mirror of
https://github.com/zadam/trilium.git
synced 2025-11-13 00:35:50 +01:00
set password from web trilium
This commit is contained in:
zadam
@@ -85,14 +85,10 @@ function logoutFromProtectedSession() {
|
||||
}
|
||||
|
||||
function token(req) {
|
||||
const username = req.body.username;
|
||||
const password = req.body.password;
|
||||
|
||||
const isUsernameValid = username === optionService.getOption('username');
|
||||
const isPasswordValid = passwordEncryptionService.verifyPassword(password);
|
||||
|
||||
if (!isUsernameValid || !isPasswordValid) {
|
||||
return [401, "Incorrect username/password"];
|
||||
if (!passwordEncryptionService.verifyPassword(password)) {
|
||||
return [401, "Incorrect password"];
|
||||
}
|
||||
|
||||
const apiToken = new ApiToken({
|
||||
|
||||
@@ -6,7 +6,6 @@ const searchService = require('../../services/search/services/search');
|
||||
|
||||
// options allowed to be updated directly in options dialog
|
||||
const ALLOWED_OPTIONS = new Set([
|
||||
'username', // not exposed for update (not harmful anyway), needed for reading
|
||||
'eraseEntitiesAfterTimeInSeconds',
|
||||
'protectedSessionTimeout',
|
||||
'noteRevisionSnapshotTimeInterval',
|
||||
|
||||
@@ -18,9 +18,9 @@ async function setupNewDocument() {
|
||||
}
|
||||
|
||||
function setupSyncFromServer(req) {
|
||||
const { syncServerHost, syncProxy, username, password } = req.body;
|
||||
const { syncServerHost, syncProxy, password } = req.body;
|
||||
|
||||
return setupService.setupSyncFromSyncServer(syncServerHost, syncProxy, username, password);
|
||||
return setupService.setupSyncFromSyncServer(syncServerHost, syncProxy, password);
|
||||
}
|
||||
|
||||
function saveSyncSeed(req) {
|
||||
|
||||
@@ -4,21 +4,48 @@ const utils = require('../services/utils');
|
||||
const optionService = require('../services/options');
|
||||
const myScryptService = require('../services/my_scrypt');
|
||||
const log = require('../services/log');
|
||||
const sqlInit = require("../services/sql_init.js");
|
||||
const optionsInitService = require("../services/options_init.js");
|
||||
|
||||
function loginPage(req, res) {
|
||||
res.render('login', { failedAuth: false });
|
||||
}
|
||||
|
||||
function setPasswordPage(req, res) {
|
||||
res.render('set_password', { failed: false });
|
||||
res.render('set_password', { error: false });
|
||||
}
|
||||
|
||||
function setPassword(req, res) {
|
||||
if (sqlInit.isPasswordSet()) {
|
||||
return [400, "Password has been already set"];
|
||||
}
|
||||
|
||||
let {password1, password2} = req.body;
|
||||
password1 = password1.trim();
|
||||
password2 = password2.trim();
|
||||
|
||||
let error;
|
||||
|
||||
if (password1 !== password2) {
|
||||
error = "Entered passwords don't match.";
|
||||
} else if (password1.length < 4) {
|
||||
error = "Password must be at least 4 characters long.";
|
||||
}
|
||||
|
||||
if (error) {
|
||||
res.render('set_password', { error });
|
||||
return;
|
||||
}
|
||||
|
||||
optionsInitService.initPassword(password1);
|
||||
|
||||
res.redirect('login');
|
||||
}
|
||||
|
||||
function login(req, res) {
|
||||
const userName = optionService.getOption('username');
|
||||
|
||||
const guessedPassword = req.body.password;
|
||||
|
||||
if (req.body.username === userName && verifyPassword(guessedPassword)) {
|
||||
if (verifyPassword(guessedPassword)) {
|
||||
const rememberMe = req.body.remember_me;
|
||||
|
||||
req.session.regenerate(() => {
|
||||
@@ -34,7 +61,7 @@ function login(req, res) {
|
||||
}
|
||||
else {
|
||||
// note that logged IP address is usually meaningless since the traffic should come from a reverse proxy
|
||||
log.info(`WARNING: Wrong username / password from ${req.ip}, rejecting.`);
|
||||
log.info(`WARNING: Wrong password from ${req.ip}, rejecting.`);
|
||||
|
||||
res.render('login', {'failedAuth': true});
|
||||
}
|
||||
@@ -60,6 +87,7 @@ function logout(req, res) {
|
||||
module.exports = {
|
||||
loginPage,
|
||||
setPasswordPage,
|
||||
setPassword,
|
||||
login,
|
||||
logout
|
||||
};
|
||||
|
||||
@@ -183,7 +183,7 @@ const uploadMiddleware = multer.single('upload');
|
||||
function register(app) {
|
||||
route(GET, '/', [auth.checkAuth, csrfMiddleware], indexRoute.index);
|
||||
route(GET, '/login', [auth.checkAppInitialized, auth.checkPasswordSet], loginRoute.loginPage);
|
||||
route(GET, '/set_password', [auth.checkAppInitialized], loginRoute.setPasswordPage);
|
||||
route(GET, '/set-password', [auth.checkAppInitialized], loginRoute.setPasswordPage);
|
||||
|
||||
const loginRateLimiter = rateLimit({
|
||||
windowMs: 15 * 60 * 1000, // 15 minutes
|
||||
@@ -192,6 +192,7 @@ function register(app) {
|
||||
|
||||
route(POST, '/login', [loginRateLimiter], loginRoute.login);
|
||||
route(POST, '/logout', [csrfMiddleware, auth.checkAuth], loginRoute.logout);
|
||||
route(POST, '/set-password', [auth.checkAppInitialized], loginRoute.setPassword);
|
||||
route(GET, '/setup', [], setupRoute.setupPage);
|
||||
|
||||
apiRoute(GET, '/api/tree', treeApiRoute.getTree);
|
||||
|
||||
Reference in New Issue
Block a user