From 38673bbff4fd0f5f3eb17e9d52ef20a9f91ddd28 Mon Sep 17 00:00:00 2001
From: schroda <50052685+schroda@users.noreply.github.com>
Date: Sat, 23 Nov 2024 02:00:16 +0100
Subject: [PATCH] Handle missing credentials as being invalid (#1164)

In case the credentials were missing the basic authentication was just bypassed
---
 .../src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
index 5f857152..a900b0b8 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -108,7 +108,7 @@ object JavalinSetup {
 
         app.beforeMatched { ctx ->
             fun credentialsValid(): Boolean {
-                val basicAuthCredentials = ctx.basicAuthCredentials() ?: return true
+                val basicAuthCredentials = ctx.basicAuthCredentials() ?: return false
                 val (username, password) = basicAuthCredentials
                 return username == serverConfig.basicAuthUsername.value &&
                     password == serverConfig.basicAuthPassword.value