nutomic/syncthing-android
1
0
Fork 0
mirror of https://github.com/syncthing/syncthing-android.git synced 2024-11-23 04:41:16 +00:00
Code Releases Activity

Remove custom user and password (fixes #868) (#923)

Browse source 
This removes the ability to set a custom user and password.
The user is always set to "syncthing" and the password to the API key.
This ensure that the web GUI works and makes sure that the web GUI is protected.
This commit is contained in:
Unrud 2017-07-19 06:21:50 +02:00 committed by Felix Ableitner
parent b2a3c7465c
commit 2b0e70ca97
4 changed files with 31 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/main/java/com/nutomic/syncthingandroid/activities/SettingsActivity.java
View file

@ -67,8 +67,6 @@ public class SettingsActivity extends SyncthingActivity {
private CheckBoxPreference mRelaysEnabled;
private EditTextPreference mGlobalAnnounceServers;
private EditTextPreference mAddress;
private EditTextPreference mUser;
private EditTextPreference mPassword;
private CheckBoxPreference mUrAccepted;
private CheckBoxPreference mUseRoot;
@ -127,8 +125,6 @@ public class SettingsActivity extends SyncthingActivity {
mRelaysEnabled = (CheckBoxPreference) findPreference("relaysEnabled");
mGlobalAnnounceServers = (EditTextPreference) findPreference("globalAnnounceServers");
mAddress = (EditTextPreference) findPreference("address");
mUser = (EditTextPreference) findPreference("user");
mPassword = (EditTextPreference) findPreference("password");
mUrAccepted = (CheckBoxPreference) findPreference("urAccepted");
Preference exportConfig = findPreference("export_config");
@ -212,8 +208,6 @@ public class SettingsActivity extends SyncthingActivity {
mRelaysEnabled.setChecked(mOptions.relaysEnabled);
mGlobalAnnounceServers.setText(joiner.join(mOptions.globalAnnounceServers));
mAddress.setText(mGui.address);
mUser.setText(mGui.user);
mPassword.setText(mGui.password);
mUrAccepted.setChecked(mOptions.getUsageReportValue() == Options.USAGE_REPORTING_ACCEPTED);
}
@ -254,8 +248,6 @@ public class SettingsActivity extends SyncthingActivity {
mOptions.globalAnnounceServers = Iterables.toArray(splitter.split((String) o), String.class);
break;
case "address": mGui.address = (String) o; break;
case "user": mGui.user = (String) o; break;
case "password": mGui.password = (String) o; break;
case "urAccepted":
mOptions.urAccepted = ((boolean) o)
? Options.USAGE_REPORTING_ACCEPTED

4
src/main/java/com/nutomic/syncthingandroid/activities/WebGuiActivity.java
View file

@ -87,9 +87,7 @@ public class WebGuiActivity extends SyncthingActivity
}
public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm) {
String password = PreferenceManager.getDefaultSharedPreferences(WebGuiActivity.this)
.getString("web_gui_password", "");
handler.proceed(mConfig.getUserName(), password);
handler.proceed(mConfig.getUserName(), mConfig.getApiKey());
}
@Override

61
src/main/java/com/nutomic/syncthingandroid/util/ConfigXml.java
View file

@ -74,7 +74,6 @@ public class ConfigXml {
if (isFirstStart) {
changeLocalDeviceName();
changeDefaultFolder();
generateLoginInfo();
}
updateIfNeeded();
}
@ -138,6 +137,36 @@ public class ConfigXml {
changed = true;
}
// Set user to "syncthing"
Node user = gui.getElementsByTagName("user").item(0);
if (user == null) {
user = mConfig.createElement("user");
gui.appendChild(user);
}
if (!user.getTextContent().equals("syncthing")) {
user.setTextContent("syncthing");
changed = true;
}
// Set password to the API key
Node password = gui.getElementsByTagName("password").item(0);
if (password == null) {
password = mConfig.createElement("password");
gui.appendChild(password);
}
String apikey = getApiKey();
boolean passwordOk;
try {
passwordOk = BCrypt.checkpw(apikey, password.getTextContent());
} catch (RuntimeException e) {
Log.w(TAG, e);
passwordOk = false;
}
if (!passwordOk) {
password.setTextContent(BCrypt.hashpw(apikey, BCrypt.gensalt()));
changed = true;
}
if (changed) {
saveChanges();
}
@ -210,36 +239,6 @@ public class ConfigXml {
saveChanges();
}
/**
* Generates username and config, stores them in config and preferences.
*
* We have to store the plaintext password in preferences, because we need it in
* WebGuiActivity. The password in the config is hashed, so we can't use it directly.
*/
private void generateLoginInfo() {
char[] chars =
"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".toCharArray();
StringBuilder password = new StringBuilder();
SecureRandom random = new SecureRandom();
for (int i = 0; i < 20; i++)
password.append(chars[random.nextInt(chars.length)]);
String user = Build.MODEL.replaceAll("[^a-zA-Z0-9 ]", "");
Log.i(TAG, "Generated GUI username and password (username is " + user + ")");
Node userNode = mConfig.createElement("user");
getGuiElement().appendChild(userNode);
userNode.setTextContent(user);
Node passwordNode = mConfig.createElement("password");
getGuiElement().appendChild(passwordNode);
String hashed = BCrypt.hashpw(password.toString(), BCrypt.gensalt());
passwordNode.setTextContent(hashed);
PreferenceManager.getDefaultSharedPreferences(mContext).edit()
.putString("web_gui_password", password.toString())
.apply();
}
/**
* Writes updated mConfig back to file.
*/

11
src/main/res/xml/app_settings.xml
View file

@ -118,17 +118,6 @@
android:persistent="false"
android:inputType="textNoSuggestions" />
<EditTextPreference
android:key="user"
android:title="@string/gui_user"
android:inputType="textCapWords"
android:persistent="false" />
<EditTextPreference
android:key="password"
android:title="@string/gui_password"
android:inputType="textVisiblePassword" />
<CheckBoxPreference
android:key="urAccepted"
android:title="@string/usage_reporting"