fix(password): set_salt(), check if is empty

Signed-off-by: fufesou <linlong1266@gmail.com>
2026-04-02 22:16:18 +00:00 · 2026-03-23 16:28:56 +08:00
parent 485e2f7e22
commit 2d7b848516
1 changed files with 15 additions and 11 deletions
--- a/src/config.rs
+++ b/src/config.rs
@@ -85,7 +85,8 @@ pub fn decode_permanent_password_h1_from_storage(
    Some(h1)
 }

-fn can_update_salt(permanent_password_storage: &str) -> bool {
+// If password is empty or not hashed storage, it's safe to update salt.
+fn password_is_empty_or_not_hashed(permanent_password_storage: &str) -> bool {
    permanent_password_storage.is_empty()
        || !is_permanent_password_hashed_storage(permanent_password_storage)
 }
@@ -1343,9 +1344,19 @@ impl Config {
        if salt == config.salt {
            return;
        }
-        if !can_update_salt(&config.password) {
-            log::error!("Refusing to update salt because permanent password is hashed");
-            return;
+        if !password_is_empty_or_not_hashed(&config.password) {
+            if config.salt.is_empty() {
+                log::error!(
+                    "Refusing to set salt because permanent password is hashed and salt is empty"
+                );
+                return;
+            } else {
+                // This shouldn't happen under normal circumstances because the salt
+                // should be automatically generated when migrating to hash storage.
+                // However, if it does occur, it's best to log the error,
+                // even though this will result in logging many duplicate error messages.
+                log::warn!("Salt is empty but permanent password is hashed");
+            }
        }
        config.salt = salt.into();
        config.store();
@@ -1355,13 +1366,6 @@ impl Config {
        let config = CONFIG.read().unwrap();
        let mut salt = config.salt.clone();
        if salt.is_empty() {
-            if !can_update_salt(&config.password) {
-                // This shouldn't happen under normal circumstances because the salt
-                // should be automatically generated when migrating to hash storage.
-                // However, if it does occur, it's best to log the error,
-                // even though this will result in logging many duplicate error messages.
-                log::warn!("Salt is empty but permanent password is hashed");
-            }
            drop(config);
            salt = Config::get_auto_password(DEFAULT_SALT_LEN);
            Config::set_salt(&salt);