Fix empty password breach

2024-09-03 20:06:31 +02:00 · 2013-12-28 18:13:43 +01:00 · 2013-12-28 18:13:43 +01:00 · a1683dc4cd
commit a1683dc4cd
parent eb265396b3
1 changed files with 3 additions and 1 deletions
--- a/yunohost.tac
+++ b/yunohost.tac
@ -42,8 +42,10 @@ def http_exec(request, **kwargs):

    # Simple HTTP auth
    elif installed:
-        authorized = request.getUser() == 'admin'
+        authorized = False
        pwd = request.getPassword()
+        if request.getUser() == 'admin' and pwd != '':
+            authorized = True
        if dev and 'api_key' in request.args:
            pwd = request.args['api_key'][0]
            authorized = True