
#include <QLatin1String>
#include <QString> #include <QString>
class QByteArray;
class QLatin1String;
class TriStateBool; class TriStateBool;
namespace Utils namespace Utils
@ -42,10 +41,6 @@ namespace Utils
{ {
QString fromDouble(double n, int precision); QString fromDouble(double n, int precision);
// Implements constant-time comparison to protect against timing attacks
// Taken from https://crackstation.net/hashing-security.htm
bool slowEquals(const QByteArray &a, const QByteArray &b);
int naturalCompare(const QString &left, const QString &right, const Qt::CaseSensitivity caseSensitivity); int naturalCompare(const QString &left, const QString &right, const Qt::CaseSensitivity caseSensitivity);
template <Qt::CaseSensitivity caseSensitivity> template <Qt::CaseSensitivity caseSensitivity>
bool naturalLessThan(const QString &left, const QString &right) bool naturalLessThan(const QString &left, const QString &right)

7
src/gui/optionsdialog.cpp
Unescape View File

@ -59,6 +59,7 @@
#include "base/torrentfileguard.h" #include "base/torrentfileguard.h"
#include "base/unicodestrings.h" #include "base/unicodestrings.h"
#include "base/utils/fs.h" #include "base/utils/fs.h"
#include "base/utils/password.h"
#include "base/utils/random.h" #include "base/utils/random.h"
#include "addnewtorrentdialog.h" #include "addnewtorrentdialog.h"
#include "advancedsettings.h" #include "advancedsettings.h"
@ -728,7 +729,8 @@ void OptionsDialog::saveOptions()
} }
// Authentication // Authentication
pref->setWebUiUsername(webUiUsername()); pref->setWebUiUsername(webUiUsername());
pref->setWebUiPassword(webUiPassword()); if (!webUiPassword().isEmpty())
pref->setWebUIPassword(Utils::Password::PBKDF2::generate(webUiPassword()));
pref->setWebUiLocalAuthEnabled(!m_ui->checkBypassLocalAuth->isChecked()); pref->setWebUiLocalAuthEnabled(!m_ui->checkBypassLocalAuth->isChecked());
pref->setWebUiAuthSubnetWhitelistEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked()); pref->setWebUiAuthSubnetWhitelistEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
// Security // Security
@ -1090,7 +1092,6 @@ void OptionsDialog::loadOptions()
setSslCertificate(pref->getWebUiHttpsCertificate()); setSslCertificate(pref->getWebUiHttpsCertificate());
setSslKey(pref->getWebUiHttpsKey()); setSslKey(pref->getWebUiHttpsKey());
m_ui->textWebUiUsername->setText(pref->getWebUiUsername()); m_ui->textWebUiUsername->setText(pref->getWebUiUsername());
m_ui->textWebUiPassword->setText(pref->getWebUiPassword());
m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled()); m_ui->checkBypassLocalAuth->setChecked(!pref->isWebUiLocalAuthEnabled());
m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled()); m_ui->checkBypassAuthSubnetWhitelist->setChecked(pref->isWebUiAuthSubnetWhitelistEnabled());
m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked()); m_ui->IPSubnetWhitelistButton->setEnabled(m_ui->checkBypassAuthSubnetWhitelist->isChecked());
@ -1743,7 +1744,7 @@ bool OptionsDialog::webUIAuthenticationOk()
QMessageBox::warning(this, tr("Length Error"), tr("The Web UI username must be at least 3 characters long.")); QMessageBox::warning(this, tr("Length Error"), tr("The Web UI username must be at least 3 characters long."));
return false; return false;
} }
if (webUiPassword().length() < 6) { if (!webUiPassword().isEmpty() && (webUiPassword().length() < 6)) {
QMessageBox::warning(this, tr("Length Error"), tr("The Web UI password must be at least 6 characters long.")); QMessageBox::warning(this, tr("Length Error"), tr("The Web UI password must be at least 6 characters long."));
return false; return false;
} }

9
src/gui/optionsdialog.ui
Unescape View File

@ -3074,15 +3074,12 @@ Specify an IPv4 or IPv6 address. You can specify &quot;0.0.0.0&quot; for any IPv
</item> </item>
<item row="3" column="1"> <item row="3" column="1">
<widget class="QLineEdit" name="textWebUiPassword"> <widget class="QLineEdit" name="textWebUiPassword">
<property name="text">
<string/>
</property>
<property name="maxLength">
<number>1000</number>
</property>
<property name="echoMode"> <property name="echoMode">
<enum>QLineEdit::Password</enum> <enum>QLineEdit::Password</enum>
</property> </property>
<property name="placeholderText">
<string>Change current password</string>
</property>
</widget> </widget>
</item> </item>
<item row="4" column="0" colspan="2"> <item row="4" column="0" colspan="2">

4
src/webui/api/appcontroller.cpp
Unescape View File

@ -54,6 +54,7 @@
#include "base/scanfoldersmodel.h" #include "base/scanfoldersmodel.h"
#include "base/utils/fs.h" #include "base/utils/fs.h"
#include "base/utils/net.h" #include "base/utils/net.h"
#include "base/utils/password.h"
#include "../webapplication.h" #include "../webapplication.h"
void AppController::webapiVersionAction() void AppController::webapiVersionAction()
@ -198,7 +199,6 @@ void AppController::preferencesAction()
data["ssl_cert"] = QString::fromLatin1(pref->getWebUiHttpsCertificate()); data["ssl_cert"] = QString::fromLatin1(pref->getWebUiHttpsCertificate());
// Authentication // Authentication
data["web_ui_username"] = pref->getWebUiUsername(); data["web_ui_username"] = pref->getWebUiUsername();
data["web_ui_password"] = pref->getWebUiPassword();
data["bypass_local_auth"] = !pref->isWebUiLocalAuthEnabled(); data["bypass_local_auth"] = !pref->isWebUiLocalAuthEnabled();
data["bypass_auth_subnet_whitelist_enabled"] = pref->isWebUiAuthSubnetWhitelistEnabled(); data["bypass_auth_subnet_whitelist_enabled"] = pref->isWebUiAuthSubnetWhitelistEnabled();
QStringList authSubnetWhitelistStringList; QStringList authSubnetWhitelistStringList;
@ -474,7 +474,7 @@ void AppController::setPreferencesAction()
if (m.contains("web_ui_username")) if (m.contains("web_ui_username"))
pref->setWebUiUsername(m["web_ui_username"].toString()); pref->setWebUiUsername(m["web_ui_username"].toString());
if (m.contains("web_ui_password")) if (m.contains("web_ui_password"))
pref->setWebUiPassword(m["web_ui_password"].toString()); pref->setWebUIPassword(Utils::Password::PBKDF2::generate(m["web_ui_password"].toByteArray()));
if (m.contains("bypass_local_auth")) if (m.contains("bypass_local_auth"))
pref->setWebUiLocalAuthEnabled(!m["bypass_local_auth"].toBool()); pref->setWebUiLocalAuthEnabled(!m["bypass_local_auth"].toBool());
if (m.contains("bypass_auth_subnet_whitelist_enabled")) if (m.contains("bypass_auth_subnet_whitelist_enabled"))

19
src/webui/api/authcontroller.cpp
Unescape View File

@ -28,11 +28,9 @@
#include "authcontroller.h" #include "authcontroller.h"
#include <QCryptographicHash>
#include "base/logger.h" #include "base/logger.h"
#include "base/preferences.h" #include "base/preferences.h"
#include "base/utils/string.h" #include "base/utils/password.h"
#include "apierror.h" #include "apierror.h"
#include "isessionmanager.h" #include "isessionmanager.h"
@ -58,17 +56,14 @@ void AuthController::loginAction()
, tr("Your IP address has been banned after too many failed authentication attempts.")); , tr("Your IP address has been banned after too many failed authentication attempts."));
} }
const QString username {Preferences::instance()->getWebUiUsername()}; const Preferences *pref = Preferences::instance();
const QString password {Preferences::instance()->getWebUiPassword()};
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(passwordFromWeb.toLocal8Bit());
const QString passwordFromWebHashed = md5.result().toHex();
const bool equalUser = Utils::String::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8()); const QString username {pref->getWebUiUsername()};
const bool equalPass = Utils::String::slowEquals(passwordFromWebHashed.toUtf8(), password.toUtf8()); const QByteArray secret {pref->getWebUIPassword()};
const bool usernameEqual = Utils::Password::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8());
const bool passwordEqual = Utils::Password::PBKDF2::verify(secret, passwordFromWeb);
if (equalUser && equalPass) { if (usernameEqual && passwordEqual) {
m_clientFailedLogins.remove(clientAddr); m_clientFailedLogins.remove(clientAddr);
sessionManager()->sessionStart(); sessionManager()->sessionStart();

8
src/webui/www/private/preferences_content.html
Unescape View File

@ -433,7 +433,8 @@
<label for="webui_username_text" class="leftLabelSmall">QBT_TR(Username:)QBT_TR[CONTEXT=OptionsDialog]</label><input type="text" id="webui_username_text" /> <label for="webui_username_text" class="leftLabelSmall">QBT_TR(Username:)QBT_TR[CONTEXT=OptionsDialog]</label><input type="text" id="webui_username_text" />
</div> </div>
<div class="formRow"> <div class="formRow">
<label for="webui_password_text" class="leftLabelSmall">QBT_TR(Password:)QBT_TR[CONTEXT=OptionsDialog]</label><input type="password" id="webui_password_text" /> <label for="webui_password_text" class="leftLabelSmall">QBT_TR(Password:)QBT_TR[CONTEXT=OptionsDialog]</label>
<input type="password" id="webui_password_text" placeholder="QBT_TR(Change current password)QBT_TR[CONTEXT=OptionsDialog]" />
</div> </div>
<div class="formRow"> <div class="formRow">
<input type="checkbox" id="bypass_local_auth_checkbox" /> <input type="checkbox" id="bypass_local_auth_checkbox" />
@ -980,7 +981,6 @@
// Authentication // Authentication
$('webui_username_text').setProperty('value', pref.web_ui_username); $('webui_username_text').setProperty('value', pref.web_ui_username);
$('webui_password_text').setProperty('value', pref.web_ui_password);
$('bypass_local_auth_checkbox').setProperty('checked', pref.bypass_local_auth); $('bypass_local_auth_checkbox').setProperty('checked', pref.bypass_local_auth);
$('bypass_auth_subnet_whitelist_checkbox').setProperty('checked', pref.bypass_auth_subnet_whitelist_enabled); $('bypass_auth_subnet_whitelist_checkbox').setProperty('checked', pref.bypass_auth_subnet_whitelist_enabled);
$('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist); $('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
@ -1264,11 +1264,13 @@
return; return;
} }
var web_ui_password = $('webui_password_text').getProperty('value'); var web_ui_password = $('webui_password_text').getProperty('value');
if (web_ui_password.length < 6) { if ((0 < web_ui_password.length) && (web_ui_password.length < 6)) {
alert("QBT_TR(The Web UI password must be at least 6 characters long.)QBT_TR[CONTEXT=OptionsDialog]"); alert("QBT_TR(The Web UI password must be at least 6 characters long.)QBT_TR[CONTEXT=OptionsDialog]");
return; return;
} }
settings.set('web_ui_username', web_ui_username); settings.set('web_ui_username', web_ui_username);
if (web_ui_password.length > 0)
settings.set('web_ui_password', web_ui_password); settings.set('web_ui_password', web_ui_password);
settings.set('bypass_local_auth', $('bypass_local_auth_checkbox').getProperty('checked')); settings.set('bypass_local_auth', $('bypass_local_auth_checkbox').getProperty('checked'));
settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked')); settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));

Write Preview
Loading…
Cancel
Save