Be sure not to use blank passwords as the password

2025-12-19 06:25:45 +00:00 · 2021-06-21 22:12:47 +10:00
parent a429223858
commit 45bd454e26
2 changed files with 9 additions and 5 deletions
--- a/backend/init.py
+++ b/backend/init.py
@@ -483,6 +483,9 @@ def changedetection_app(config=None, datastore_o=None):
                flash("Password protection enabled.", 'notice')
                flask_login.logout_user()
                return redirect(url_for('index'))
+            else:
+                # Unset it anyway, just to be sure.
+                datastore.data['settings']['application']['password'] = False
                
            flash("Settings updated.")

--- a/backend/forms.py
+++ b/backend/forms.py
@@ -46,11 +46,12 @@ class SaltyPasswordField(StringField):
    # incoming
    def process_formdata(self, valuelist):
        if valuelist:
-            # Remove empty strings
+            # Be really sure it's non-zero in length
+            if len(valuelist[0].strip()) > 0:
                self.encrypted_password = self.build_password(valuelist[0])
-            self.data = []
+                self.data = ""
        else:
-            self.data = []
+            self.data = False


 # Separated by  key:value