From 617e64d01f010d65f84b24a5999c3ac0b6dfcaf2 Mon Sep 17 00:00:00 2001
From: 21pages <pages21@163.com>
Date: Mon, 21 Nov 2022 15:29:00 +0800
Subject: [PATCH] fix approve mode judgement

Signed-off-by: 21pages <pages21@163.com>
---
 libs/hbb_common/src/password_security.rs | 18 ++++++++++++++++++
 src/server/connection.rs                 | 16 ++++++++++------
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/libs/hbb_common/src/password_security.rs b/libs/hbb_common/src/password_security.rs
index 55a6825fa..adaafebb3 100644
--- a/libs/hbb_common/src/password_security.rs
+++ b/libs/hbb_common/src/password_security.rs
@@ -13,6 +13,13 @@ enum VerificationMethod {
     UseBothPasswords,
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum ApproveMode {
+    Both,
+    Password,
+    Click,
+}
+
 // Should only be called in server
 pub fn update_temporary_password() {
     *TEMPORARY_PASSWORD.write().unwrap() = Config::get_auto_password(temporary_password_length());
@@ -58,6 +65,17 @@ pub fn has_valid_password() -> bool {
         || permanent_enabled() && !Config::get_permanent_password().is_empty()
 }
 
+pub fn approve_mode() -> ApproveMode {
+    let mode = Config::get_option("approve-mode");
+    if mode == "password" {
+        ApproveMode::Password
+    } else if mode == "click" {
+        ApproveMode::Click
+    } else {
+        ApproveMode::Both
+    }
+}
+
 const VERSION_LEN: usize = 2;
 
 pub fn encrypt_str_or_original(s: &str, version: &str) -> String {
diff --git a/src/server/connection.rs b/src/server/connection.rs
index f49e293a2..11960be8a 100644
--- a/src/server/connection.rs
+++ b/src/server/connection.rs
@@ -14,7 +14,8 @@ use hbb_common::{
     futures::{SinkExt, StreamExt},
     get_time, get_version_number,
     message_proto::{option_message::BoolOption, permission_info::Permission},
-    password_security as password, sleep, timeout,
+    password_security::{self as password, ApproveMode},
+    sleep, timeout,
     tokio::{
         net::TcpStream,
         sync::mpsc,
@@ -1046,7 +1047,9 @@ impl Connection {
             }
             if !crate::is_ip(&lr.username) && lr.username != Config::get_id() {
                 self.send_login_error("Offline").await;
-            } else if Config::get_option("approve-mode") == "click" {
+            } else if password::approve_mode() == ApproveMode::Click
+                || password::approve_mode() == ApproveMode::Both && !password::has_valid_password()
+            {
                 self.try_start_cm(lr.my_id, lr.my_name, false);
                 if hbb_common::get_version_number(&lr.version)
                     >= hbb_common::get_version_number("1.2.0")
@@ -1054,6 +1057,11 @@ impl Connection {
                     self.send_login_error("No Password Access").await;
                 }
                 return true;
+            } else if password::approve_mode() == ApproveMode::Password
+                && !password::has_valid_password()
+            {
+                self.send_login_error("Connection not allowed").await;
+                return false;
             } else if self.is_of_recent_session() {
                 self.try_start_cm(lr.my_id, lr.my_name, true);
                 self.send_logon_response().await;
@@ -1063,10 +1071,6 @@ impl Connection {
             } else if lr.password.is_empty() {
                 self.try_start_cm(lr.my_id, lr.my_name, false);
             } else {
-                if !password::has_valid_password() {
-                    self.send_login_error("Connection not allowed").await;
-                    return false;
-                }
                 let mut failure = LOGIN_FAILURES
                     .lock()
                     .unwrap()