luci-base: fix setPassword handling#8696
Conversation
Remove old password check in JS when creating a new user, as username verification is handled by the backend. Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
ckorber
force-pushed
the
pr/fix_pw
branch
3 times, most recently
from
60d2e3e to
0688112
Compare
|
Thanks, I'll test it later. |
openwrt-ai
left a comment
openwrt-ai
left a comment
There was a problem hiding this comment.
Reviewed 4 new commits. Two related issues stand out: the backend's known_user failure branch now writes the new password before returning result: 0 (bypassing the old-password check), and both frontends still treat the resolved promise as a scalar after expect: { result: 1 } was dropped, so the failure return { result: 0 } is read as success. Details inline.
Generated by Claude Code
The earlier commit to unify password setting had multiple uci contexts and didn't distinguish correctly between newly created or existing rpcd users. Also a break command was misplaced. With this commit the created hash is also propagated in order to set it in `luci-app-acl` and `luci-mod-system`. Signed-off-by: Christian Korber <ckorber@tdt.de>
This commit sets the generated hash after changing password for rpc users. Signed-off-by: Christian Korber <ckorber@tdt.de>
This commit sets the hash for changed password of rpc user. Signed-off-by: Christian Korber <ckorber@tdt.de>
openwrt-ai
left a comment
openwrt-ai
left a comment
There was a problem hiding this comment.
Reviewed 3 new commits since my last review. All three earlier findings (the failure-path write in the backend, and the result/result.result truthiness checks in both frontends) are addressed correctly. One remaining question about new-user creation in the system password view is inline. Commit messages match their changes.
Generated by Claude Code
|
Hi @systemcrash , do you approve? |
3 participants
Pull request details
Description
The earlier commits didn't work for creating new users in rpcd.
Also, creating new users resulted in duplicated rpcd logins, because save and apply also created the uci section. So therefore,
setPasswordreturns the generated hash and letluci-mod-systemandluci-app-aclset the new hash.Screenshot or video of changes (if applicable)
Maintainer (preferred)
@systemcrash @AndyChiang888
Tested on
OpenWrt version: openwrt-25.12
LuCI version: luci-openwrt-25.12
Web browser(s): firefox
Checklist
Signed-off-by: <my@email.address>row (viagit commit --signoff).<package name>: titlefirst line subject for packages.PKG_VERSIONin the Makefile.