Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if the newly set password is the same as the old one #1994

Merged
merged 2 commits into from
Jun 15, 2024
Merged

Check if the newly set password is the same as the old one #1994

merged 2 commits into from
Jun 15, 2024

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Jun 13, 2024

What does this implement/fix?

This is especially worth adding in the context of forced passwords (via env var) as the password is always "set" on each config change. This PR effectively prevents FTL from wiping all sessions and forcing the user to re-login when changing even settings which are 100% unrelated to the API.

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

@DL6ER
Check if the newly set password is the same as the old one
2406e1a 
Signed-off-by: DL6ER <dl6er@dl6er.de>
@DL6ER DL6ER requested a review from a team June 13, 2024 03:53
yubiuser
yubiuser reviewed Jun 13, 2024
View reviewed changes
src/config/password.c Outdated Show resolved Hide resolved
@rdwebdesign
Copy link
Member

Do we still need this check?

FTL/src/api/config.c

Lines 289 to 294 in 2406e1a

if(strcmp(elem->valuestring, PASSWORD_VALUE) == 0)
{
// Check if password is unchanged (default value set by PASSWORD_VALUE)
log_debug(DEBUG_CONFIG, "Not setting %s (password unchanged)", conf_item->k);
break;
}

@DL6ER
Copy link
Member Author

DL6ER commented Jun 13, 2024

Do we still need this check?

FTL/src/api/config.c

Lines 289 to 294 in 2406e1a

if(strcmp(elem->valuestring, PASSWORD_VALUE) == 0)
{
// Check if password is unchanged (default value set by PASSWORD_VALUE)
log_debug(DEBUG_CONFIG, "Not setting %s (password unchanged)", conf_item->k);
break;
}

Yes, this check serves a totally different purpose: The web interface sets the password field value to PASSWORD_VALUE and when the web interface sends back exactly this string, we assume the password is not to be changed. However. nobody will do this intentionally (outside the web interface) so it isn't concerned with all the changes discussed here.

@DL6ER
Add special handling for systems without password in the password che…
5a6a212 
…cking short-circuiting

Signed-off-by: DL6ER <dl6er@dl6er.de>
@DL6ER DL6ER merged commit 01c5c56 into development-v6 Jun 15, 2024
17 checks passed
@DL6ER DL6ER deleted the fix/env_password branch June 15, 2024 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdwebdesign rdwebdesign rdwebdesign left review comments

@yubiuser yubiuser yubiuser approved these changes

Assignees
No one assigned
Labels
Bugfix Docker issue Pi-hole v6.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DL6ER @rdwebdesign @yubiuser