johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security: Refactor cache headers, auth token validation & UI #782 #808

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2024-01-17 14:16:02 +01:00
parent 0c4cd8d1b9
commit 2912ac9464
21 changed files with 367 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/server/webdav_auth.go
View File

@@ -83,8 +83,8 @@ func WebDAVAuth(conf *config.Config) gin.HandlerFunc {
authToken := header.AuthToken(c)
// Use the value provided in the password field as auth token if no username was provided
// and the format matches auth secrets e.g. "iXrDz-aY16n-4IUWM-otkM3".
if username != "" && authToken == "" && rnd.IsAuthSecret(password) {
// and the format matches auth secrets e.g. "OXiV72-wTtiL9-d04jO7-X7XP4p".
if username != "" && authToken == "" && rnd.IsAuthSecret(password, true) {
authToken = password
}