From 766643fcf18b5710462b88adeabe5e4706ed09cf Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 30 Jan 2019 16:48:51 +0100 Subject: luci-mod-rpc: drop "secret" value from rpc session objects Drop the "secret" value from RPC session objects in order to make them compatible with ordinary web sessions used by the LuCI web interface. That secret value was never used for anything and is the only difference compared to normal LuCI login sessions. Signed-off-by: Jo-Philipp Wich --- modules/luci-mod-rpc/luasrc/controller/rpc.lua | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/luci-mod-rpc/luasrc/controller/rpc.lua b/modules/luci-mod-rpc/luasrc/controller/rpc.lua index 1e8038b28..37a976035 100644 --- a/modules/luci-mod-rpc/luasrc/controller/rpc.lua +++ b/modules/luci-mod-rpc/luasrc/controller/rpc.lua @@ -14,7 +14,6 @@ function session_retrieve(sid, allowed_users) if type(sdat) == "table" and type(sdat.values) == "table" and type(sdat.values.token) == "string" and - type(sdat.values.secret) == "string" and type(sdat.values.username) == "string" and util.contains(allowed_users, sdat.values.username) then @@ -78,8 +77,7 @@ function rpc_auth() util.ubus("session", "set", { ubus_rpc_session = login.ubus_rpc_session, values = { - token = sys.uniqueid(16), - secret = sys.uniqueid(16) + token = sys.uniqueid(16) } }) @@ -87,8 +85,7 @@ function rpc_auth() if sdat then return { sid = sid, - token = sdat.token, - secret = sdat.secret + token = sdat.token } end end -- cgit v1.2.3