luci-mod-rpc: drop "secret" value from rpc session objects

Drop the "secret" value from RPC session objects in order to make them
compatible with ordinary web sessions used by the LuCI web interface.

That secret value was never used for anything and is the only difference
compared to normal LuCI login sessions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 766643fcf18b5710462b88adeabe5e4706ed09cf)

diff --git a/modules/luci-mod-rpc/luasrc/controller/rpc.lua b/modules/luci-mod-rpc/luasrc/controller/rpc.lua
index 1e8038b28af803336bc62338a97b1e8ca414ac08..37a976035e7ba7c34d4db77e4aa8c3a383753ec9 100644 (file)
--- a/modules/luci-mod-rpc/luasrc/controller/rpc.lua
+++ b/modules/luci-mod-rpc/luasrc/controller/rpc.lua
@@ -14,7 +14,6 @@ function session_retrieve(sid, allowed_users)
        if type(sdat) == "table" and
           type(sdat.values) == "table" and
           type(sdat.values.token) == "string" and
-          type(sdat.values.secret) == "string" and
           type(sdat.values.username) == "string" and
           util.contains(allowed_users, sdat.values.username)
        then
@@ -78,8 +77,7 @@ function rpc_auth()
                        util.ubus("session", "set", {
                                ubus_rpc_session = login.ubus_rpc_session,
                                values = {
-                                       token = sys.uniqueid(16),
-                                       secret = sys.uniqueid(16)
+                                       token = sys.uniqueid(16)
                                }
                        })
 
@@ -87,8 +85,7 @@ function rpc_auth()
                        if sdat then
                                return {
                                        sid = sid,
-                                       token = sdat.token,
-                                       secret = sdat.secret
+                                       token = sdat.token
                                }
                        end
                end