added a warning message in ConfigBasic in case that the default password

was not changed.
pull/603/head
Michael Peter Christen 1 year ago
parent 7830268be1
commit 4da320bebf

@ -24,6 +24,12 @@
#(reconnect)#:: #(reconnect)#::
<p><strong>Your port has changed. Please wait 10 seconds.</strong></p> <p><strong>Your port has changed. Please wait 10 seconds.</strong></p>
#(/reconnect)# #(/reconnect)#
#(changedfltpw)#::
<div class="alert alert-danger" role="alert">
<b>WARNING</b> This YaCy instance can be administered with the account "admin" and the default password "yacy".
Open the <a href="ConfigAccounts_p.html" class="alert-link">User Administration</a> and change the password as soon as possible!
</div>
#(/changedfltpw)#
<p> <p>
Your YaCy Peer needs some basic information to operate properly Your YaCy Peer needs some basic information to operate properly
</p> </p>

@ -70,7 +70,7 @@ public class TransactionManager {
final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"); final String adminAccountUserName = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin");
if (adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount)) { if (adminAccountBase64MD5.equals(sb.emptyPasswordAdminAccount)) {
// admin users with empty passwords do not need to authentify, thus do not have // admin users with empty passwords do not need to authentify, thus do not have
// this header present. We just consoder the name is "admin" // this header present. We just consider the name is "admin"
userName = adminAccountUserName; userName = adminAccountUserName;
} }
@ -145,7 +145,6 @@ public class TransactionManager {
final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY) final String token = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, SIGNING_KEY)
.hmacHex(TOKEN_SEED + userName + path); .hmacHex(TOKEN_SEED + userName + path);
return token; return token;
} }

@ -69,13 +69,6 @@ public class ConfigBasic {
final File langPath = new File(sb.getAppPath("locale.source", "locales").getAbsolutePath()); final File langPath = new File(sb.getAppPath("locale.source", "locales").getAbsolutePath());
String lang = env.getConfig("locale.language", "browser"); String lang = env.getConfig("locale.language", "browser");
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* For authenticated users only : acquire a transaction token for the next POST form submission */ /* For authenticated users only : acquire a transaction token for the next POST form submission */
try { try {
prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header)); prop.put(TransactionManager.TRANSACTION_TOKEN_PARAM, TransactionManager.getTransactionToken(header));
@ -95,6 +88,14 @@ public class ConfigBasic {
boolean ssl = env.getConfigBool("server.https", false); boolean ssl = env.getConfigBool("server.https", false);
boolean upnp = false; boolean upnp = false;
if (post != null) { if (post != null) {
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* Settings will be modified : check this is a valid transaction using HTTP POST method */ /* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post); TransactionManager.checkPostTransaction(header, post);
@ -189,11 +190,24 @@ public class ConfigBasic {
prop.put("reconnect", "0"); prop.put("reconnect", "0");
} }
// set a warning in case that the default password was not changed
String currpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
String dfltpw = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5_DEFAULT, "");
prop.put("changedfltpw", currpw.equals(dfltpw) ? "1" : "0");
// set a use case // set a use case
prop.put("setUseCase_switchError", 0); prop.put("setUseCase_switchError", 0);
prop.put("setUseCase_switchWarning", 0); prop.put("setUseCase_switchWarning", 0);
String networkName = sb.getConfig(SwitchboardConstants.NETWORK_NAME, ""); String networkName = sb.getConfig(SwitchboardConstants.NETWORK_NAME, "");
if (post != null && post.containsKey("usecase")) { if (post != null && post.containsKey("usecase")) {
final int authentication = sb.adminAuthenticated(header);
if (authentication < 2) {
// must authenticate
prop.authenticationRequired();
return prop;
}
/* Settings will be modified : check this is a valid transaction using HTTP POST method */ /* Settings will be modified : check this is a valid transaction using HTTP POST method */
TransactionManager.checkPostTransaction(header, post); TransactionManager.checkPostTransaction(header, post);

@ -50,8 +50,9 @@ public final class SwitchboardConstants {
// this holds the credential "MD5:" + Digest.encodeMD5Hex(adminAccountUserName + ":" + adminRealm + ":" + password) // this holds the credential "MD5:" + Digest.encodeMD5Hex(adminAccountUserName + ":" + adminRealm + ":" + password)
// or the depreciated old style MapTools.encodeMD5Hex( Base64Order.standardCoder.encode(adminAccountUserName + ":" + password) ) // or the depreciated old style MapTools.encodeMD5Hex( Base64Order.standardCoder.encode(adminAccountUserName + ":" + password) )
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
public static final String ADMIN_ACCOUNT_USER_NAME = "adminAccountUserName"; // by default 'admin' public static final String ADMIN_ACCOUNT_USER_NAME = "adminAccountUserName"; // by default 'admin'
public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5"; // by default the encoding of 'yacy' (MD5:8cffbc0d66567a0987a4aba1ec46d63c)
public static final String ADMIN_ACCOUNT_B64MD5_DEFAULT = "MD5:8cffbc0d66567a0987a4aba1ec46d63c"; // use this to check if the default setting was overwritten
public static final String ADMIN_ACCOUNT_FOR_LOCALHOST = "adminAccountForLocalhost"; public static final String ADMIN_ACCOUNT_FOR_LOCALHOST = "adminAccountForLocalhost";
public static final String ADMIN_ACCOUNT_All_PAGES = "adminAccountAllPages"; public static final String ADMIN_ACCOUNT_All_PAGES = "adminAccountAllPages";
public static final String ADMIN_REALM = "adminRealm"; public static final String ADMIN_REALM = "adminRealm";

Loading…
Cancel
Save