cn/dyndnsd
1
0
Fork 0
mirror of https://github.com/cmur2/dyndnsd.git synced 2024-12-21 14:54:22 +01:00
Code Releases Activity

auth: fix broken password check

Browse Source 
Guessing an existing user's name was enough to successfully authenticate.
This commit is contained in:
Christian Nicolai 2017-10-20 16:20:38 +00:00 committed by GitHub
parent 13613643cc
commit 2edb9522f1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dyndnsd.rb
View File

@ -201,7 +201,7 @@ module Dyndnsd
# configure rack # configure rack
app = Daemon.new(config, db, updater, responder) app = Daemon.new(config, db, updater, responder)
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass| app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
allow = (config['users'].has_key? user) and (config['users'][user]['password'] == pass) allow = ((config['users'].has_key? user) and (config['users'][user]['password'] == pass))
if not allow if not allow
Dyndnsd.logger.warn "Login failed for #{user}" Dyndnsd.logger.warn "Login failed for #{user}"
Metriks.meter('requests.auth_failed').mark Metriks.meter('requests.auth_failed').mark