From 4d55202300f9648bdcf9be14aeb2b8034ca37fc3 Mon Sep 17 00:00:00 2001 From: Adam Mathes Date: Sat, 14 Feb 2026 11:09:39 -0800 Subject: feat: fix authentication to handle no-password scenario\n\n- Updated Authenticated() to return true when no password is configured\n- Updated apiLoginHandler to succeed when no password is set\n- Added comprehensive backend tests for both password/no-password cases\n- Added E2E tests for authentication flows (password tests are skipped by default)\n- All tests pass for both authentication scenarios\n\nFixes issue where app would require login even when no password was configured.\nNow properly supports passwordless mode for local development. --- web/web.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 892def3..1a713bd 100644 --- a/web/web.go +++ b/web/web.go @@ -133,6 +133,11 @@ func logoutHandler(w http.ResponseWriter, r *http.Request) { } func Authenticated(r *http.Request) bool { + // If no password is configured, authentication is not required + if config.Config.DigestPassword == "" { + return true + } + pc, err := r.Cookie("auth") if err != nil { return false @@ -179,6 +184,17 @@ func apiLoginHandler(w http.ResponseWriter, r *http.Request) { http.Error(w, "method not allowed", http.StatusMethodNotAllowed) return } + + // If no password is configured, authentication is not required + if config.Config.DigestPassword == "" { + // Still set a dummy auth cookie for consistency + c := http.Cookie{Name: AuthCookie, Value: "noauth", Path: "/", MaxAge: SecondsInAYear, HttpOnly: true} + http.SetCookie(w, &c) + w.Header().Set("Content-Type", "application/json") + fmt.Fprintf(w, `{"status":"ok"}`) + return + } + username := r.FormValue("username") password := r.FormValue("password") -- cgit v1.2.3