add option unsecure.allow_all_passwords to disable password restrictions and allow any type of passwords (even empty ones)

2025-12-13 07:45:54 +00:00 · 2021-02-26 16:25:00 +01:00 · 2021-02-26 16:25:00 +01:00 · a567bd3780
commit a567bd3780
parent 30ff0a84ef
4 changed files with 105 additions and 97 deletions
--- a/src/cpp/JSONInterface/JsonCreateUser.cpp
+++ b/src/cpp/JSONInterface/JsonCreateUser.cpp
@ -51,7 +51,7 @@ Poco::JSON::Object* JsonCreateUser::handle(Poco::Dynamic::Var params)

 	if (password.size()) {
 		ErrorList errors;
-		if (!sm->checkPwdValidation(password, &errors)) {
+		if (!(ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_ALLOW_ALL_PASSWORDS) && !sm->checkPwdValidation(password, &errors)) {
 			Poco::JSON::Object* result = new Poco::JSON::Object;
 			result->set("state", "error");
 			result->set("msg", errors.getLastError()->getString(false));
--- a/src/cpp/JSONInterface/JsonRequestHandler.cpp
+++ b/src/cpp/JSONInterface/JsonRequestHandler.cpp
@ -37,6 +37,10 @@ void JsonRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Po
 		if (parsedResult.size() != 0) {
 			json_result = handle(parsedResult);
 		}
+		else {
+			json_result = stateError("empty body");
+		}
+
 	}
 	else if(method == "GET") {		
 		Poco::URI uri(request.getURI());
--- a/src/cpp/ServerConfig.cpp
+++ b/src/cpp/ServerConfig.cpp
@ -246,6 +246,9 @@ namespace ServerConfig {
 		if (cfg.getInt("unsecure.allow_cors_all", 0) == 1) {
 			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_CORS_ALL);
 		}
+		if (cfg.getInt("unsecure.allow_all_passwords", 0) == 1) {
+			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_ALLOW_ALL_PASSWORDS);
+		}

 		return true;
 	}
--- a/src/cpp/ServerConfig.h
+++ b/src/cpp/ServerConfig.h
@ -44,7 +44,8 @@ namespace ServerConfig {
 		NOT_UNSECURE = 0,
 		UNSECURE_PASSWORD_REQUESTS = 1,
 		UNSECURE_AUTO_SIGN_TRANSACTIONS = 2,
-		UNSECURE_CORS_ALL = 4
+		UNSECURE_CORS_ALL = 4,
+		UNSECURE_ALLOW_ALL_PASSWORDS = 8
 	};