Merge pull request #62 from jeromelebleu/dev

Fix empty password breach
2024-09-03 20:06:31 +02:00 · 2013-12-28 09:18:35 -08:00 · 2013-12-28 09:18:35 -08:00 · 65270dba7b
commit 65270dba7b
parent eb265396b3 a1683dc4cd
1 changed files with 3 additions and 1 deletions
--- a/yunohost.tac
+++ b/yunohost.tac
@ -42,8 +42,10 @@ def http_exec(request, **kwargs):

    # Simple HTTP auth
    elif installed:
-        authorized = request.getUser() == 'admin'
+        authorized = False
        pwd = request.getPassword()
+        if request.getUser() == 'admin' and pwd != '':
+            authorized = True
        if dev and 'api_key' in request.args:
            pwd = request.args['api_key'][0]
            authorized = True