let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ui): scrub auth params

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-07 20:20:32 +01:00
parent 765d7771c8
commit 9980f20218
3 changed files with 41 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ui/src/ui/app.ts
View File

@@ -663,20 +663,29 @@ export class ClawdbotApp extends LitElement {
private applySettingsFromUrl() {
if (!window.location.search) return;
const params = new URLSearchParams(window.location.search);
const token = params.get("token")?.trim();
const password = params.get("password")?.trim();
const tokenRaw = params.get("token");
const passwordRaw = params.get("password");
let changed = false;
if (token && !this.settings.token) {
this.applySettings({ ...this.settings, token });
if (tokenRaw != null) {
const token = tokenRaw.trim();
if (token && !this.settings.token) {
this.applySettings({ ...this.settings, token });
changed = true;
}
params.delete("token");
changed = true;
}
if (password) {
this.password = password;
if (passwordRaw != null) {
const password = passwordRaw.trim();
if (password) {
this.password = password;
changed = true;
}
params.delete("password");
changed = true;
}
if (!changed) return;
if (!changed && tokenRaw == null && passwordRaw == null) return;
const url = new URL(window.location.href);
url.search = params.toString();
window.history.replaceState({}, "", url.toString());

22
ui/src/ui/navigation.browser.test.ts
View File

@@ -128,4 +128,26 @@ describe("control UI routing", () => {
expect(window.location.pathname).toBe("/ui/overview");
expect(window.location.search).toBe("");
});
it("hydrates password from URL params and strips it", async () => {
const app = mountApp("/ui/overview?password=sekret");
await app.updateComplete;
expect(app.password).toBe("sekret");
expect(window.location.pathname).toBe("/ui/overview");
expect(window.location.search).toBe("");
});
it("strips auth params even when settings already set", async () => {
localStorage.setItem(
"clawdbot.control.settings.v1",
JSON.stringify({ token: "existing-token" }),
);
const app = mountApp("/ui/overview?token=abc123");
await app.updateComplete;
expect(app.settings.token).toBe("existing-token");
expect(window.location.pathname).toBe("/ui/overview");
expect(window.location.search).toBe("");
});
});