-
#include "base/logger.h"
#include "base/preferences.h"
-#include "base/utils/string.h"
+#include "base/utils/password.h"
#include "apierror.h"
#include "isessionmanager.h"
@@ -58,17 +56,14 @@ void AuthController::loginAction()
, tr("Your IP address has been banned after too many failed authentication attempts."));
}
- const QString username {Preferences::instance()->getWebUiUsername()};
- const QString password {Preferences::instance()->getWebUiPassword()};
+ const Preferences *pref = Preferences::instance();
- QCryptographicHash md5(QCryptographicHash::Md5);
- md5.addData(passwordFromWeb.toLocal8Bit());
- const QString passwordFromWebHashed = md5.result().toHex();
+ const QString username {pref->getWebUiUsername()};
+ const QByteArray secret {pref->getWebUIPassword()};
+ const bool usernameEqual = Utils::Password::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8());
+ const bool passwordEqual = Utils::Password::PBKDF2::verify(secret, passwordFromWeb);
- const bool equalUser = Utils::String::slowEquals(usernameFromWeb.toUtf8(), username.toUtf8());
- const bool equalPass = Utils::String::slowEquals(passwordFromWebHashed.toUtf8(), password.toUtf8());
-
- if (equalUser && equalPass) {
+ if (usernameEqual && passwordEqual) {
m_clientFailedLogins.remove(clientAddr);
sessionManager()->sessionStart();
diff --git a/src/webui/www/private/preferences_content.html b/src/webui/www/private/preferences_content.html
index b9ff22c1b..fd66f593a 100644
--- a/src/webui/www/private/preferences_content.html
+++ b/src/webui/www/private/preferences_content.html
@@ -433,7 +433,8 @@
-
+
+
@@ -980,7 +981,6 @@
// Authentication
$('webui_username_text').setProperty('value', pref.web_ui_username);
- $('webui_password_text').setProperty('value', pref.web_ui_password);
$('bypass_local_auth_checkbox').setProperty('checked', pref.bypass_local_auth);
$('bypass_auth_subnet_whitelist_checkbox').setProperty('checked', pref.bypass_auth_subnet_whitelist_enabled);
$('bypass_auth_subnet_whitelist_textarea').setProperty('value', pref.bypass_auth_subnet_whitelist);
@@ -1264,12 +1264,14 @@
return;
}
var web_ui_password = $('webui_password_text').getProperty('value');
- if (web_ui_password.length < 6) {
+ if ((0 < web_ui_password.length) && (web_ui_password.length < 6)) {
alert("QBT_TR(The Web UI password must be at least 6 characters long.)QBT_TR[CONTEXT=OptionsDialog]");
return;
}
+
settings.set('web_ui_username', web_ui_username);
- settings.set('web_ui_password', web_ui_password);
+ if (web_ui_password.length > 0)
+ settings.set('web_ui_password', web_ui_password);
settings.set('bypass_local_auth', $('bypass_local_auth_checkbox').getProperty('checked'));
settings.set('bypass_auth_subnet_whitelist_enabled', $('bypass_auth_subnet_whitelist_checkbox').getProperty('checked'));
settings.set('bypass_auth_subnet_whitelist', $('bypass_auth_subnet_whitelist_textarea').getProperty('value'));