I2P_Developers/i2p.plugins.i2pcontrol
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Start of a password change form

Browse Source
This commit is contained in:
zzz
2018-02-06 14:01:45 +00:00
parent 0085d47d16
commit c5d0562493
3 changed files with 61 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/java/net/i2p/i2pcontrol/security/SecurityManager.java
View File

@ -40,7 +40,7 @@ import java.util.Iterator;
* Manage the password storing for I2PControl. * Manage the password storing for I2PControl.
*/ */
public class SecurityManager { public class SecurityManager {
private final static String DEFAULT_AUTH_PASSWORD = "itoopie"; public final static String DEFAULT_AUTH_PASSWORD = "itoopie";
private final HashMap<String, AuthToken> authTokens; private final HashMap<String, AuthToken> authTokens;
private final SimpleTimer2.TimedEvent timer; private final SimpleTimer2.TimedEvent timer;
private final KeyStore _ks; private final KeyStore _ks;
@ -148,17 +148,34 @@ public class SecurityManager {
return Base64.encode(bytes); return Base64.encode(bytes);
} }
/**
* Is this password correct?
* @return true if password is valid.
* @since 0.12
*/
public boolean isValid(String pwd) {
String storedPass = getSavedPasswdHash();
byte[] p1 = DataHelper.getASCII(getPasswdHash(pwd));
byte[] p2 = DataHelper.getASCII(storedPass);
return p1.length == p2.length && DataHelper.eqCT(p1, 0, p2, 0, p1.length);
}
/**
* Is this password correct?
* @return true if password is valid.
* @since 0.12
*/
public boolean isDefaultPasswordValid() {
return isValid(DEFAULT_AUTH_PASSWORD);
}
/** /**
* Add a Authentication Token if the provided password is valid. * Add a Authentication Token if the provided password is valid.
* The token will be valid for one day. * The token will be valid for one day.
* @return Returns AuthToken if password is valid. If password is invalid null will be returned. * @return AuthToken if password is valid. If password is invalid null will be returned.
*/ */
public AuthToken validatePasswd(String pwd) { public AuthToken validatePasswd(String pwd) {
String storedPass = getSavedPasswdHash(); if (isValid(pwd)) {
byte[] p1 = DataHelper.getASCII(getPasswdHash(pwd));
byte[] p2 = DataHelper.getASCII(storedPass);
if (p1.length == p2.length && DataHelper.eqCT(p1, 0, p2, 0, p1.length)) {
AuthToken token = new AuthToken(this, pwd); AuthToken token = new AuthToken(this, pwd);
synchronized (authTokens) { synchronized (authTokens) {
authTokens.put(token.getId(), token); authTokens.put(token.getId(), token);

35
src/java/net/i2p/i2pcontrol/servlets/JSONRPC2Servlet.java
View File

@ -145,14 +145,45 @@ public class JSONRPC2Servlet extends HttpServlet {
@Override @Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException { protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
httpServletResponse.setContentType("text/plain"); httpServletResponse.setContentType("text/html");
PrintWriter out = httpServletResponse.getWriter(); PrintWriter out = httpServletResponse.getWriter();
out.println("I2PControl RPC Service version " + I2PControlVersion.VERSION + " : Running"); out.println("<p>I2PControl RPC Service version " + I2PControlVersion.VERSION + " : Running");
if ("/password".equals(httpServletRequest.getServletPath())) {
out.println("<form method=\"POST\" action=\"password\">");
if (_secMan.isDefaultPasswordValid()) {
out.println("<p>The current API password is the default, \"" + _secMan.DEFAULT_AUTH_PASSWORD + "\". You should change it.");
} else {
out.println("<p>Current API password:<input name=\"password\" type=\"password\">");
}
out.println("<p>New API password (twice):<input name=\"password2\" type=\"password\">" +
"<input name=\"password3\" type=\"password\">" +
"<input name=\"save\" type=\"submit\" value=\"Change API Password\">" +
"<p>If you forget the API password, stop i2pcontrol, delete the file <tt>" + _conf.getConfFile() +
"</tt>, and restart i2pcontrol.");
} else {
out.println("<p><a href=\"password\">Change API Password</a>");
}
out.close(); out.close();
} }
/** @since 0.12 */
private void doPasswordChange(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
httpServletResponse.setContentType("text/html");
PrintWriter out = httpServletResponse.getWriter();
if (true) {
out.println("<p>API Password not changed");
} else {
out.println("<p>API Password changed");
}
out.println("<p><a href=\"password\">Change API Password</a>");
}
@Override @Override
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException { protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
if ("/password".equals(httpServletRequest.getServletPath())) {
doPasswordChange(httpServletRequest, httpServletResponse);
return;
}
String req = getRequest(httpServletRequest.getInputStream()); String req = getRequest(httpServletRequest.getInputStream());
httpServletResponse.setContentType("application/json"); httpServletResponse.setContentType("application/json");
PrintWriter out = httpServletResponse.getWriter(); PrintWriter out = httpServletResponse.getWriter();

5
src/java/net/i2p/i2pcontrol/servlets/configuration/ConfigurationManager.java
View File

@ -45,6 +45,11 @@ public class ConfigurationManager {
readConfFile(); readConfFile();
} }
/** @since 0.12 */
public File getConfFile() {
return configLocation;
}
/** /**
* Collects arguments of the form --word, --word=otherword and -blah * Collects arguments of the form --word, --word=otherword and -blah
* to determine user parameters. * to determine user parameters.