summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--libs/lucid-http/luasrc/lucid/http/server.lua1
-rw-r--r--libs/web/luasrc/dispatcher.lua8
2 files changed, 8 insertions, 1 deletions
diff --git a/libs/lucid-http/luasrc/lucid/http/server.lua b/libs/lucid-http/luasrc/lucid/http/server.lua
index 0fe9473166..cb10813b9e 100644
--- a/libs/lucid-http/luasrc/lucid/http/server.lua
+++ b/libs/lucid-http/luasrc/lucid/http/server.lua
@@ -132,6 +132,7 @@ function Handler.checkrestricted(self, request)
end
if stat then
+ request.env.HTTP_AUTH_USER, request.env.HTTP_AUTH_PASS = user, pass
return
end
end
diff --git a/libs/web/luasrc/dispatcher.lua b/libs/web/luasrc/dispatcher.lua
index c863d9ff72..01cc109219 100644
--- a/libs/web/luasrc/dispatcher.lua
+++ b/libs/web/luasrc/dispatcher.lua
@@ -258,7 +258,7 @@ function dispatch(request)
local verifytoken = false
if not sess then
sess = luci.http.getcookie("sysauth")
- sess = sess and sess:match("^[a-f0-9]+$")
+ sess = sess and sess:match("^[a-f0-9]*$")
verifytoken = true
end
@@ -272,6 +272,12 @@ function dispatch(request)
if not verifytoken or ctx.urltoken.stok == sdat.token then
user = sdat.user
end
+ else
+ local eu = http.getenv("HTTP_AUTH_USER")
+ local ep = http.getenv("HTTP_AUTH_PASS")
+ if eu and ep and luci.sys.user.checkpasswd(eu, ep) then
+ authen = function() return eu end
+ end
end
if not util.contains(accs, user) then