-
-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit app password permissions #1995
Conversation
…users to remove this new limitation if they really need to Signed-off-by: DL6ER <dl6er@dl6er.de>
Co-authored-by: RD WebDesign <github@rdwebdesign.com.br> Signed-off-by: Dominik <DL6ER@users.noreply.github.com>
Signed-off-by: DL6ER <dl6er@dl6er.de>
I think I found a bug here. (Also the web interface won't show this active session as coming from an app password)
|
Signed-off-by: DL6ER <dl6er@dl6er.de>
Ah, yes. Your case is special. The reason is that FTL restarted in between (to add the new DNS server) and sessions restoring from the database had a small copy-paste bug causing the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Somewhere in send_json_error()
must be a type (tab instead of space) between message:
and the actual message.
"error": {
"key": "forbidden",
"message": "Unable to change configuration (read-only)",
"hint": "The current app session is not allowed to modify Pi-hole config settings (webserver.api.app_sudo is false)"
},
Signed-off-by: DL6ER <dl6er@dl6er.de>
Have a look at FTL/src/webserver/http-common.c Lines 23 to 47 in 0367117
where you can also see that the expected (formatted) output has tabs as separators. |
I have |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Signed-off-by: DL6ER <dl6er@dl6er.de>
Conflicts have been resolved. |
What does this implement/fix?
Limit app password permissions by default. Add new
webserver.api.app_sudo
mode for users to remove this new limitation if they really need toRelated issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
git rebase
)Checklist:
developmental
branch.