Hashed GUI passwords via API?

I’m trying to set my GUI password via API by providing my password hash. But syncthing makes literally the hash my new password. Is this expected?

(I don’t have the commands easily available because they are run programmatically by my operating system. I just know it passes the configs to API and I have my password given as a hash of the form $2a$10$Ewl...

I think this used to work but recently it broke. Don’t know exactly when because I’m logging into syncthing quite rarely. It’s possible that a change in my OS broke it, but it’s also possible that a change in syncthing broke it. Has there been any changes regarding this GUI password handling in API in recent versions (e.g., within one year or so)?

Based on this issue Hashed GUI password should not be rehashed · Issue #4458 · syncthing/syncthing · GitHub I thought it should work.

If I understand correctly, this commit broke it:

I opened an issue just in case it’s a bug: Hashed passwords via API are hashed again · Issue #9123 · syncthing/syncthing · GitHub

I filed a fix for it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.