From 03837a9308f03a21a819af9051e5406b71afa4be Mon Sep 17 00:00:00 2001
From: Elia Zammuto <theelixzammuto@gmail.com>
Date: Sun, 8 Aug 2021 16:47:38 +0200
Subject: [PATCH] Password Validation

---
 assets/web/welcome.html | 4 ++--
 sunshine/confighttp.cpp | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/assets/web/welcome.html b/assets/web/welcome.html
index 8dd40a83..5570de50 100644
--- a/assets/web/welcome.html
+++ b/assets/web/welcome.html
@@ -13,11 +13,11 @@
         </div>
         <div class="mb-2">
           <label for="" class="form-label">Password: </label>
-          <input type="password" class="form-control" v-model="passwordData.newPassword">
+          <input type="password" class="form-control" v-model="passwordData.newPassword" required>
         </div>
         <div class="mb-2">
           <label for="" class="form-label">Password: </label>
-          <input type="password" class="form-control" v-model="passwordData.confirmNewPassword">
+          <input type="password" class="form-control" v-model="passwordData.confirmNewPassword" required>
         </div>
         <button class="mb-2 btn btn-primary" style="margin: 1em auto;">Login</button>
         <div class="alert alert-danger" v-if="error"><b>Error: </b>{{error}}</div>
diff --git a/sunshine/confighttp.cpp b/sunshine/confighttp.cpp
index 97f2f04b..3e624809 100644
--- a/sunshine/confighttp.cpp
+++ b/sunshine/confighttp.cpp
@@ -419,8 +419,8 @@ void savePassword(resp_https_t response, req_https_t request) {
     auto username        = inputTree.count("currentUsername") > 0 ? inputTree.get<std::string>("currentUsername") : "";
     auto newUsername     = inputTree.get<std::string>("newUsername");
     auto password        = inputTree.count("currentPassword") > 0 ? inputTree.get<std::string>("currentPassword") : "";
-    auto newPassword     = inputTree.get<std::string>("newPassword");
-    auto confirmPassword = inputTree.get<std::string>("confirmNewPassword");
+    auto newPassword     = inputTree.count("newPassword") > 0 ? inputTree.get<std::string>("newPassword") : "";
+    auto confirmPassword = inputTree.count("confirmNewPassword") > 0 ? inputTree.get<std::string>("confirmNewPassword") : "";
     if(newUsername.length() == 0) newUsername = username;
     if(newUsername.length() == 0){
       outputTree.put("status", false);
@@ -428,7 +428,7 @@ void savePassword(resp_https_t response, req_https_t request) {
     } else {
       auto hash = util::hex(crypto::hash(password + config::sunshine.salt)).to_string();
       if(config::sunshine.username.empty() || (username == config::sunshine.username && hash == config::sunshine.password)) {
-        if(newPassword != confirmPassword) {
+        if(newPassword.empty() || newPassword != confirmPassword) {
           outputTree.put("status", false);
           outputTree.put("error", "Password Mismatch");
         } else {