cynic
/
glowing-bear
mirror of https://github.com/kurisufriend/glowing-bear
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Rename the allow plaintext setting

Browse Source
codeql
Jeremy Mahieu 5 years ago
parent ab06c14d64
commit 620afd6f7d
3 changed files with 9 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      index.html
  2. 2
      js/connection.js
  3. 2
      js/glowingbear.js

14
index.html
Unescape View File

@ -134,12 +134,12 @@
</label> </label>
</div> </div>
<div class="checkbox"> <div class="checkbox">
<label class="control-label" for="allowPlaintextAuthentication"> <label class="control-label" for="compatibilityWeechat28">
<input type="checkbox" id="allowPlaintextAuthentication" ng-model="settings.allowPlaintextAuthentication"> <input type="checkbox" id="compatibilityWeechat28" ng-model="settings.compatibilityWeechat28">
Allow Plaintext Authentication (Weechat < 2.9) <a href="#plaintext" ng-click="toggleAccordionByName('gettingStartedAccordion')"><i class="glyphicon glyphicon-info-sign"></i></a> Compatibility with Weechat 2.8 and older <a href="#plaintext" ng-click="toggleAccordionByName('gettingStartedAccordion')"><i class="glyphicon glyphicon-info-sign"></i></a>
</label> </label>
</div> </div>
<div class="checkbox indent" ng-show="settings.allowPlaintextAuthentication"> <div class="checkbox indent" ng-show="settings.compatibilityWeechat28">
<label class="control-label" for="useTotp"> <label class="control-label" for="useTotp">
<input type="checkbox" id="useTotp" ng-model="settings.useTotp"> <input type="checkbox" id="useTotp" ng-model="settings.useTotp">
Use Time-based One-Time Password (automatic for Weechat >= 2.9)<a href="https://blog.weechat.org/post/2019/01/14/Support-of-TOTP" target="_blank"><i class="glyphicon glyphicon-info-sign"></i></a> Use Time-based One-Time Password (automatic for Weechat >= 2.9)<a href="https://blog.weechat.org/post/2019/01/14/Support-of-TOTP" target="_blank"><i class="glyphicon glyphicon-info-sign"></i></a>
@ -153,7 +153,7 @@
</div> </div>
<div class="checkbox indent" ng-show="settings.savepassword || settings.autoconnect"> <div class="checkbox indent" ng-show="settings.savepassword || settings.autoconnect">
<label class="control-label" for="autoconnect"> <label class="control-label" for="autoconnect">
<input type="checkbox" id="autoconnect" ng-model="settings.autoconnect" ng-disabled="settings.allowPlaintextAuthentication && settings.useTotp"> <input type="checkbox" id="autoconnect" ng-model="settings.autoconnect" ng-disabled="settings.compatibilityWeechat28 && settings.useTotp">
Automatically connect Automatically connect
</label> </label>
</div> </div>
@ -197,8 +197,8 @@ chown -R <strong>username</strong>:<strong>username</strong> ~<strong>username</
/set relay.network.totp_secret "${sec.data.relay_totp_secret}"</pre> /set relay.network.totp_secret "${sec.data.relay_totp_secret}"</pre>
<p>Open an authenticator app and create an entry with the same secret. In Glowing Bear check the checkbox for "use Time-based One-Time Password" and fill in the one time password as you see it in the authenticator app.</p> <p>Open an authenticator app and create an entry with the same secret. In Glowing Bear check the checkbox for "use Time-based One-Time Password" and fill in the one time password as you see it in the authenticator app.</p>
<h3><a name="plaintext"></a>Allow plaintext authentication</h3> <h3><a name="plaintext"></a>Compatibility with Weechat 2.8 and older</h3>
<p><strong>Required for Weechat < 2.9</strong></p> <p><strong>Required for Weechat <= 2.8</strong></p>
<p>Since weechat version 2.9 the authentication was made more secure and resistant to brute forcing. Glowing bear uses the most secure authentication method by default. However to supports older version of weechat this options allows glowing bear to still send your password in plaintext (wrapped in https if enabled). Only enable this if you are using Weechat < 2.9</p> <p>Since weechat version 2.9 the authentication was made more secure and resistant to brute forcing. Glowing bear uses the most secure authentication method by default. However to supports older version of weechat this options allows glowing bear to still send your password in plaintext (wrapped in https if enabled). Only enable this if you are using Weechat < 2.9</p>
<p>By default weechat 2.9 support all authentication methods, if you are only using glowing bear you can do the following command to improve security:</p> <p>By default weechat 2.9 support all authentication methods, if you are only using glowing bear you can do the following command to improve security:</p>
<pre>/set relay.network.password_hash_algo "pbkdf2+sha512"</pre> <pre>/set relay.network.password_hash_algo "pbkdf2+sha512"</pre>

2
js/connection.js
Unescape View File

@ -99,7 +99,7 @@ weechat.factory('connection',
// This is not secure, this has to be specifically allowed with a setting // This is not secure, this has to be specifically allowed with a setting
// Otherwise an attacker could persuade the client to send it's password // Otherwise an attacker could persuade the client to send it's password
// Or due to latency the client could think weechat was an older version // Or due to latency the client could think weechat was an older version
if (!settings.allowPlaintextAuthentication) if (!settings.compatibilityWeechat28)
{ {
$rootScope.oldWeechatError = true; $rootScope.oldWeechatError = true;
$rootScope.$emit('relayDisconnect'); $rootScope.$emit('relayDisconnect');

2
js/glowingbear.js
Unescape View File

@ -45,7 +45,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout',
'port': 9001, 'port': 9001,
'path': 'weechat', 'path': 'weechat',
'ssl': (window.location.protocol === "https:"), 'ssl': (window.location.protocol === "https:"),
'allowPlaintextAuthentication': true, 'compatibilityWeechat28': true,
'useTotp': false, 'useTotp': false,
'savepassword': false, 'savepassword': false,
'autoconnect': false, 'autoconnect': false,

Write Preview
Loading…
Cancel
Save