southfox/miniflux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

api: avoid database lookup if empty credentials are provided

Browse source
This commit is contained in:
Frédéric Guillot 2020-09-27 13:18:51 -07:00 committed by Frédéric Guillot
parent 2b74c6779a
commit 065331c77f
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
api/middleware.go
View file

@ -89,6 +89,12 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler {
return return
} }
if username == "" || password == "" {
logger.Error("[API][BasicAuth] [ClientIP=%s] Empty username or password", clientIP)
json.Unauthorized(w, r)
return
}
if err := m.store.CheckPassword(username, password); err != nil { if err := m.store.CheckPassword(username, password); err != nil {
logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username) logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username)
json.Unauthorized(w, r) json.Unauthorized(w, r)