From ab4ef06cb828e1a33d6c4e045a6db67b27a5bbfd Mon Sep 17 00:00:00 2001 From: sigoden Date: Wed, 11 Dec 2024 08:57:30 +0800 Subject: [PATCH] fix: no authentication check if no auth users --- src/auth.rs | 3 +++ tests/auth.rs | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/src/auth.rs b/src/auth.rs index 87c9388..02e965c 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -102,6 +102,9 @@ impl AccessControl { authorization: Option<&HeaderValue>, guard_options: bool, ) -> (Option, Option) { + if self.users.is_empty() { + return (None, Some(AccessPaths::new(AccessPerm::ReadWrite))); + } if let Some(authorization) = authorization { if let Some(user) = get_auth_user(authorization) { if let Some((pass, paths)) = self.users.get(&user) { diff --git a/tests/auth.rs b/tests/auth.rs index 00a5205..4b0e7e0 100644 --- a/tests/auth.rs +++ b/tests/auth.rs @@ -115,6 +115,16 @@ fn auth_skip_on_options_method( Ok(()) } +#[rstest] +fn auth_skip_if_no_auth_user(server: TestServer) -> Result<(), Error> { + let url = format!("{}index.html", server.url()); + let resp = fetch!(b"GET", &url) + .basic_auth("user", Some("pass")) + .send()?; + assert_eq!(resp.status(), 200); + Ok(()) +} + #[rstest] fn auth_check( #[with(&["--auth", "user:pass@/:rw", "--auth", "user2:pass2@/", "-A"])] server: TestServer,