mirror of
https://github.com/thelounge/thelounge
synced 2024-11-25 13:30:21 +00:00
Fix user file permissions on create (#4507)
User files contain secrets and should be protected. Chances are that the user folder can be protected as well, so let's do that if TL is creating the folder.
This commit is contained in:
parent
815319810c
commit
d7bba325a7
3 changed files with 10 additions and 4 deletions
|
@ -173,7 +173,9 @@ ClientManager.prototype.addUser = function (name, password, enableLog) {
|
||||||
};
|
};
|
||||||
|
|
||||||
try {
|
try {
|
||||||
fs.writeFileSync(userPath, JSON.stringify(user, null, "\t"));
|
fs.writeFileSync(userPath, JSON.stringify(user, null, "\t"), {
|
||||||
|
mode: 0o600,
|
||||||
|
});
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
log.error(`Failed to create user ${colors.green(name)} (${e})`);
|
log.error(`Failed to create user ${colors.green(name)} (${e})`);
|
||||||
throw e;
|
throw e;
|
||||||
|
@ -235,7 +237,9 @@ ClientManager.prototype.saveUser = function (client, callback) {
|
||||||
try {
|
try {
|
||||||
// Write to a temp file first, in case the write fails
|
// Write to a temp file first, in case the write fails
|
||||||
// we do not lose the original file (for example when disk is full)
|
// we do not lose the original file (for example when disk is full)
|
||||||
fs.writeFileSync(pathTemp, newUser);
|
fs.writeFileSync(pathTemp, newUser, {
|
||||||
|
mode: 0o600,
|
||||||
|
});
|
||||||
fs.renameSync(pathTemp, pathReal);
|
fs.renameSync(pathTemp, pathReal);
|
||||||
|
|
||||||
return callback ? callback() : true;
|
return callback ? callback() : true;
|
||||||
|
|
|
@ -31,5 +31,5 @@ function initalizeConfig() {
|
||||||
log.info(`Configuration file created at ${colors.green(Helper.getConfigPath())}.`);
|
log.info(`Configuration file created at ${colors.green(Helper.getConfigPath())}.`);
|
||||||
}
|
}
|
||||||
|
|
||||||
fs.mkdirSync(Helper.getUsersPath(), {recursive: true});
|
fs.mkdirSync(Helper.getUsersPath(), {recursive: true, mode: 0o700});
|
||||||
}
|
}
|
||||||
|
|
|
@ -63,7 +63,9 @@ function change(name, password) {
|
||||||
|
|
||||||
// Write to a temp file first, in case the write fails
|
// Write to a temp file first, in case the write fails
|
||||||
// we do not lose the original file (for example when disk is full)
|
// we do not lose the original file (for example when disk is full)
|
||||||
fs.writeFileSync(pathTemp, newUser);
|
fs.writeFileSync(pathTemp, newUser, {
|
||||||
|
mode: 0o600,
|
||||||
|
});
|
||||||
fs.renameSync(pathTemp, pathReal);
|
fs.renameSync(pathTemp, pathReal);
|
||||||
|
|
||||||
log.info(`Successfully reset password for ${colors.bold(name)}.`);
|
log.info(`Successfully reset password for ${colors.bold(name)}.`);
|
||||||
|
|
Loading…
Reference in a new issue