devins.page
a simple web player for subsonic
tinysub.devins.page
subsonic
navidrome
javascript
fix: security migration
+18
-1
+18
-1
src/js/auth.js
+18
-1
src/js/auth.js
···
110
110
location.reload();
111
111
}
112
112
113
-
// attempt auto-login with stored credentials on page load
113
+
// attempt auto-login on page load
114
114
async function attemptAutoLogin() {
115
115
const creds = CredentialManager.load();
116
+
117
+
// security migration in case you were using version <1.8 which stored raw passwords
118
+
const oldCredentials = localStorage.getItem("tinysub_credentials");
119
+
if (oldCredentials) {
120
+
try {
121
+
const parsed = JSON.parse(oldCredentials);
122
+
if (parsed.password) {
123
+
console.warn(
124
+
"[Auth] Old password format detected, clearing storage and logging out for security",
125
+
);
126
+
await handleLogout();
127
+
return;
128
+
}
129
+
} catch {
130
+
// ignore
131
+
}
132
+
}
116
133
117
134
// no stored credentials
118
135
if (!creds.server || !creds.username || !creds.token || !creds.salt) {