Drop WebUI default credentials

PR #19777.

src/base/interfaces/iapplication.h

@@ -36,6 +36,7 @@
 class QString;
 
 class Path;
+class WebUI;
 struct QBtCommandLineParameters;
 
 #ifdef Q_OS_WIN
@@ -83,4 +84,8 @@ public:
     virtual MemoryPriority processMemoryPriority() const = 0;
     virtual void setProcessMemoryPriority(MemoryPriority priority) = 0;
 #endif
+
+#ifndef DISABLE_WEBUI
+    virtual WebUI *webUI() const = 0;
+#endif
 };

src/base/preferences.cpp

@@ -628,7 +628,7 @@ void Preferences::setSearchEnabled(const bool enabled)
     setValue(u"Preferences/Search/SearchEnabled"_s, enabled);
 }
 
-bool Preferences::isWebUiEnabled() const
+bool Preferences::isWebUIEnabled() const
 {
 #ifdef DISABLE_GUI
     const bool defaultValue = true;
@@ -638,41 +638,41 @@ bool Preferences::isWebUiEnabled() const
     return value(u"Preferences/WebUI/Enabled"_s, defaultValue);
 }
 
-void Preferences::setWebUiEnabled(const bool enabled)
+void Preferences::setWebUIEnabled(const bool enabled)
 {
-    if (enabled == isWebUiEnabled())
+    if (enabled == isWebUIEnabled())
         return;
 
     setValue(u"Preferences/WebUI/Enabled"_s, enabled);
 }
 
-bool Preferences::isWebUiLocalAuthEnabled() const
+bool Preferences::isWebUILocalAuthEnabled() const
 {
     return value(u"Preferences/WebUI/LocalHostAuth"_s, true);
 }
 
-void Preferences::setWebUiLocalAuthEnabled(const bool enabled)
+void Preferences::setWebUILocalAuthEnabled(const bool enabled)
 {
-    if (enabled == isWebUiLocalAuthEnabled())
+    if (enabled == isWebUILocalAuthEnabled())
         return;
 
     setValue(u"Preferences/WebUI/LocalHostAuth"_s, enabled);
 }
 
-bool Preferences::isWebUiAuthSubnetWhitelistEnabled() const
+bool Preferences::isWebUIAuthSubnetWhitelistEnabled() const
 {
     return value(u"Preferences/WebUI/AuthSubnetWhitelistEnabled"_s, false);
 }
 
-void Preferences::setWebUiAuthSubnetWhitelistEnabled(const bool enabled)
+void Preferences::setWebUIAuthSubnetWhitelistEnabled(const bool enabled)
 {
-    if (enabled == isWebUiAuthSubnetWhitelistEnabled())
+    if (enabled == isWebUIAuthSubnetWhitelistEnabled())
         return;
 
     setValue(u"Preferences/WebUI/AuthSubnetWhitelistEnabled"_s, enabled);
 }
 
-QVector<Utils::Net::Subnet> Preferences::getWebUiAuthSubnetWhitelist() const
+QVector<Utils::Net::Subnet> Preferences::getWebUIAuthSubnetWhitelist() const
 {
     const auto subnets = value<QStringList>(u"Preferences/WebUI/AuthSubnetWhitelist"_s);
 
@@ -689,7 +689,7 @@ QVector<Utils::Net::Subnet> Preferences::getWebUiAuthSubnetWhitelist() const
     return ret;
 }
 
-void Preferences::setWebUiAuthSubnetWhitelist(QStringList subnets)
+void Preferences::setWebUIAuthSubnetWhitelist(QStringList subnets)
 {
     Algorithm::removeIf(subnets, [](const QString &subnet)
     {
@@ -712,27 +712,27 @@ void Preferences::setServerDomains(const QString &str)
     setValue(u"Preferences/WebUI/ServerDomains"_s, str);
 }
 
-QString Preferences::getWebUiAddress() const
+QString Preferences::getWebUIAddress() const
 {
     return value<QString>(u"Preferences/WebUI/Address"_s, u"*"_s).trimmed();
 }
 
-void Preferences::setWebUiAddress(const QString &addr)
+void Preferences::setWebUIAddress(const QString &addr)
 {
-    if (addr == getWebUiAddress())
+    if (addr == getWebUIAddress())
         return;
 
     setValue(u"Preferences/WebUI/Address"_s, addr.trimmed());
 }
 
-quint16 Preferences::getWebUiPort() const
+quint16 Preferences::getWebUIPort() const
 {
     return value<quint16>(u"Preferences/WebUI/Port"_s, 8080);
 }
 
-void Preferences::setWebUiPort(const quint16 port)
+void Preferences::setWebUIPort(const quint16 port)
 {
-    if (port == getWebUiPort())
+    if (port == getWebUIPort())
         return;
 
     // cast to `int` type so it will show human readable unit in configuration file
@@ -752,14 +752,14 @@ void Preferences::setUPnPForWebUIPort(const bool enabled)
     setValue(u"Preferences/WebUI/UseUPnP"_s, enabled);
 }
 
-QString Preferences::getWebUiUsername() const
+QString Preferences::getWebUIUsername() const
 {
     return value<QString>(u"Preferences/WebUI/Username"_s, u"admin"_s);
 }
 
-void Preferences::setWebUiUsername(const QString &username)
+void Preferences::setWebUIUsername(const QString &username)
 {
-    if (username == getWebUiUsername())
+    if (username == getWebUIUsername())
         return;
 
     setValue(u"Preferences/WebUI/Username"_s, username);
@@ -767,9 +767,7 @@ void Preferences::setWebUiUsername(const QString &username)
 
 QByteArray Preferences::getWebUIPassword() const
 {
-    // default: adminadmin
-    const auto defaultValue = QByteArrayLiteral("ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==");
-    return value(u"Preferences/WebUI/Password_PBKDF2"_s, defaultValue);
+    return value<QByteArray>(u"Preferences/WebUI/Password_PBKDF2"_s);
 }
 
 void Preferences::setWebUIPassword(const QByteArray &password)
@@ -832,40 +830,40 @@ void Preferences::setWebAPISessionCookieName(const QString &cookieName)
     setValue(u"WebAPI/SessionCookieName"_s, cookieName);
 }
 
-bool Preferences::isWebUiClickjackingProtectionEnabled() const
+bool Preferences::isWebUIClickjackingProtectionEnabled() const
 {
     return value(u"Preferences/WebUI/ClickjackingProtection"_s, true);
 }
 
-void Preferences::setWebUiClickjackingProtectionEnabled(const bool enabled)
+void Preferences::setWebUIClickjackingProtectionEnabled(const bool enabled)
 {
-    if (enabled == isWebUiClickjackingProtectionEnabled())
+    if (enabled == isWebUIClickjackingProtectionEnabled())
         return;
 
     setValue(u"Preferences/WebUI/ClickjackingProtection"_s, enabled);
 }
 
-bool Preferences::isWebUiCSRFProtectionEnabled() const
+bool Preferences::isWebUICSRFProtectionEnabled() const
 {
     return value(u"Preferences/WebUI/CSRFProtection"_s, true);
 }
 
-void Preferences::setWebUiCSRFProtectionEnabled(const bool enabled)
+void Preferences::setWebUICSRFProtectionEnabled(const bool enabled)
 {
-    if (enabled == isWebUiCSRFProtectionEnabled())
+    if (enabled == isWebUICSRFProtectionEnabled())
         return;
 
     setValue(u"Preferences/WebUI/CSRFProtection"_s, enabled);
 }
 
-bool Preferences::isWebUiSecureCookieEnabled() const
+bool Preferences::isWebUISecureCookieEnabled() const
 {
     return value(u"Preferences/WebUI/SecureCookie"_s, true);
 }
 
-void Preferences::setWebUiSecureCookieEnabled(const bool enabled)
+void Preferences::setWebUISecureCookieEnabled(const bool enabled)
 {
-    if (enabled == isWebUiSecureCookieEnabled())
+    if (enabled == isWebUISecureCookieEnabled())
         return;
 
     setValue(u"Preferences/WebUI/SecureCookie"_s, enabled);
@@ -884,14 +882,14 @@ void Preferences::setWebUIHostHeaderValidationEnabled(const bool enabled)
     setValue(u"Preferences/WebUI/HostHeaderValidation"_s, enabled);
 }
 
-bool Preferences::isWebUiHttpsEnabled() const
+bool Preferences::isWebUIHttpsEnabled() const
 {
     return value(u"Preferences/WebUI/HTTPS/Enabled"_s, false);
 }
 
-void Preferences::setWebUiHttpsEnabled(const bool enabled)
+void Preferences::setWebUIHttpsEnabled(const bool enabled)
 {
-    if (enabled == isWebUiHttpsEnabled())
+    if (enabled == isWebUIHttpsEnabled())
         return;
 
     setValue(u"Preferences/WebUI/HTTPS/Enabled"_s, enabled);
@@ -923,27 +921,27 @@ void Preferences::setWebUIHttpsKeyPath(const Path &path)
     setValue(u"Preferences/WebUI/HTTPS/KeyPath"_s, path);
 }
 
-bool Preferences::isAltWebUiEnabled() const
+bool Preferences::isAltWebUIEnabled() const
 {
     return value(u"Preferences/WebUI/AlternativeUIEnabled"_s, false);
 }
 
-void Preferences::setAltWebUiEnabled(const bool enabled)
+void Preferences::setAltWebUIEnabled(const bool enabled)
 {
-    if (enabled == isAltWebUiEnabled())
+    if (enabled == isAltWebUIEnabled())
         return;
 
     setValue(u"Preferences/WebUI/AlternativeUIEnabled"_s, enabled);
 }
 
-Path Preferences::getWebUiRootFolder() const
+Path Preferences::getWebUIRootFolder() const
 {
     return value<Path>(u"Preferences/WebUI/RootFolder"_s);
 }
 
-void Preferences::setWebUiRootFolder(const Path &path)
+void Preferences::setWebUIRootFolder(const Path &path)
 {
-    if (path == getWebUiRootFolder())
+    if (path == getWebUIRootFolder())
         return;
 
     setValue(u"Preferences/WebUI/RootFolder"_s, path);

src/base/preferences.h

@@ -169,26 +169,26 @@ public:
     void setSearchEnabled(bool enabled);
 
     // HTTP Server
-    bool isWebUiEnabled() const;
-    void setWebUiEnabled(bool enabled);
+    bool isWebUIEnabled() const;
+    void setWebUIEnabled(bool enabled);
     QString getServerDomains() const;
     void setServerDomains(const QString &str);
-    QString getWebUiAddress() const;
-    void setWebUiAddress(const QString &addr);
-    quint16 getWebUiPort() const;
-    void setWebUiPort(quint16 port);
+    QString getWebUIAddress() const;
+    void setWebUIAddress(const QString &addr);
+    quint16 getWebUIPort() const;
+    void setWebUIPort(quint16 port);
     bool useUPnPForWebUIPort() const;
     void setUPnPForWebUIPort(bool enabled);
 
     // Authentication
-    bool isWebUiLocalAuthEnabled() const;
-    void setWebUiLocalAuthEnabled(bool enabled);
-    bool isWebUiAuthSubnetWhitelistEnabled() const;
-    void setWebUiAuthSubnetWhitelistEnabled(bool enabled);
-    QVector<Utils::Net::Subnet> getWebUiAuthSubnetWhitelist() const;
-    void setWebUiAuthSubnetWhitelist(QStringList subnets);
-    QString getWebUiUsername() const;
-    void setWebUiUsername(const QString &username);
+    bool isWebUILocalAuthEnabled() const;
+    void setWebUILocalAuthEnabled(bool enabled);
+    bool isWebUIAuthSubnetWhitelistEnabled() const;
+    void setWebUIAuthSubnetWhitelistEnabled(bool enabled);
+    QVector<Utils::Net::Subnet> getWebUIAuthSubnetWhitelist() const;
+    void setWebUIAuthSubnetWhitelist(QStringList subnets);
+    QString getWebUIUsername() const;
+    void setWebUIUsername(const QString &username);
     QByteArray getWebUIPassword() const;
     void setWebUIPassword(const QByteArray &password);
     int getWebUIMaxAuthFailCount() const;
@@ -201,26 +201,26 @@ public:
     void setWebAPISessionCookieName(const QString &cookieName);
 
     // WebUI security
-    bool isWebUiClickjackingProtectionEnabled() const;
-    void setWebUiClickjackingProtectionEnabled(bool enabled);
-    bool isWebUiCSRFProtectionEnabled() const;
-    void setWebUiCSRFProtectionEnabled(bool enabled);
-    bool isWebUiSecureCookieEnabled () const;
-    void setWebUiSecureCookieEnabled(bool enabled);
+    bool isWebUIClickjackingProtectionEnabled() const;
+    void setWebUIClickjackingProtectionEnabled(bool enabled);
+    bool isWebUICSRFProtectionEnabled() const;
+    void setWebUICSRFProtectionEnabled(bool enabled);
+    bool isWebUISecureCookieEnabled () const;
+    void setWebUISecureCookieEnabled(bool enabled);
     bool isWebUIHostHeaderValidationEnabled() const;
     void setWebUIHostHeaderValidationEnabled(bool enabled);
 
     // HTTPS
-    bool isWebUiHttpsEnabled() const;
-    void setWebUiHttpsEnabled(bool enabled);
+    bool isWebUIHttpsEnabled() const;
+    void setWebUIHttpsEnabled(bool enabled);
     Path getWebUIHttpsCertificatePath() const;
     void setWebUIHttpsCertificatePath(const Path &path);
     Path getWebUIHttpsKeyPath() const;
     void setWebUIHttpsKeyPath(const Path &path);
-    bool isAltWebUiEnabled() const;
-    void setAltWebUiEnabled(bool enabled);
-    Path getWebUiRootFolder() const;
-    void setWebUiRootFolder(const Path &path);
+    bool isAltWebUIEnabled() const;
+    void setAltWebUIEnabled(bool enabled);
+    Path getWebUIRootFolder() const;
+    void setWebUIRootFolder(const Path &path);
 
     // WebUI custom HTTP headers
     bool isWebUICustomHTTPHeadersEnabled() const;

src/base/utils/password.cpp

@@ -1,5 +1,6 @@
 /*
  * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2023  Vladimir Golovnev <glassez@yandex.ru>
  * Copyright (C) 2018  Mike Tzou (Chocobo1)
  *
  * This program is free software; you can redistribute it and/or
@@ -36,6 +37,7 @@
 #include <QString>
 #include <QVector>
 
+#include "base/global.h"
 #include "bytearray.h"
 #include "random.h"
 
@@ -65,6 +67,21 @@ bool Utils::Password::slowEquals(const QByteArray &a, const QByteArray &b)
     return (diff == 0);
 }
 
+QString Utils::Password::generate()
+{
+    const QString alphanum = u"23456789ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz"_s;
+    const int passwordLength = 9;
+    QString pass;
+    pass.reserve(passwordLength);
+    while (pass.length() < passwordLength)
+    {
+        const auto num = Utils::Random::rand(0, (alphanum.size() - 1));
+        pass.append(alphanum[num]);
+    }
+
+    return pass;
+}
+
 QByteArray Utils::Password::PBKDF2::generate(const QString &password)
 {
     return generate(password.toUtf8());
@@ -72,9 +89,8 @@ QByteArray Utils::Password::PBKDF2::generate(const QString &password)
 
 QByteArray Utils::Password::PBKDF2::generate(const QByteArray &password)
 {
-    const std::array<uint32_t, 4> salt
-    {{Random::rand(), Random::rand()
-        , Random::rand(), Random::rand()}};
+    const std::array<uint32_t, 4> salt {
+        {Random::rand(), Random::rand(), Random::rand(), Random::rand()}};
 
     std::array<unsigned char, 64> outBuf {};
     const int hmacResult = PKCS5_PBKDF2_HMAC(password.constData(), password.size()

src/base/utils/password.h

@@ -1,5 +1,6 @@
 /*
  * Bittorrent Client using Qt and libtorrent.
+ * Copyright (C) 2023  Vladimir Golovnev <glassez@yandex.ru>
  * Copyright (C) 2018  Mike Tzou (Chocobo1)
  *
  * This program is free software; you can redistribute it and/or
@@ -37,6 +38,8 @@ namespace Utils::Password
     // Taken from https://crackstation.net/hashing-security.htm
     bool slowEquals(const QByteArray &a, const QByteArray &b);
 
+    QString generate();
+
     namespace PBKDF2
     {
         QByteArray generate(const QString &password);