Skip to content
Snippets Groups Projects
Commit 065331c7 authored by Frédéric Guillot's avatar Frédéric Guillot Committed by Frédéric Guillot
Browse files

api: avoid database lookup if empty credentials are provided

parent 2b74c677
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
api/middleware.go
+ 6
0
View file @ 065331c7
...@@ -89,6 +89,12 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler { ...@@ -89,6 +89,12 @@ func (m *middleware) basicAuth(next http.Handler) http.Handler {
return return
} }
if username == "" || password == "" {
logger.Error("[API][BasicAuth] [ClientIP=%s] Empty username or password", clientIP)
json.Unauthorized(w, r)
return
}
if err := m.store.CheckPassword(username, password); err != nil { if err := m.store.CheckPassword(username, password); err != nil {
logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username) logger.Error("[API][BasicAuth] [ClientIP=%s] Invalid username or password: %s", clientIP, username)
json.Unauthorized(w, r) json.Unauthorized(w, r)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment