Reject actual logins when admin is disabled.

6 years ago · afc90a05cc
parent 5d811e3a51
commit afc90a05cc
3 changed files with 5 additions and 3 deletions
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -11,6 +11,7 @@ include isso/js/count.dev.js
 include isso/defaults.ini

 include isso/templates/admin.html
+include isso/templates/disabled.html
 include isso/templates/login.html
 include isso/css/admin.css
 include isso/css/isso.css
--- a/isso/views/comments.py
+++ b/isso/views/comments.py
@ -1067,6 +1067,8 @@ class API(object):
        )

    def login(self, env, req):
+        if not self.isso.conf.getboolean("admin", "enabled"):
+            return render_template('disabled.html')
        data = req.form
        password = self.isso.conf.get("admin", "password")
        if data['password'] and data['password'] == password:
@ -1088,8 +1090,7 @@ class API(object):
    def admin(self, env, req):
        isso_host_script = self.isso.conf.get("server", "public-endpoint") or local.host
        if not self.isso.conf.getboolean("admin", "enabled"):
-            return render_template(
-                'disabled.html', isso_host_script=isso_host_script)
+            return render_template('disabled.html')
        try:
            data = self.isso.unsign(req.cookies.get('admin-session', ''),
                                    max_age=60 * 60 * 24)
--- a/share/isso.conf
+++ b/share/isso.conf
@ -63,7 +63,7 @@ gravatar-url = https://www.gravatar.com/avatar/{}?d=identicon
 enabled = false

 # Admin access password
-_password = please_choose_a_strong_password
+password = please_choose_a_strong_password

 [moderation]
 # enable comment moderation queue. This option only affects new comments.