From 766643fcf18b5710462b88adeabe5e4706ed09cf Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Wed, 30 Jan 2019 16:48:51 +0100
Subject: luci-mod-rpc: drop "secret" value from rpc session objects

Drop the "secret" value from RPC session objects in order to make them
compatible with ordinary web sessions used by the LuCI web interface.

That secret value was never used for anything and is the only difference
compared to normal LuCI login sessions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 modules/luci-mod-rpc/luasrc/controller/rpc.lua | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'modules/luci-mod-rpc/luasrc')

diff --git a/modules/luci-mod-rpc/luasrc/controller/rpc.lua b/modules/luci-mod-rpc/luasrc/controller/rpc.lua
index 1e8038b28..37a976035 100644
--- a/modules/luci-mod-rpc/luasrc/controller/rpc.lua
+++ b/modules/luci-mod-rpc/luasrc/controller/rpc.lua
@@ -14,7 +14,6 @@ function session_retrieve(sid, allowed_users)
 	if type(sdat) == "table" and
 	   type(sdat.values) == "table" and
 	   type(sdat.values.token) == "string" and
-	   type(sdat.values.secret) == "string" and
 	   type(sdat.values.username) == "string" and
 	   util.contains(allowed_users, sdat.values.username)
 	then
@@ -78,8 +77,7 @@ function rpc_auth()
 			util.ubus("session", "set", {
 				ubus_rpc_session = login.ubus_rpc_session,
 				values = {
-					token = sys.uniqueid(16),
-					secret = sys.uniqueid(16)
+					token = sys.uniqueid(16)
 				}
 			})
 
@@ -87,8 +85,7 @@ function rpc_auth()
 			if sdat then
 				return {
 					sid = sid,
-					token = sdat.token,
-					secret = sdat.secret
+					token = sdat.token
 				}
 			end
 		end
-- 
cgit v1.2.3