From: Calin Crisan <ccrisan@gmail.com>
Date: Sun, 4 Dec 2016 15:09:55 +0000 (+0200)
Subject: added support for remembering credentials when logging in
X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=4693058abc0d11b525f854f5aebfd8fe4caabd0a;p=motioneye-debian

added support for remembering credentials when logging in

this was possible by saving the password hash in a cookie and using it in the signature instead of the original plain-text password
---

diff --git a/motioneye/config.py b/motioneye/config.py
index e4a849f..2a6fbaf 100644
--- a/motioneye/config.py
+++ b/motioneye/config.py
@@ -19,6 +19,7 @@ import collections
 import datetime
 import errno
 import glob
+import hashlib
 import logging
 import math
 import os.path
@@ -178,10 +179,13 @@ def get_main(as_lines=False):
     main_config = _conf_to_dict(lines,
             list_names=['thread'],
             no_convert=['@admin_username', '@admin_password', '@normal_username', '@normal_password'])
-    
+
     _get_additional_config(main_config)
     _set_default_motion(main_config, old_config_format=motionctl.has_old_config_format())
-    
+
+    main_config.setdefault('@admin_password_hash', hashlib.sha1(main_config['@admin_password']).hexdigest())
+    main_config.setdefault('@normal_password_hash', hashlib.sha1(main_config['@normal_password']).hexdigest())
+
     _main_config_cache = main_config
     
     return main_config
diff --git a/motioneye/handlers.py b/motioneye/handlers.py
index 1db2f1a..83c6cab 100644
--- a/motioneye/handlers.py
+++ b/motioneye/handlers.py
@@ -112,16 +112,22 @@ class BaseHandler(RequestHandler):
         signature = self.get_argument('_signature', None)
         login = self.get_argument('_login', None) == 'true'
         if (username == main_config.get('@admin_username') and
-            signature == utils.compute_signature(self.request.method, self.request.uri, self.request.body, main_config.get('@admin_password'))):
-            
+            (signature == utils.compute_signature(self.request.method, self.request.uri, # backwards compatibility
+                                                  self.request.body, main_config.get('@admin_password')) or
+             signature == utils.compute_signature(self.request.method, self.request.uri,
+                                                  self.request.body, main_config.get('@admin_password_hash')))):
+
             return 'admin'
         
         elif not username and not main_config.get('@normal_password'): # no authentication required for normal user
             return 'normal'
         
         elif (username == main_config.get('@normal_username') and
-            signature == utils.compute_signature(self.request.method, self.request.uri, self.request.body, main_config.get('@normal_password'))):
-            
+            (signature == utils.compute_signature(self.request.method, self.request.uri, # backwards compatibility
+                                                  self.request.body, main_config.get('@normal_password')) or
+             signature == utils.compute_signature(self.request.method, self.request.uri,
+                                                  self.request.body, main_config.get('@normal_password_hash')))):
+
             return 'normal'
 
         elif username and username != '_' and login:
diff --git a/motioneye/static/js/main.js b/motioneye/static/js/main.js
index 1cd5e8a..cb637f6 100644
--- a/motioneye/static/js/main.js
+++ b/motioneye/static/js/main.js
@@ -8,7 +8,7 @@ var refreshInterval = 15; /* milliseconds */
 var framerateFactor = 1;
 var resolutionFactor = 1;
 var username = '';
-var password = '';
+var passwordHash = '';
 var basePath = null;
 var signatureRegExp = new RegExp('[^a-zA-Z0-9/?_.=&{}\\[\\]":, _-]', 'g');
 var initialConfigFetched = false; /* used to workaround browser extensions that trigger stupid change events */
@@ -353,9 +353,8 @@ function computeSignature(method, path, body) {
     path = path + '?' + query;
     path = path.replace(signatureRegExp, '-');
     body = body && body.replace(signatureRegExp, '-');
-    var password = window.password.replace(signatureRegExp, '-');
     
-    return sha1(method + ':' + path + ':' + (body || '') + ':' + password).toLowerCase();
+    return sha1(method + ':' + path + ':' + (body || '') + ':' + passwordHash).toLowerCase();
 }
 
 function addAuthParams(method, url, body) {
@@ -3355,12 +3354,19 @@ function runLoginDialog(retry) {
                     '<td class="dialog-item-value"><input type="password" name="password" class="styled" id="passwordEntry"></td>' +
                     '<input type="submit" style="display: none;" name="login" value="login">' +
                 '</tr>' +
+                '<tr>' +
+                    '<td class="dialog-item-label"><span class="dialog-item-label">Remember Me</span></td>' +
+                    '<td class="dialog-item-value"><input type="checkbox" name="remember" class="styled" id="rememberCheck"></td>' +
+                '</tr>' +
             '</table></form>');
 
     var usernameEntry = form.find('#usernameEntry');
     var passwordEntry = form.find('#passwordEntry');
+    var rememberCheck = form.find('#rememberCheck');
     var errorTd = form.find('td.login-dialog-error');
     
+    makeCheckBox(rememberCheck);
+    
     if (window._loginRetry) {
         errorTd.css('display', 'table-cell');
         errorTd.html('Invalid credentials.');
@@ -3375,10 +3381,13 @@ function runLoginDialog(retry) {
             }},
             {caption: 'Login', isDefault: true, click: function () {
                 window.username = usernameEntry.val();
-                window.password = passwordEntry.val();
+                window.passwordHash = sha1(passwordEntry.val()).toLowerCase();
                 window._loginDialogSubmitted = true;
                 
-                setCookie('username', window.username);
+                if (rememberCheck[0].checked) {
+                    setCookie('username', window.username);
+                    setCookie('passwordHash', window.passwordHash);
+                }
                 
                 form.submit();
                 setTimeout(function () {
@@ -4976,6 +4985,7 @@ $(document).ready(function () {
 
         /* restore the username from cookie */
         window.username = getCookie('username');
+        window.passwordHash = getCookie('passwordHash');
     }
     
     /* open/close settings */