mirror of
https://github.com/pi-hole/pi-hole
synced 2025-01-05 05:30:55 +00:00
Try to use the CLI password for logins (if enabled and readable by the current user)
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
ca9eaf9688
commit
520641fa5e
@ -75,9 +75,15 @@ TestAPIAvailability() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Authentication() {
|
Authentication() {
|
||||||
# Try to authenticate
|
# Try to read the CLI password (if enabled and readable by the current user)
|
||||||
LoginAPI
|
if [ -r /etc/pihole/cli_pw ]; then
|
||||||
|
password=$(cat /etc/pihole/cli_pw)
|
||||||
|
|
||||||
|
# Try to authenticate using the CLI password
|
||||||
|
LoginAPI
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If this did not work, ask the user for the password
|
||||||
while [ "${validSession}" = false ] || [ -z "${validSession}" ] ; do
|
while [ "${validSession}" = false ] || [ -z "${validSession}" ] ; do
|
||||||
echo "Authentication failed. Please enter your Pi-hole password"
|
echo "Authentication failed. Please enter your Pi-hole password"
|
||||||
|
|
||||||
@ -105,7 +111,7 @@ LoginAPI() {
|
|||||||
SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
|
SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
|
||||||
}
|
}
|
||||||
|
|
||||||
DeleteSession() {
|
LogoutAPI() {
|
||||||
# if a valid Session exists (no password required or successful Authentication) and
|
# if a valid Session exists (no password required or successful Authentication) and
|
||||||
# SID is not null (successful Authentication only), delete the session
|
# SID is not null (successful Authentication only), delete the session
|
||||||
if [ "${validSession}" = true ] && [ ! "${SID}" = null ]; then
|
if [ "${validSession}" = true ] && [ ! "${SID}" = null ]; then
|
||||||
|
@ -128,22 +128,14 @@ Main() {
|
|||||||
# Test if the authentication endpoint is available
|
# Test if the authentication endpoint is available
|
||||||
TestAPIAvailability
|
TestAPIAvailability
|
||||||
|
|
||||||
# Users can configure FTL in a way, that for accessing a) all endpoints (webserver.api.localAPIauth)
|
# Authenticate with FTL
|
||||||
# or b) for the /search endpoint (webserver.api.searchAPIauth) no authentication is required.
|
Authentication
|
||||||
# Therefore, we try to query directly without authentication but do authenticat if 401 is returned
|
|
||||||
|
|
||||||
|
# send query again
|
||||||
data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
|
data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
|
||||||
|
|
||||||
if [ "${data}" = 401 ]; then
|
|
||||||
# Unauthenticated, so authenticate with the FTL server required
|
|
||||||
Authentication
|
|
||||||
|
|
||||||
# send query again
|
|
||||||
data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
|
|
||||||
fi
|
|
||||||
|
|
||||||
GenerateOutput "${data}"
|
GenerateOutput "${data}"
|
||||||
DeleteSession
|
LogoutAPI
|
||||||
}
|
}
|
||||||
|
|
||||||
# Process all options (if present)
|
# Process all options (if present)
|
||||||
|
Loading…
Reference in New Issue
Block a user