From 4308aa5415c0c2aadbada8ac083c71cfb0001d1b Mon Sep 17 00:00:00 2001
From: Michael Peter Christen <mc@yacy.net>
Date: Wed, 25 Oct 2023 22:56:06 +0200
Subject: [PATCH] removed concept of empty passwords as "no passwords used",
 because we now start YaCy with a default password (yacy). This has impact of
 all function that check the current state of password-protection that
 included the empty password situation, including the warnings to set a
 password in case that none is set (which cannot be the case any more).

---
 htroot/ConfigAccounts_p.html                  | 37 ++++++++++---------
 htroot/Status_p.inc                           | 31 +++++++---------
 source/net/yacy/data/TransactionManager.java  | 10 ++---
 source/net/yacy/htroot/ConfigAccounts_p.java  |  7 ++--
 source/net/yacy/htroot/Status.java            | 12 ++----
 source/net/yacy/http/YaCySecurityHandler.java |  5 +--
 source/net/yacy/search/Switchboard.java       | 26 ++-----------
 7 files changed, 49 insertions(+), 79 deletions(-)

diff --git a/htroot/ConfigAccounts_p.html b/htroot/ConfigAccounts_p.html
index f248c5491..c16e5db50 100644
--- a/htroot/ConfigAccounts_p.html
+++ b/htroot/ConfigAccounts_p.html
@@ -8,7 +8,7 @@
     #%env/templates/header.template%#
     #%env/templates/submenuUseCaseAccount.template%#
     <h2>User Administration</h2>
-    
+
     <!-- Page 1: Results -->
     #(text)#
     ::
@@ -26,23 +26,28 @@
     ::
     <p class="error">Username already used (not allowed).</p>
     #(/error)#
-    #(passwordNotSetWarning)#::<div class="error">No password is set for the administration account. Please define a password for the admin account.</div>#(/passwordNotSetWarning)#
+    #(changedfltpw)#::
+    <div class="alert alert-danger" role="alert">
+        <b>WARNING</b> This YaCy instance can be administered with the account "admin" and the default password "yacy". 
+        Change the password as soon as possible!
+    </div>
+    #(/changedfltpw)#
 
     <fieldset><legend>Admin Account</legend>
       <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
-      	  <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
+            <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
           <fieldset>
             <legend>
             <input type="radio" name="access" id="access_localhost" value="localhost"#(localhost.checked)#:: checked="checked"#(/localhost.checked)# />
             <label for="access_localhost">Access from localhost without account</label>
             </legend>
             Access to your peer from your own computer (localhost access) is granted with administrator rights. No need to configure an administration account.
-            	<div class="alert alert-warning" role="alert">
-					This setting is convenient but less secure than using a qualified admin account. 
-					Please use with care, notably when you browse untrusted and potentially malicious websites while running your YaCy peer on the same computer.
-				</div>
+                <div class="alert alert-warning" role="alert">
+                    This setting is convenient but less secure than using a qualified admin account. 
+                    Please use with care, notably when you browse untrusted and potentially malicious websites while running your YaCy peer on the same computer.
+                </div>
             </fieldset>
-            
+
             <fieldset>
             <legend>
             <input type="radio" name="access" id="access_account" value="account"#(account.checked)#:: checked="checked"#(/account.checked)# />
@@ -62,22 +67,22 @@
           </fieldset>
       </form>
     </fieldset>
-    
+
     <fieldset><legend>Access Rules</legend>
       <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
-      		<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
+              <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
             <dl class="userConfig">
               <dt>Protection of all pages: if set to on, access to all pages need authorization; if off, only pages with "_p" extension are protected.</dt>
               <dd><input type="checkbox" name="adminAccountAllPages" data-size="small"#(adminAccountAllPages.checked)#:: checked="checked"#(/adminAccountAllPages.checked)#></dd>
               <script>$("[name='adminAccountAllPages']").bootstrapSwitch();
               $("[name='adminAccountAllPages']").bootstrapSwitch('onText', 'ON');
               $("[name='adminAccountAllPages']").bootstrapSwitch('offText', 'OFF');</script>
-			  <dt></dt>
+              <dt></dt>
               <dd><input type="submit" name="setAccess" value="Set Access Rules" class="btn btn-primary"/></dd>
             </dl>
       </form>
     </fieldset>
-    
+
     <fieldset><legend>User Accounts</legend>
       <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
       <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
@@ -98,7 +103,7 @@
         </dl>
       </fieldset>
     </form>
-    
+
     <form action="ConfigAccounts_p.html" method="post" accept-charset="UTF-8">
       <input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
       <fieldset><legend>Edit current user: #[username]#</legend>
@@ -118,11 +123,9 @@
           <dt><label for="address">Address</label>:</dt>
           <dd><input type="text" id="address" name="address" value="#[address]#" /></dd>
           <dt>Rights:</dt>
-          <dd>
-          	#{rights}#
+          <dd>#{rights}#
             <input type="checkbox" id="#[name]#" name="#[name]#"#(set)#:: checked="checked"#(/set)# /><label for="#[name]#">#[friendlyName]# right</label><br />
-            #{/rights}#
-          </dd>
+          #{/rights}#</dd>
           <dt><label for="tlimit">Timelimit</label>:</dt>
           <dd><input type="text" id="tlimit" name="timelimit" value="#[timelimit]#" /></dd>
           <dt><label for="tused">Time used</label>:</dt>
diff --git a/htroot/Status_p.inc b/htroot/Status_p.inc
index 6c6275622..715b0815c 100644
--- a/htroot/Status_p.inc
+++ b/htroot/Status_p.inc
@@ -14,22 +14,17 @@
     <div>Processors: #[processors]#</div>
     <div>Load: #[load]#</div>
     <div>Threads: #[processesCurrentInclDaemon]#/#[processesCurrentOnlyDaemon]#, peak:#[processesPeak]#, total:#[processesTotal]#</div>
-    
+
     </dd>
     <dt>Protection</dt>
     <dd>#(protection)#
-      <strong>Password is missing.</strong>
+      <strong>Default password is not changed</strong>
+      <a href="ConfigAccounts_p.html">[Configure]</a>
       ::
       password-protected
       #(/protection)#
-
-      #(unrestrictedLocalAccess)#
-      ::
-      <br />Unrestricted access from localhost.
-      #(/unrestrictedLocalAccess)#
-      <a href="ConfigAccounts_p.html">[Configure]</a>
     </dd>
-    
+
     <dt>Address</dt>
     <dd>Host: #[host]#:#[port]# #(extPortFormat)#::| (Binding to interface: #[extPort]#)#(/extPortFormat)# #(sslSupport)#::| SSL: <a href="ConfigBasic.html">enabled</a> (port <a href="Settings_p.html?page=ProxyAccess">#[sslPort]#</a>)#(/sslSupport)#<br />
     #(peerAddress)#
@@ -38,12 +33,12 @@
       Public Address: http://#[address]#<br/>
       YaCy Address: http://#[peername]#.yacy
       #(/peerAddress)#</dd>
-    
+
     #(portForwarding)#::
     <dt>Port Forwarding Host</dt>
     <dd>#[host]#:#[port]# (#(status)#broken::connected#(/status)#)</dd>
     #(/portForwarding)#
-    
+
     <dt>Proxy</dt>
     <dd>Transparent <a href="Settings_p.html?page=ProxyAccess">#(info_isTransparentProxy)#on::off#(/info_isTransparentProxy)#</a>&nbsp;&nbsp;
         URL <a href="Settings_p.html?page=UrlProxyAccess">#(info_proxyURL)#on::off#(/info_proxyURL)#</a></dd>
@@ -56,7 +51,7 @@
     Enabled <a href="Status.html?popup=false">[Disable]</a>
     #(/popup)#
     </dd>
-    
+
     <dt>Tray-Icon</dt>
     <dd>
     #(tray)#
@@ -67,7 +62,7 @@
     <a href="ConfigProperties_p.html" onclick="alert('Set\ntray.icon.force = true\n\nWARNING:\nYou do this on your own risk. If you do this without YaCy running on a desktop-pc, this will possibly break startup. In this case, you will have to edit the configuration manually in DATA/SETTINGS/yacy.conf');">Experimental</a>
     #(/tray)#
     </dd>
-      
+
     <dt><a href="PerformanceMemory_p.html">Memory Usage</a></dt>
     <dd><table border="0" cellspacing="0">
     <tr><td>RAM used:</td><td align="right">#[usedMemory]#</td></tr>
@@ -75,13 +70,13 @@
     <tr><td>DISK used:</td><td align="right">(approx.) #[usedDisk]#</td></tr>
     <tr><td>DISK free:</td><td align="right">#[freeDisk]#</td></tr>
     </table></dd>
-    
+
     <dt>Traffic [<a href="Status.html?ResetTraffic=">Reset</a>]</dt>
     <dd>Proxy: #[trafficProxy]#<br/>Crawler: #[trafficCrawler]#</dd>
-    
+
     <dt><a href="Connections_p.html">Incoming Connections</a></dt>
     <dd>Active: #[connectionsActive]# | Max: <a href="PerformanceQueues_p.html#ThreadPoolSettings">#[connectionsMax]#</a></dd>
-    
+
     <dt><a href="Crawler_p.html">Queues</a></dt>
     <dd>
     <a href="IndexCreateLoaderQueue_p.html">Loader Queue</a>:
@@ -110,7 +105,7 @@
       </tr>  
       </table>
     </dd>
-    
+
     <dt>Seed server</dt>
     <dd>
     #(seedServer)#
@@ -124,7 +119,7 @@
       Last upload: #[lastUpload]# ago.
     #(/seedServer)#
     </dd>
-    
+
   </dl>
 </fieldset>
 </div>
\ No newline at end of file
diff --git a/source/net/yacy/data/TransactionManager.java b/source/net/yacy/data/TransactionManager.java
index 114ca31fc..c0e12fc7d 100644
--- a/source/net/yacy/data/TransactionManager.java
+++ b/source/net/yacy/data/TransactionManager.java
@@ -63,18 +63,14 @@ public class TransactionManager {
      */
     private static String getUserName(final RequestHeader header) {
         String userName = header.getRemoteUser();
+        if (userName == null) userName = "admin"; // set a default to be able to create a transaction token
         Switchboard sb = Switchboard.getSwitchboard();
 
         if (sb != null) {
             final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
             final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
-            if (adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount)) {
-                // admin users with empty passwords do not need to authentify, thus do not have
-                // this header present. We just consider the name is "admin"
-                userName = adminAccountUserName;
-            }
 
-            if (userName == null && header.accessFromLocalhost()) {
+            if (header.accessFromLocalhost()) {
 
                 if (sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
                     /* Unauthenticated local access as administrator can be enabled */
@@ -134,7 +130,7 @@ public class TransactionManager {
         /* Check this comes from an authenticated user */
         final String userName = getUserName(header);
         if (userName == null) {
-                throw new IllegalArgumentException("User is not authenticated");
+            throw new IllegalArgumentException("User is not authenticated");
         }
 
         /* Produce a token by signing a message with the server secret key : 
diff --git a/source/net/yacy/htroot/ConfigAccounts_p.java b/source/net/yacy/htroot/ConfigAccounts_p.java
index 020b1aa47..c2c75b394 100644
--- a/source/net/yacy/htroot/ConfigAccounts_p.java
+++ b/source/net/yacy/htroot/ConfigAccounts_p.java
@@ -112,9 +112,10 @@ public class ConfigAccounts_p {
             }
         }
 
-        if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
-            prop.put("passwordNotSetWarning", 1);
-        }
+        // set a warning in case that the default password was not changed
+        String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
+        String dfltpw = SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT;
+        prop.put("changedfltpw", currpw.equals(dfltpw) ? "1" : "0");
 
         prop.put(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES + ".checked", sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_All_PAGES, false) ? 1 : 0);
         prop.put("localhost.checked", (localhostAccess) ? 1 : 0);
diff --git a/source/net/yacy/htroot/Status.java b/source/net/yacy/htroot/Status.java
index ba394466f..459b17af7 100644
--- a/source/net/yacy/htroot/Status.java
+++ b/source/net/yacy/htroot/Status.java
@@ -131,14 +131,10 @@ public class Status
             prop.put("privateStatusTable", "");
         }
 
-        // password protection
-        if ( (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty())
-                && (!sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) ) {
-            prop.put("protection", "0"); // not protected
-            prop.put("urgentSetPassword", "1");
-        } else {
-            prop.put("protection", "1"); // protected
-        }
+        // password protection: set a warning in case that the default password was not changed
+        String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
+        String dfltpw = SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT;
+        prop.put("protection", currpw.equals(dfltpw) ? "0" : "1");
 
         if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) {
             prop.put("unrestrictedLocalAccess", 1);
diff --git a/source/net/yacy/http/YaCySecurityHandler.java b/source/net/yacy/http/YaCySecurityHandler.java
index 1014a1edd..4c1e2e6a5 100644
--- a/source/net/yacy/http/YaCySecurityHandler.java
+++ b/source/net/yacy/http/YaCySecurityHandler.java
@@ -84,10 +84,6 @@ public class YaCySecurityHandler extends ConstraintSecurityHandler {
         // Pages suffixed with "_p" are by the way always considered protected
         protectedPage = protectedPage || (pathInContext.indexOf("_p.") > 0);
 
-        // ..except that the password for the admin account is empty
-        final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
-        protectedPage = protectedPage && !adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount);
-
         // check "/gsa" and "/solr" if not publicSearchpage
         if (!protectedPage && !sb.getConfigBool(SwitchboardConstants.PUBLIC_SEARCHPAGE, true)) { 
             protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/");
@@ -98,6 +94,7 @@ public class YaCySecurityHandler extends ConstraintSecurityHandler {
                 return null;
             } else if (accessFromLocalhost) {
                 // last chance to authorize using the admin from localhost
+                final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
                 final String credentials = request.getHeader(RequestHeader.AUTHORIZATION);
                 if (credentials != null && credentials.length() < 120 && credentials.startsWith("Basic ")) { // Basic credentials are short "Basic " + b64(user:pwd)
                     final String foruser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
diff --git a/source/net/yacy/search/Switchboard.java b/source/net/yacy/search/Switchboard.java
index 50902296e..39f856ea3 100644
--- a/source/net/yacy/search/Switchboard.java
+++ b/source/net/yacy/search/Switchboard.java
@@ -316,7 +316,6 @@ public final class Switchboard extends serverSwitch {
     private boolean startupAction = true; // this is set to false after the first event
     private static Switchboard sb;
     public HashMap<String, Object[]> crawlJobsStatus = new HashMap<>();
-    public String emptyPasswordAdminAccount;
 
     public Switchboard(final File dataPath, final File appPath, final String initPath, final String configPath) {
         super(dataPath, appPath, initPath, configPath);
@@ -449,9 +448,6 @@ public final class Switchboard extends serverSwitch {
             }
         }.start();
 
-        // define the "non-password password"
-        this.emptyPasswordAdminAccount = this.encodeDigestAuth(this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,"admin"), "");
-
         // init the language detector
         this.log.config("Loading language profiles");
         try {
@@ -3907,13 +3903,10 @@ public final class Switchboard extends serverSwitch {
     /**
      * check authentication status for request access shall be granted if return value >= 2; these are the
      * cases where an access is granted to protected pages:
-     * - a password is not configured: auth-level 2
      * - access from localhost is granted and access comes from localhost: auth-level 3
-     * - a password is configured and access comes from localhost and the realm-value
+     * - access comes from localhost and the realm-value
      *   of a http-authentify String is equal to the stored base64MD5: auth-level 3
-     * - an empty password is configured an access comes from anywhere: auth-level 3
-     *   This may be used in cluster installations where the cluster has an outside protection but inside is none needed.
-     * - a password is configured and access comes with matching http-authentify: auth-level 4
+     * - access comes with matching http-authentify: auth-level 4
      *
      * @param requestHeader
      *  - requestHeader.AUTHORIZATION = B64encode("adminname:password") or = B64encode("adminname:valueOf_Base64MD5cft")
@@ -3931,19 +3924,6 @@ public final class Switchboard extends serverSwitch {
                 return 4; // hard-authenticated, quick return
         }
 
-        // authorization in case that there is no account stored
-        final String adminAccountUserName = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
-        final String adminAccountBase64MD5 = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
-        if ( adminAccountBase64MD5.isEmpty() ) {
-            this.adminAuthenticationLastAccess = System.currentTimeMillis();
-            return 2; // no password stored; this should not happen for older peers
-        }
-
-        // authorization in case that administrators have stored an empty password; this authorizes all users as admin regardless of the give auth
-        if (adminAccountBase64MD5.equals(this.emptyPasswordAdminAccount)) {
-            return 3; // everyone is admin from everywhere
-        }
-
         // authorization for localhost, only if flag is set to grant localhost access as admin
         final boolean accessFromLocalhost = requestHeader.accessFromLocalhost();
         if (accessFromLocalhost && this.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) {
@@ -3980,6 +3960,8 @@ public final class Switchboard extends serverSwitch {
         }
 
         // authorization by encoded password, only for localhost access
+        final String adminAccountUserName = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
+        final String adminAccountBase64MD5 = this.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
         final String pass = Base64Order.standardCoder.encodeString(adminAccountUserName + ":" + adminAccountBase64MD5);
         if ( accessFromLocalhost && (pass.equals(realmValue)) ) { // assume realmValue as is in cfg
             this.adminAuthenticationLastAccess = System.currentTimeMillis();