diff --git a/repeater/web/auth_endpoints.py b/repeater/web/auth_endpoints.py index b6fa134..2ceb572 100644 --- a/repeater/web/auth_endpoints.py +++ b/repeater/web/auth_endpoints.py @@ -185,8 +185,17 @@ class AuthEndpoints: # Validate credentials against config # Check if username is 'admin' and password matches config - security_config = self.config.get('security', {}) - config_password = security_config.get('admin_password', 'admin123') + repeater_config = self.config.get('repeater', {}) + security_config = repeater_config.get('security', {}) + config_password = security_config.get('admin_password', '') + + # Don't allow login with empty or unconfigured password + if not config_password: + logger.warning(f"Login attempt rejected - password not configured") + return json.dumps({ + 'success': False, + 'error': 'System not configured. Please complete setup wizard.' + }).encode('utf-8') if username == 'admin' and password == config_password: # Create JWT token @@ -398,8 +407,16 @@ class AuthEndpoints: }).encode('utf-8') # Verify current password - security_config = self.config.get('security', {}) - config_password = security_config.get('admin_password', 'admin123') + repeater_config = self.config.get('repeater', {}) + security_config = repeater_config.get('security', {}) + config_password = security_config.get('admin_password', '') + + if not config_password: + cherrypy.response.status = 500 + return json.dumps({ + 'success': False, + 'error': 'System configuration error' + }).encode('utf-8') if current_password != config_password: cherrypy.response.status = 401 @@ -409,10 +426,12 @@ class AuthEndpoints: }).encode('utf-8') # Update password in config - if 'security' not in self.config: - self.config['security'] = {} + if 'repeater' not in self.config: + self.config['repeater'] = {} + if 'security' not in self.config['repeater']: + self.config['repeater']['security'] = {} - self.config['security']['admin_password'] = new_password + self.config['repeater']['security']['admin_password'] = new_password # Save to config file using ConfigManager if self.config_manager: diff --git a/repeater/web/http_server.py b/repeater/web/http_server.py index ae36e8b..03516c2 100644 --- a/repeater/web/http_server.py +++ b/repeater/web/http_server.py @@ -185,15 +185,15 @@ class HTTPStatsServer: def _init_auth_handlers(self): """Initialize JWT handler and API token manager.""" - # Get or generate JWT secret - security_config = self.config.get("security", {}) + # Get or generate JWT secret from repeater.security + repeater_config = self.config.get("repeater", {}) + security_config = repeater_config.get("security", {}) jwt_secret = security_config.get("jwt_secret", "") if not jwt_secret: # Auto-generate JWT secret jwt_secret = secrets.token_hex(32) logger.warning("No JWT secret found in config, auto-generated one. Please save this to config.yaml:") - logger.warning(f"security.jwt_secret: {jwt_secret}") # Try to save to config if config_path is available if self.config_path: @@ -202,9 +202,11 @@ class HTTPStatsServer: with open(self.config_path, 'r') as f: config_data = yaml.safe_load(f) or {} - if 'security' not in config_data: - config_data['security'] = {} - config_data['security']['jwt_secret'] = jwt_secret + if 'repeater' not in config_data: + config_data['repeater'] = {} + if 'security' not in config_data['repeater']: + config_data['repeater']['security'] = {} + config_data['repeater']['security']['jwt_secret'] = jwt_secret with open(self.config_path, 'w') as f: yaml.dump(config_data, f, default_flow_style=False)