Mercurial > libervia-web
changeset 471:de039f008333
server side: added config only option empty_password_allowed_warning_dangerous_list, which allow to connect with a profile with empty password. /!\ MUST not be used if Libervia is accessible from outside, this option is mainly useful for developpers.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Tue, 10 Jun 2014 15:59:52 +0200 |
| parents | 34ce41e014c4 |
| children | 42c8e91af048 |
| files | src/server/server.py |
| diffstat | 1 files changed, 4 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/server/server.py Tue Jun 10 15:38:47 2014 +0200 +++ b/src/server/server.py Tue Jun 10 15:59:52 2014 +0200 @@ -631,9 +631,10 @@ raise Exception('No profile_key allowed') profile_check = self.sat_host.bridge.getProfileName(login_) - if not profile_check or profile_check != login_ or not password_: + if ((not profile_check or profile_check != login_) or + (not password_ and profile_check not in self.sat_host.empty_password_allowed_warning_dangerous_list)): + return "PROFILE AUTH ERROR" # profiles with empty passwords are restricted to local frontends - return "PROFILE AUTH ERROR" if login_ in self.profiles_waiting: return "ALREADY WAITING" @@ -1015,7 +1016,7 @@ ['passphrase', 'k', '', _(u"Passphrase for the SàT profile named '%s'") % C.SERVICE_PROFILE, str], ['data_dir', 'd', DATA_DIR_DEFAULT, _(u'Data directory for Libervia'), coerceDataDir], ] # options which are in sat.conf and on command line, see https://twistedmatrix.com/documents/current/api/twisted.python.usage.Options.html - OPT_PARAMETERS_CFG = [] # Options which are in sat.conf only + OPT_PARAMETERS_CFG = [['empty_password_allowed_warning_dangerous_list', None, '', None]] # Options which are in sat.conf only def __init__(self, *args, **kwargs): self.initialised = defer.Deferred()