Send the real hash as part of the config (fixes #681)

cmd/syncthing/gui.go

@@ -45,10 +45,6 @@ var (
 	eventSub     *events.BufferedSubscription
 )
 
-const (
-	unchangedPassword = "--password-unchanged--"
-)
-
 func init() {
 	l.AddHandler(logger.LevelWarn, showGuiError)
 	sub := events.Default.Subscribe(events.AllEvents)
@@ -274,12 +270,8 @@ func restGetNodeStats(m *model.Model, w http.ResponseWriter, r *http.Request) {
 }
 
 func restGetConfig(w http.ResponseWriter, r *http.Request) {
-	encCfg := cfg
-	if encCfg.GUI.Password != "" {
-		encCfg.GUI.Password = unchangedPassword
-	}
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	json.NewEncoder(w).Encode(encCfg)
+	json.NewEncoder(w).Encode(cfg)
 }
 
 func restPostConfig(m *model.Model, w http.ResponseWriter, r *http.Request) {
@@ -290,18 +282,16 @@ func restPostConfig(m *model.Model, w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), 500)
 		return
 	} else {
-		if newCfg.GUI.Password == "" {
+		if newCfg.GUI.Password != cfg.GUI.Password {
-			// Leave it empty
+			if newCfg.GUI.Password != "" {
-		} else if newCfg.GUI.Password == unchangedPassword {
+				hash, err := bcrypt.GenerateFromPassword([]byte(newCfg.GUI.Password), 0)
-			newCfg.GUI.Password = cfg.GUI.Password
+				if err != nil {
-		} else {
+					l.Warnln("bcrypting password:", err)
-			hash, err := bcrypt.GenerateFromPassword([]byte(newCfg.GUI.Password), 0)
+					http.Error(w, err.Error(), 500)
-			if err != nil {
+					return
-				l.Warnln("bcrypting password:", err)
+				} else {
-				http.Error(w, err.Error(), 500)
+					newCfg.GUI.Password = string(hash)
-				return
+				}
-			} else {
-				newCfg.GUI.Password = string(hash)
 			}
 		}