luci-mod-rpc: drop "secret" value from rpc session objects

Drop the "secret" value from RPC session objects in order to make them compatible with ordinary web sessions used by the LuCI web interface. That secret value was never used for anything and is the only difference compared to normal LuCI login sessions. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 766643fcf1)
2019-01-30 16:48:51 +01:00 · 2019-01-30 16:48:51 +01:00 · 4c45a52592
commit 4c45a52592
parent 43959e3abd
1 changed files with 2 additions and 5 deletions
--- a/modules/luci-mod-rpc/luasrc/controller/rpc.lua
+++ b/modules/luci-mod-rpc/luasrc/controller/rpc.lua
@ -14,7 +14,6 @@ function session_retrieve(sid, allowed_users)
 	if type(sdat) == "table" and
 	   type(sdat.values) == "table" and
 	   type(sdat.values.token) == "string" and
-	   type(sdat.values.secret) == "string" and
 	   type(sdat.values.username) == "string" and
 	   util.contains(allowed_users, sdat.values.username)
 	then
@ -78,8 +77,7 @@ function rpc_auth()
 			util.ubus("session", "set", {
 				ubus_rpc_session = login.ubus_rpc_session,
 				values = {
-					token = sys.uniqueid(16),
-					secret = sys.uniqueid(16)
+					token = sys.uniqueid(16)
 				}
 			})

@ -87,8 +85,7 @@ function rpc_auth()
 			if sdat then
 				return {
 					sid = sid,
-					token = sdat.token,
-					secret = sdat.secret
+					token = sdat.token
 				}
 			end
 		end