users, rest: Add note about accepting already hashed GUI password. (#828

) Ref syncthing/syncthing#9124 (review)
syncthing · Oct 5, 2023 · dfbdd5f · dfbdd5f
1 parent 46cecbf
commit dfbdd5f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/rest/config.rst b/rest/config.rst
@@ -69,3 +69,8 @@ patterns to be used by default on folders, as an array of single-line strings.
 
 ``GET`` returns the respective object, ``PUT`` replaces the entire object and
 ``PATCH`` replaces only the given child objects.
+
+.. note::
+   The :stconf:opt:`gui.password` configuration option has special handling to
+   accept already hashed passwords.  Any valid bcrypt hash is stored verbatim,
+   while a plaintext password is first hashed.
diff --git a/users/syncthing.rst b/users/syncthing.rst
@@ -101,9 +101,10 @@ Options
 .. cmdoption:: --gui-password=<password|->
 
     Specify new GUI authentication password, to update the config file.  Read
-    from the standard input stream if only a single dash (``-``) is given.  The
-    password is hashed before writing to the config file.  As a special case,
-    giving the existing password hash as password will leave it untouched.
+    from the standard input stream if only a single dash (``-``) is given.  A
+    plaintext password is hashed before writing to the config file, but an
+    already bcrypt-hashed input is stored verbatim.  As a special case, giving
+    the existing password hash as password will leave it untouched.
 
 .. cmdoption:: --gui-user=<username>