fix blank password handling/ui when banning

2026-01-12 15:52:39 -07:00 · 2025-12-11 18:03:36 +01:00 · 2025-12-11 18:03:36 +01:00 · 76f6afb39e
parent 7d526eaba3
commit 76f6afb39e
6 changed files with 13 additions and 48 deletions
--- a/copyparty/init.py
+++ b/copyparty/init.py
@ -86,7 +86,6 @@ web/md2.js
 web/mde.css
 web/mde.html
 web/mde.js
-web/msg.css
 web/msg.html
 web/opds.xml
 web/rups.css
--- a/copyparty/main.py
+++ b/copyparty/main.py
@ -1555,7 +1555,7 @@ def add_safety(ap):
    ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything (volflag=norobots)")
    ap2.add_argument("--logout", metavar="H", type=float, default=8086.0, help="logout clients after \033[33mH\033[0m hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
    ap2.add_argument("--dont-ban", metavar="TXT", type=u, default="no", help="anyone at this accesslevel or above will not get banned: [\033[32mav\033[0m]=admin-in-volume, [\033[32maa\033[0m]=has-admin-anywhere, [\033[32mrw\033[0m]=read-write, [\033[32mauth\033[0m]=authenticated, [\033[32many\033[0m]=disable-all-bans, [\033[32mno\033[0m]=anyone-can-get-banned")
-    ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
+    ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong or blank passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
    ap2.add_argument("--ban-pwc", metavar="N,W,B", type=u, default="5,60,1440", help="more than \033[33mN\033[0m password-changes in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
    ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="50,60,1440", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; only affects users who cannot see directory listings because their access is either g/G/h")
    ap2.add_argument("--ban-403", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m 403's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week, [\033[32m43200\033[0m]=month")
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -3173,9 +3173,6 @@ class HttpCli(object):
            uhash = ""
        self.parser.drop()

-        if not pwd:
-            raise Pebkac(422, "password cannot be blank")
-
        if un:
            pwd = "%s:%s" % (un, pwd)

@ -3212,6 +3209,10 @@ class HttpCli(object):
        return True

    def get_pwd_cookie(self, pwd: str) -> tuple[bool, str]:
+        if not pwd:
+            self.cbonk(self.conn.hsrv.gpwd, pwd, "pw", "empty passwords")
+            return False, "password cannot be blank"
+
        uname = self.asrv.sesa.get(pwd)
        if not uname:
            hpwd = self.asrv.ah.hash(pwd)
--- a/copyparty/util.py
+++ b/copyparty/util.py
@ -4175,12 +4175,7 @@ def wrap(txt: str, maxlen: int, maxlen2: int) -> list[str]:


 def termsize() -> tuple[int, int]:
-    try:
-        w, h = os.get_terminal_size()
-        return w, h
-    except:
-        pass
-
+    # from hashwalk
    env = os.environ

    def ioctl_GWINSZ(fd: int) -> Optional[tuple[int, int]]:
--- a/copyparty/web/msg.css
+++ b/copyparty/web/msg.css
@ -1,36 +0,0 @@
-:root {
-	--font-main: sans-serif;
-	--font-serif: serif;
-	--font-mono: 'scp';
-}
-html,body,tr,th,td,#files,a {
-	color: inherit;
-	background: none;
-	font-weight: inherit;
-	font-size: inherit;
-	padding: 0;
-	border: none;
-}
-html {
-	color: #ccc;
-	background: #333;
-	font-family: sans-serif;
-	font-family: var(--font-main), sans-serif;
-	text-shadow: 1px 1px 0px #000;
-	touch-action: manipulation;
-}
-html, body {
-	margin: 0;
-	padding: 0;
-}
-#box {
-	padding: .5em 1em;
-	background: #2c2c2c;
-}
-pre {
-	font-family: monospace, monospace;
-	font-family: var(--font-mono), monospace, monospace;
-}
-a {
-	color: #fc5;
-}
--- a/copyparty/web/msg.html
+++ b/copyparty/web/msg.html
@ -7,7 +7,13 @@
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=0.8">
 	<meta name="theme-color" content="#{{ tcolor }}">
-	<link rel="stylesheet" media="screen" href="{{ r }}/.cpr/msg.css?_={{ ts }}">
+	<style>
+		html {color: #ccc;background: #333;font-family: sans-serif;font-family: sans-serif, sans-serif;text-shadow: 1px 1px 0px #000;touch-action: manipulation;}
+		html, body {margin: 0;padding: 0;}
+		#box {padding: .5em 1em;background: #2c2c2c;}
+		pre {font-family: monospace, monospace;font-family: 'scp', monospace, monospace;}
+		a {color: #fc5;}
+	</style>
 {{ html_head }}
 </head>