From: Calin Crisan <ccrisan@gmail.com>
Date: Mon, 12 Dec 2016 19:45:34 +0000 (+0200)
Subject: don't store the password hash in motion.conf
X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=7bbc96f32e89f9e7750664cd1a0912bfbf428b7b;p=motioneye-debian

don't store the password hash in motion.conf
---

diff --git a/motioneye/config.py b/motioneye/config.py
index 2a6fbaf..8b37139 100644
--- a/motioneye/config.py
+++ b/motioneye/config.py
@@ -19,7 +19,6 @@ import collections
 import datetime
 import errno
 import glob
-import hashlib
 import logging
 import math
 import os.path
@@ -183,9 +182,6 @@ def get_main(as_lines=False):
     _get_additional_config(main_config)
     _set_default_motion(main_config, old_config_format=motionctl.has_old_config_format())
 
-    main_config.setdefault('@admin_password_hash', hashlib.sha1(main_config['@admin_password']).hexdigest())
-    main_config.setdefault('@normal_password_hash', hashlib.sha1(main_config['@normal_password']).hexdigest())
-
     _main_config_cache = main_config
     
     return main_config
diff --git a/motioneye/handlers.py b/motioneye/handlers.py
index 83c6cab..1d30196 100644
--- a/motioneye/handlers.py
+++ b/motioneye/handlers.py
@@ -16,6 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>. 
 
 import datetime
+import hashlib
 import json
 import logging
 import os
@@ -113,9 +114,10 @@ class BaseHandler(RequestHandler):
         login = self.get_argument('_login', None) == 'true'
         if (username == main_config.get('@admin_username') and
             (signature == utils.compute_signature(self.request.method, self.request.uri, # backwards compatibility
-                                                  self.request.body, main_config.get('@admin_password')) or
+                                                  self.request.body, main_config['@admin_password']) or
              signature == utils.compute_signature(self.request.method, self.request.uri,
-                                                  self.request.body, main_config.get('@admin_password_hash')))):
+                                                  self.request.body,
+                                                  hashlib.sha1(main_config['@admin_password']).hexdigest()))):
 
             return 'admin'
         
@@ -126,7 +128,8 @@ class BaseHandler(RequestHandler):
             (signature == utils.compute_signature(self.request.method, self.request.uri, # backwards compatibility
                                                   self.request.body, main_config.get('@normal_password')) or
              signature == utils.compute_signature(self.request.method, self.request.uri,
-                                                  self.request.body, main_config.get('@normal_password_hash')))):
+                                                  self.request.body,
+                                                  hashlib.sha1(main_config['@normal_password']).hexdigest()))):
 
             return 'normal'