Browse Source

- Store Web UI password as md5

adaptive-webui-19844
Christophe Dumez 15 years ago
parent
commit
d3687fd863
  1. 1
      Changelog
  2. 28
      src/httpserver.cpp
  3. 5
      src/httpserver.h
  4. 3
      src/options_imp.cpp
  5. 33
      src/preferences.h

1
Changelog

@ -45,6 +45,7 @@
- WEB UI: Added internationalization support - WEB UI: Added internationalization support
- WEB UI: Reduced computation in Javascript (do this one server side instead) - WEB UI: Reduced computation in Javascript (do this one server side instead)
- WEB UI: Fixed Transfer list flickering - WEB UI: Fixed Transfer list flickering
- WEB UI: Password is now stored as md5
- I18N: Added Serbian translation (By Anaximandar Milet) - I18N: Added Serbian translation (By Anaximandar Milet)
- COSMETIC: Merged download / upload lists - COSMETIC: Merged download / upload lists
- COSMETIC: Torrents can be filtered based on their status - COSMETIC: Torrents can be filtered based on their status

28
src/httpserver.cpp

@ -33,11 +33,13 @@
#include "httpconnection.h" #include "httpconnection.h"
#include "eventmanager.h" #include "eventmanager.h"
#include "bittorrent.h" #include "bittorrent.h"
#include "preferences.h"
#include <QTimer> #include <QTimer>
#include <QCryptographicHash>
HttpServer::HttpServer(Bittorrent *_BTSession, int msec, QObject* parent) : QTcpServer(parent) HttpServer::HttpServer(Bittorrent *_BTSession, int msec, QObject* parent) : QTcpServer(parent) {
{ username = Preferences::getWebUiUsername().toLocal8Bit();
base64 = QByteArray(":").toBase64(); password_md5 = Preferences::getWebUiPassword().toLocal8Bit();
connect(this, SIGNAL(newConnection()), this, SLOT(newHttpConnection())); connect(this, SIGNAL(newConnection()), this, SLOT(newHttpConnection()));
BTSession = _BTSession; BTSession = _BTSession;
manager = new EventManager(this, BTSession); manager = new EventManager(this, BTSession);
@ -110,15 +112,21 @@ void HttpServer::onTimer() {
} }
} }
void HttpServer::setAuthorization(QString username, QString password) void HttpServer::setAuthorization(QString _username, QString _password_md5) {
{ username = _username.toLocal8Bit();
QString cat = username + ":" + password; password_md5 = _password_md5.toLocal8Bit();
base64 = QByteArray(cat.toLocal8Bit()).toBase64();
} }
bool HttpServer::isAuthorized(QByteArray auth) const bool HttpServer::isAuthorized(QByteArray auth) const {
{ // Decode Auth
return (auth == base64); QByteArray decoded = QByteArray::fromBase64(auth);
QList<QByteArray> creds = decoded.split(':');
if(creds.size() != 2) return false;
QByteArray prop_username = creds.first();
if(prop_username != username) return false;
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(creds.last());
return (password_md5 == md5.result().toHex());
} }
EventManager* HttpServer::eventManager() const EventManager* HttpServer::eventManager() const

5
src/httpserver.h

@ -44,7 +44,8 @@ class HttpServer : public QTcpServer {
Q_OBJECT Q_OBJECT
private: private:
QByteArray base64; QByteArray username;
QByteArray password_md5;
Bittorrent *BTSession; Bittorrent *BTSession;
EventManager *manager; EventManager *manager;
QTimer *timer; QTimer *timer;
@ -52,7 +53,7 @@ class HttpServer : public QTcpServer {
public: public:
HttpServer(Bittorrent *BTSession, int msec, QObject* parent = 0); HttpServer(Bittorrent *BTSession, int msec, QObject* parent = 0);
~HttpServer(); ~HttpServer();
void setAuthorization(QString username, QString password); void setAuthorization(QString username, QString password_md5);
bool isAuthorized(QByteArray auth) const; bool isAuthorized(QByteArray auth) const;
EventManager *eventManager() const; EventManager *eventManager() const;

3
src/options_imp.cpp

@ -465,7 +465,8 @@ void options_imp::saveOptions(){
{ {
settings.setValue("Port", webUiPort()); settings.setValue("Port", webUiPort());
settings.setValue("Username", webUiUsername()); settings.setValue("Username", webUiUsername());
settings.setValue("Password", webUiPassword()); // FIXME: Check that the password is valid (not empty at least)
Preferences::setWebUiPassword(webUiPassword());
} }
// End Web UI // End Web UI
settings.endGroup(); settings.endGroup();

33
src/preferences.h

@ -32,6 +32,7 @@
#define PREFERENCES_H #define PREFERENCES_H
#include <QSettings> #include <QSettings>
#include <QCryptographicHash>
#include <QPair> #include <QPair>
#include <QDir> #include <QDir>
@ -456,12 +457,40 @@ public:
static QString getWebUiUsername() { static QString getWebUiUsername() {
QSettings settings("qBittorrent", "qBittorrent"); QSettings settings("qBittorrent", "qBittorrent");
return settings.value("Preferences/WebUI/Username", "user").toString(); return settings.value("Preferences/WebUI/Username", "admin").toString();
}
static void setWebUiPassword(QString new_password) {
// Get current password md5
QString current_pass_md5 = getWebUiPassword();
// Check if password did not change
if(current_pass_md5 == new_password) return;
// Encode to md5 and save
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(new_password.toLocal8Bit());
QSettings settings("qBittorrent", "qBittorrent");
settings.setValue("Preferences/WebUI/Password_md5", md5.result().toHex());
} }
static QString getWebUiPassword() { static QString getWebUiPassword() {
QSettings settings("qBittorrent", "qBittorrent"); QSettings settings("qBittorrent", "qBittorrent");
return settings.value("Preferences/WebUI/Password", "").toString(); // Here for backward compatiblity
if(settings.contains("Preferences/WebUI/Password")) {
QString clear_pass = settings.value("Preferences/WebUI/Password", "adminadmin").toString();
settings.remove("Preferences/WebUI/Password");
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(clear_pass.toLocal8Bit());
QString pass_md5(md5.result().toHex());
settings.setValue("Preferences/WebUI/Password_md5", pass_md5);
return pass_md5;
}
QString pass_md5 = settings.value("Preferences/WebUI/Password_md5", "").toString();
if(pass_md5.isEmpty()) {
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData("adminadmin");
pass_md5 = md5.result().toHex();
}
return pass_md5;
} }
}; };

Loading…
Cancel
Save