Remove plaintext Fever password from database

This commit is contained in:
Tony Wang 2020-10-07 12:22:24 +08:00 committed by GitHub
parent 93f90dae68
commit 37bc451741
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 23 additions and 24 deletions

View file

@ -12,7 +12,7 @@ import (
"miniflux.app/logger"
)
const schemaVersion = 38
const schemaVersion = 39
// Migrate executes database migrations.
func Migrate(db *sql.DB) {

View file

@ -192,6 +192,8 @@ create index entries_user_feed_idx on entries (user_id, feed_id);
"schema_version_36": `CREATE INDEX entries_feed_id_status_hash_idx ON entries USING btree (feed_id, status, hash);`,
"schema_version_37": `CREATE INDEX entries_user_id_status_starred_idx ON entries (user_id, status, starred);`,
"schema_version_38": `alter table users add column entry_swipe boolean default 't';
`,
"schema_version_39": `ALTER TABLE integrations DROP COLUMN fever_password;
`,
"schema_version_4": `create type entry_sorting_direction as enum('asc', 'desc');
alter table users add column entry_direction entry_sorting_direction default 'asc';
@ -254,6 +256,7 @@ var SqlMapChecksums = map[string]string{
"schema_version_36": "8164be7818268ad3d4bdcad03a7868b58e32b27cde9b4f056cd82f7b182a0722",
"schema_version_37": "fc9eb1b452341664ddf24c1a9cf01502ac2578136e54a4853081652959285cb9",
"schema_version_38": "e91d2f4075ceb7b8a16a25f350f36dee12cfd1ad86b8b6414c4cf2e9a003358c",
"schema_version_39": "b0f90b97502921d4681a07c64d180a91a0b4ccac7d3c1dbe30519ad6f1bf1737",
"schema_version_4": "216ea3a7d3e1704e40c797b5dc47456517c27dbb6ca98bf88812f4f63d74b5d9",
"schema_version_5": "46397e2f5f2c82116786127e9f6a403e975b14d2ca7b652a48cd1ba843e6a27c",
"schema_version_6": "9d05b4fb223f0e60efc716add5048b0ca9c37511cf2041721e20505d6d798ce4",

View file

@ -0,0 +1 @@
ALTER TABLE integrations DROP COLUMN fever_password;

View file

@ -16,7 +16,6 @@ type Integration struct {
InstapaperPassword string
FeverEnabled bool
FeverUsername string
FeverPassword string
FeverToken string
WallabagEnabled bool
WallabagURL string

View file

@ -56,7 +56,6 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
instapaper_password,
fever_enabled,
fever_username,
fever_password,
fever_token,
wallabag_enabled,
wallabag_url,
@ -87,7 +86,6 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
&integration.InstapaperPassword,
&integration.FeverEnabled,
&integration.FeverUsername,
&integration.FeverPassword,
&integration.FeverToken,
&integration.WallabagEnabled,
&integration.WallabagURL,
@ -127,22 +125,21 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
instapaper_password=$7,
fever_enabled=$8,
fever_username=$9,
fever_password=$10,
fever_token=$11,
wallabag_enabled=$12,
wallabag_url=$13,
wallabag_client_id=$14,
wallabag_client_secret=$15,
wallabag_username=$16,
wallabag_password=$17,
nunux_keeper_enabled=$18,
nunux_keeper_url=$19,
nunux_keeper_api_key=$20,
pocket_enabled=$21,
pocket_access_token=$22,
pocket_consumer_key=$23
fever_token=$10,
wallabag_enabled=$11,
wallabag_url=$12,
wallabag_client_id=$13,
wallabag_client_secret=$14,
wallabag_username=$15,
wallabag_password=$16,
nunux_keeper_enabled=$17,
nunux_keeper_url=$18,
nunux_keeper_api_key=$19,
pocket_enabled=$20,
pocket_access_token=$21,
pocket_consumer_key=$22
WHERE
user_id=$24
user_id=$23
`
_, err := s.db.Exec(
query,
@ -155,7 +152,6 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
integration.InstapaperPassword,
integration.FeverEnabled,
integration.FeverUsername,
integration.FeverPassword,
integration.FeverToken,
integration.WallabagEnabled,
integration.WallabagURL,

View file

@ -47,7 +47,6 @@ func (i IntegrationForm) Merge(integration *model.Integration) {
integration.InstapaperPassword = i.InstapaperPassword
integration.FeverEnabled = i.FeverEnabled
integration.FeverUsername = i.FeverUsername
integration.FeverPassword = i.FeverPassword
integration.WallabagEnabled = i.WallabagEnabled
integration.WallabagURL = i.WallabagURL
integration.WallabagClientID = i.WallabagClientID

View file

@ -38,7 +38,6 @@ func (h *handler) showIntegrationPage(w http.ResponseWriter, r *http.Request) {
InstapaperPassword: integration.InstapaperPassword,
FeverEnabled: integration.FeverEnabled,
FeverUsername: integration.FeverUsername,
FeverPassword: integration.FeverPassword,
WallabagEnabled: integration.WallabagEnabled,
WallabagURL: integration.WallabagURL,
WallabagClientID: integration.WallabagClientID,

View file

@ -9,8 +9,8 @@ import (
"fmt"
"net/http"
"miniflux.app/http/response/html"
"miniflux.app/http/request"
"miniflux.app/http/response/html"
"miniflux.app/http/route"
"miniflux.app/locale"
"miniflux.app/ui/form"
@ -42,7 +42,9 @@ func (h *handler) updateIntegration(w http.ResponseWriter, r *http.Request) {
}
if integration.FeverEnabled {
integration.FeverToken = fmt.Sprintf("%x", md5.Sum([]byte(integration.FeverUsername+":"+integration.FeverPassword)))
if integrationForm.FeverPassword != "" {
integration.FeverToken = fmt.Sprintf("%x", md5.Sum([]byte(integration.FeverUsername+":"+integrationForm.FeverPassword)))
}
} else {
integration.FeverToken = ""
}