webapp: Use securemem for constant time auth token comparisons.

Debian stable does not have securemem, but neither does it have warp-tls, so just disable use of securemem when not building with https support.
author: Joey Hess <joey@kitenet.net> 2014-03-12 21:21:10 -0400
committer: Joey Hess <joey@kitenet.net> 2014-03-12 21:41:20 -0400
commit: 77693b77a7c7ae09e340e3a609c0c310eeb68fa7 (patch)
tree: 667655d2550fa1b513dd2289bd284128f0a23020 /Assistant
parent: 4bb70698d38aaca746e163c0602ee74da0915d80 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/Assistant/Threads/WebApp.hs b/Assistant/Threads/WebApp.hs
index f90f74287..8d977194b 100644
--- a/Assistant/Threads/WebApp.hs
+++ b/Assistant/Threads/WebApp.hs
@@ -73,7 +73,7 @@ webAppThread assistantdata urlrenderer noannex cannotrun postfirstrun listenhost
 #endif
 	webapp <- WebApp
 		<$> pure assistantdata
-		<*> (pack <$> genRandomToken)
+		<*> genAuthToken
 		<*> getreldir
 		<*> pure staticRoutes
 		<*> pure postfirstrun
@@ -125,7 +125,7 @@ myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR [
 
 getTlsSettings :: Annex (Maybe TLS.TLSSettings)
 getTlsSettings = do
-#ifdef WITH_WEBAPP_HTTPS
+#ifdef WITH_WEBAPP_SECURE
 	cert <- fromRepo gitAnnexWebCertificate
 	privkey <- fromRepo gitAnnexWebPrivKey
 	ifM (liftIO $ allM doesFileExist [cert, privkey])
author	Joey Hess <joey@kitenet.net>	2014-03-12 21:21:10 -0400
committer	Joey Hess <joey@kitenet.net>	2014-03-12 21:41:20 -0400
commit	77693b77a7c7ae09e340e3a609c0c310eeb68fa7 (patch)
tree	667655d2550fa1b513dd2289bd284128f0a23020 /Assistant
parent	4bb70698d38aaca746e163c0602ee74da0915d80 (diff)