Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-28 07:17:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Make the shutdown get request use the onionshare user for basic auth

Browse Source
This commit is contained in:
Micah Lee 2019-05-20 22:02:43 -07:00
parent 3229211422
commit fe64a5a059
No known key found for this signature in database
GPG Key ID: 403C2657CD994F73
1 changed files with 8 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
onionshare/web/web.py
View File

@ -132,8 +132,6 @@ class Web(object):
def get_pw(username): def get_pw(username):
if username == 'onionshare': if username == 'onionshare':
return self.slug return self.slug
elif username == 'shutdown':
return self.shutdown_slug
else: else:
return None return None
@ -155,9 +153,10 @@ class Web(object):
""" """
Stop the flask web server, from the context of an http request. Stop the flask web server, from the context of an http request.
""" """
self.check_shutdown_slug_candidate(slug_candidate) if slug_candidate == self.shutdown_slug:
self.force_shutdown() self.force_shutdown()
return "" return ""
abort(404)
@self.app.route("/noscript-xss-instructions") @self.app.route("/noscript-xss-instructions")
def noscript_xss_instructions(): def noscript_xss_instructions():
@ -237,11 +236,6 @@ class Web(object):
log_handler.setLevel(logging.WARNING) log_handler.setLevel(logging.WARNING)
self.app.logger.addHandler(log_handler) self.app.logger.addHandler(log_handler)
def check_shutdown_slug_candidate(self, slug_candidate):
self.common.log('Web', 'check_shutdown_slug_candidate: slug_candidate={}'.format(slug_candidate))
if not hmac.compare_digest(self.shutdown_slug, slug_candidate):
abort(404)
def reset_invalid_slugs(self): def reset_invalid_slugs(self):
self.invalid_slugs_count = 0 self.invalid_slugs_count = 0
self.invalid_slugs = [] self.invalid_slugs = []
@ -293,11 +287,11 @@ class Web(object):
# Let the mode know that the user stopped the server # Let the mode know that the user stopped the server
self.stop_q.put(True) self.stop_q.put(True)
# Reset any slug that was in use
self.slug = None
# To stop flask, load http://shutdown:[shutdown_slug]@127.0.0.1/[shutdown_slug]/shutdown # To stop flask, load http://shutdown:[shutdown_slug]@127.0.0.1/[shutdown_slug]/shutdown
# (We're putting the shutdown_slug in the path as well to make routing simpler) # (We're putting the shutdown_slug in the path as well to make routing simpler)
if self.running: if self.running:
requests.get('http://127.0.0.1:{}/{}/shutdown'.format(port, self.shutdown_slug), requests.get('http://127.0.0.1:{}/{}/shutdown'.format(port, self.shutdown_slug),
auth=requests.auth.HTTPBasicAuth('shutdown', self.shutdown_slug)) auth=requests.auth.HTTPBasicAuth('onionshare', self.slug))
# Reset any slug that was in use
self.slug = None