Remove plaintext Fever password from database

This commit is contained in:
Tony Wang 2020-10-07 12:22:24 +08:00 committed by GitHub
parent 93f90dae68
commit 37bc451741
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 23 additions and 24 deletions

View file

@ -12,7 +12,7 @@ import (
"miniflux.app/logger" "miniflux.app/logger"
) )
const schemaVersion = 38 const schemaVersion = 39
// Migrate executes database migrations. // Migrate executes database migrations.
func Migrate(db *sql.DB) { func Migrate(db *sql.DB) {

View file

@ -192,6 +192,8 @@ create index entries_user_feed_idx on entries (user_id, feed_id);
"schema_version_36": `CREATE INDEX entries_feed_id_status_hash_idx ON entries USING btree (feed_id, status, hash);`, "schema_version_36": `CREATE INDEX entries_feed_id_status_hash_idx ON entries USING btree (feed_id, status, hash);`,
"schema_version_37": `CREATE INDEX entries_user_id_status_starred_idx ON entries (user_id, status, starred);`, "schema_version_37": `CREATE INDEX entries_user_id_status_starred_idx ON entries (user_id, status, starred);`,
"schema_version_38": `alter table users add column entry_swipe boolean default 't'; "schema_version_38": `alter table users add column entry_swipe boolean default 't';
`,
"schema_version_39": `ALTER TABLE integrations DROP COLUMN fever_password;
`, `,
"schema_version_4": `create type entry_sorting_direction as enum('asc', 'desc'); "schema_version_4": `create type entry_sorting_direction as enum('asc', 'desc');
alter table users add column entry_direction entry_sorting_direction default 'asc'; alter table users add column entry_direction entry_sorting_direction default 'asc';
@ -254,6 +256,7 @@ var SqlMapChecksums = map[string]string{
"schema_version_36": "8164be7818268ad3d4bdcad03a7868b58e32b27cde9b4f056cd82f7b182a0722", "schema_version_36": "8164be7818268ad3d4bdcad03a7868b58e32b27cde9b4f056cd82f7b182a0722",
"schema_version_37": "fc9eb1b452341664ddf24c1a9cf01502ac2578136e54a4853081652959285cb9", "schema_version_37": "fc9eb1b452341664ddf24c1a9cf01502ac2578136e54a4853081652959285cb9",
"schema_version_38": "e91d2f4075ceb7b8a16a25f350f36dee12cfd1ad86b8b6414c4cf2e9a003358c", "schema_version_38": "e91d2f4075ceb7b8a16a25f350f36dee12cfd1ad86b8b6414c4cf2e9a003358c",
"schema_version_39": "b0f90b97502921d4681a07c64d180a91a0b4ccac7d3c1dbe30519ad6f1bf1737",
"schema_version_4": "216ea3a7d3e1704e40c797b5dc47456517c27dbb6ca98bf88812f4f63d74b5d9", "schema_version_4": "216ea3a7d3e1704e40c797b5dc47456517c27dbb6ca98bf88812f4f63d74b5d9",
"schema_version_5": "46397e2f5f2c82116786127e9f6a403e975b14d2ca7b652a48cd1ba843e6a27c", "schema_version_5": "46397e2f5f2c82116786127e9f6a403e975b14d2ca7b652a48cd1ba843e6a27c",
"schema_version_6": "9d05b4fb223f0e60efc716add5048b0ca9c37511cf2041721e20505d6d798ce4", "schema_version_6": "9d05b4fb223f0e60efc716add5048b0ca9c37511cf2041721e20505d6d798ce4",

View file

@ -0,0 +1 @@
ALTER TABLE integrations DROP COLUMN fever_password;

View file

@ -16,7 +16,6 @@ type Integration struct {
InstapaperPassword string InstapaperPassword string
FeverEnabled bool FeverEnabled bool
FeverUsername string FeverUsername string
FeverPassword string
FeverToken string FeverToken string
WallabagEnabled bool WallabagEnabled bool
WallabagURL string WallabagURL string

View file

@ -56,7 +56,6 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
instapaper_password, instapaper_password,
fever_enabled, fever_enabled,
fever_username, fever_username,
fever_password,
fever_token, fever_token,
wallabag_enabled, wallabag_enabled,
wallabag_url, wallabag_url,
@ -87,7 +86,6 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
&integration.InstapaperPassword, &integration.InstapaperPassword,
&integration.FeverEnabled, &integration.FeverEnabled,
&integration.FeverUsername, &integration.FeverUsername,
&integration.FeverPassword,
&integration.FeverToken, &integration.FeverToken,
&integration.WallabagEnabled, &integration.WallabagEnabled,
&integration.WallabagURL, &integration.WallabagURL,
@ -127,22 +125,21 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
instapaper_password=$7, instapaper_password=$7,
fever_enabled=$8, fever_enabled=$8,
fever_username=$9, fever_username=$9,
fever_password=$10, fever_token=$10,
fever_token=$11, wallabag_enabled=$11,
wallabag_enabled=$12, wallabag_url=$12,
wallabag_url=$13, wallabag_client_id=$13,
wallabag_client_id=$14, wallabag_client_secret=$14,
wallabag_client_secret=$15, wallabag_username=$15,
wallabag_username=$16, wallabag_password=$16,
wallabag_password=$17, nunux_keeper_enabled=$17,
nunux_keeper_enabled=$18, nunux_keeper_url=$18,
nunux_keeper_url=$19, nunux_keeper_api_key=$19,
nunux_keeper_api_key=$20, pocket_enabled=$20,
pocket_enabled=$21, pocket_access_token=$21,
pocket_access_token=$22, pocket_consumer_key=$22
pocket_consumer_key=$23
WHERE WHERE
user_id=$24 user_id=$23
` `
_, err := s.db.Exec( _, err := s.db.Exec(
query, query,
@ -155,7 +152,6 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
integration.InstapaperPassword, integration.InstapaperPassword,
integration.FeverEnabled, integration.FeverEnabled,
integration.FeverUsername, integration.FeverUsername,
integration.FeverPassword,
integration.FeverToken, integration.FeverToken,
integration.WallabagEnabled, integration.WallabagEnabled,
integration.WallabagURL, integration.WallabagURL,

View file

@ -47,7 +47,6 @@ func (i IntegrationForm) Merge(integration *model.Integration) {
integration.InstapaperPassword = i.InstapaperPassword integration.InstapaperPassword = i.InstapaperPassword
integration.FeverEnabled = i.FeverEnabled integration.FeverEnabled = i.FeverEnabled
integration.FeverUsername = i.FeverUsername integration.FeverUsername = i.FeverUsername
integration.FeverPassword = i.FeverPassword
integration.WallabagEnabled = i.WallabagEnabled integration.WallabagEnabled = i.WallabagEnabled
integration.WallabagURL = i.WallabagURL integration.WallabagURL = i.WallabagURL
integration.WallabagClientID = i.WallabagClientID integration.WallabagClientID = i.WallabagClientID

View file

@ -38,7 +38,6 @@ func (h *handler) showIntegrationPage(w http.ResponseWriter, r *http.Request) {
InstapaperPassword: integration.InstapaperPassword, InstapaperPassword: integration.InstapaperPassword,
FeverEnabled: integration.FeverEnabled, FeverEnabled: integration.FeverEnabled,
FeverUsername: integration.FeverUsername, FeverUsername: integration.FeverUsername,
FeverPassword: integration.FeverPassword,
WallabagEnabled: integration.WallabagEnabled, WallabagEnabled: integration.WallabagEnabled,
WallabagURL: integration.WallabagURL, WallabagURL: integration.WallabagURL,
WallabagClientID: integration.WallabagClientID, WallabagClientID: integration.WallabagClientID,

View file

@ -9,8 +9,8 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"miniflux.app/http/response/html"
"miniflux.app/http/request" "miniflux.app/http/request"
"miniflux.app/http/response/html"
"miniflux.app/http/route" "miniflux.app/http/route"
"miniflux.app/locale" "miniflux.app/locale"
"miniflux.app/ui/form" "miniflux.app/ui/form"
@ -42,7 +42,9 @@ func (h *handler) updateIntegration(w http.ResponseWriter, r *http.Request) {
} }
if integration.FeverEnabled { if integration.FeverEnabled {
integration.FeverToken = fmt.Sprintf("%x", md5.Sum([]byte(integration.FeverUsername+":"+integration.FeverPassword))) if integrationForm.FeverPassword != "" {
integration.FeverToken = fmt.Sprintf("%x", md5.Sum([]byte(integration.FeverUsername+":"+integrationForm.FeverPassword)))
}
} else { } else {
integration.FeverToken = "" integration.FeverToken = ""
} }