root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-03-02 23:57:59 +00:00
Code Issues Projects Releases Wiki Activity

fix(auth/csvauth): don't allow BOTH username and password to be empty

Browse Source
This commit is contained in:
AJ ONeal 2026-02-26 01:52:54 -07:00
parent 3465e9e232
commit 1789c92815
No known key found for this signature in database
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth/csvauth/csvauth.go
View File

@ -358,6 +358,10 @@ func (a *Auth) gcmDecrypt(aes128key [16]byte, gcmNonce [12]byte, derived []byte)
// - the resulting 'user' must match BasicAuthTokenNames ("", "api", and "apikey" are the defaults) // - the resulting 'user' must match BasicAuthTokenNames ("", "api", and "apikey" are the defaults)
// - then the token is (timing-safe) hashed to check if it exists, and then verified by its algorithm // - then the token is (timing-safe) hashed to check if it exists, and then verified by its algorithm
func (a *Auth) Authenticate(name, secret string) (*Credential, error) { func (a *Auth) Authenticate(name, secret string) (*Credential, error) {
if name == "" && secret == "" {
return nil, ErrUnauthorized
}
a.mux.Lock() a.mux.Lock()
defer a.mux.Unlock() defer a.mux.Unlock()
c, ok := a.credentials[name] c, ok := a.credentials[name]