From 7f448750610426740c39da5db4e64184899a9fd2 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Thu, 14 Aug 2025 19:22:04 +0000
Subject: [PATCH] autogen pw for blank-pw users (closes #596);

if a user is defined with a blank password,
generate a strong password for that user
---
 copyparty/authsrv.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 3bea55c8..63613cc8 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -1885,6 +1885,16 @@ class AuthSrv(object):
         if LEELOO_DALLAS in all_users:
             raise Exception("sorry, reserved username: " + LEELOO_DALLAS)
 
+        zsl = []
+        for usr in list(acct)[:]:
+            zs = acct[usr].strip()
+            if not zs:
+                zs = ub64enc(os.urandom(48)).decode("ascii")
+                zsl.append(usr)
+            acct[usr] = zs
+        if zsl:
+            self.log("generated random passwords for users %r" % (zsl,), 6)
+
         seenpwds = {}
         for usr, pwd in acct.items():
             if pwd in seenpwds: