From 2883d70ea9ddfb4e53268ae49f544918da665edb Mon Sep 17 00:00:00 2001 From: fatedier Date: Mon, 15 May 2017 21:30:13 +0800 Subject: [PATCH] dashboard: don't check authentication if user and password is empty --- server/dashboard.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/server/dashboard.go b/server/dashboard.go index f0459b02..0e541f74 100644 --- a/server/dashboard.go +++ b/server/dashboard.go @@ -84,7 +84,7 @@ type AuthWraper struct { func (aw *AuthWraper) ServeHTTP(w http.ResponseWriter, r *http.Request) { user, passwd, hasAuth := r.BasicAuth() - if hasAuth && user == aw.user || passwd == aw.passwd { + if (aw.user == "" && aw.passwd == "") || (hasAuth && user == aw.user || passwd == aw.passwd) { aw.h.ServeHTTP(w, r) } else { w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) @@ -103,7 +103,8 @@ func basicAuthWraper(h http.Handler) http.Handler { func basicAuth(h http.HandlerFunc) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { user, passwd, hasAuth := r.BasicAuth() - if hasAuth && user == config.ServerCommonCfg.DashboardUser || passwd == config.ServerCommonCfg.DashboardPwd { + if (config.ServerCommonCfg.DashboardUser == "" && config.ServerCommonCfg.DashboardPwd == "") || + (hasAuth && user == config.ServerCommonCfg.DashboardUser || passwd == config.ServerCommonCfg.DashboardPwd) { h.ServeHTTP(w, r) } else { w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) @@ -115,7 +116,8 @@ func basicAuth(h http.HandlerFunc) http.HandlerFunc { func httprouterBasicAuth(h httprouter.Handle) httprouter.Handle { return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { user, passwd, hasAuth := r.BasicAuth() - if hasAuth && user == config.ServerCommonCfg.DashboardUser || passwd == config.ServerCommonCfg.DashboardPwd { + if (config.ServerCommonCfg.DashboardUser == "" && config.ServerCommonCfg.DashboardPwd == "") || + (hasAuth && user == config.ServerCommonCfg.DashboardUser || passwd == config.ServerCommonCfg.DashboardPwd) { h(w, r, ps) } else { w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)