diff options
-rw-r--r-- | libs/lucid-http/luasrc/lucid/http/server.lua | 1 | ||||
-rw-r--r-- | libs/web/luasrc/dispatcher.lua | 8 |
2 files changed, 8 insertions, 1 deletions
diff --git a/libs/lucid-http/luasrc/lucid/http/server.lua b/libs/lucid-http/luasrc/lucid/http/server.lua index 0fe9473166..cb10813b9e 100644 --- a/libs/lucid-http/luasrc/lucid/http/server.lua +++ b/libs/lucid-http/luasrc/lucid/http/server.lua @@ -132,6 +132,7 @@ function Handler.checkrestricted(self, request) end if stat then + request.env.HTTP_AUTH_USER, request.env.HTTP_AUTH_PASS = user, pass return end end diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua index c863d9ff72..01cc109219 100644 --- a/libs/web/luasrc/dispatcher.lua +++ b/libs/web/luasrc/dispatcher.lua @@ -258,7 +258,7 @@ function dispatch(request) local verifytoken = false if not sess then sess = luci.http.getcookie("sysauth") - sess = sess and sess:match("^[a-f0-9]+$") + sess = sess and sess:match("^[a-f0-9]*$") verifytoken = true end @@ -272,6 +272,12 @@ function dispatch(request) if not verifytoken or ctx.urltoken.stok == sdat.token then user = sdat.user end + else + local eu = http.getenv("HTTP_AUTH_USER") + local ep = http.getenv("HTTP_AUTH_PASS") + if eu and ep and luci.sys.user.checkpasswd(eu, ep) then + authen = function() return eu end + end end if not util.contains(accs, user) then |