Home Explore Help
Register Sign In
Apq
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Trim spaces from admin token during authentication and validate that the admin panel token is not empty

Daniel García 6 years ago
parent
9e1f030a80
commit
0718a090e1
2 changed files with 7 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/api/admin.rs
  2. 6 0
      src/config.rs

+ 1 - 1
src/api/admin.rs
View File 

@@ -89,7 +89,7 @@ fn post_admin_login(data: Form<LoginForm>, mut cookies: Cookies, ip: ClientIp) -
 
 fn _validate_token(token: &str) -> bool {
 
     match CONFIG.admin_token().as_ref() {
 
         None => false,
 
-        Some(t) => crate::crypto::ct_eq(t, token),
 
+        Some(t) => crate::crypto::ct_eq(t.trim(), token.trim()),
 
     }
 
 }

+ 6 - 0
src/config.rs
View File 

@@ -317,6 +317,12 @@ make_config! {
 
 }
 
 
 fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
 
+    if let Some(ref token) = cfg.admin_token {
 
+        if token.trim().is_empty() {
 
+            err!("`ADMIN_TOKEN` is enabled but has an empty value. To enable the admin page without token, use `DISABLE_ADMIN_TOKEN`")
 
+        }
 
+    }
 
+
 
     if cfg.yubico_client_id.is_some() != cfg.yubico_secret_key.is_some() {
 
         err!("Both `YUBICO_CLIENT_ID` and `YUBICO_SECRET_KEY` need to be set for Yubikey OTP support")
 
     }