Closed DL6ER closed 2 weeks ago
Do we still need this check?
Do we still need this check?
Yes, this check serves a totally different purpose: The web interface sets the password
field value to PASSWORD_VALUE
and when the web interface sends back exactly this string, we assume the password is not to be changed. However. nobody will do this intentionally (outside the web interface) so it isn't concerned with all the changes discussed here.
What does this implement/fix?
This is especially worth adding in the context of forced passwords (via env var) as the password is always "set" on each config change. This PR effectively prevents FTL from wiping all sessions and forcing the user to re-login when changing even settings which are 100% unrelated to the API.
Related issue or feature (if applicable): N/A
Pull request in docs with documentation (if applicable): N/A
By submitting this pull request, I confirm the following:
git rebase
)Checklist:
developmental
branch.