diff options
-rw-r--r-- | modules/rpc/luasrc/controller/rpc.lua | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/modules/rpc/luasrc/controller/rpc.lua b/modules/rpc/luasrc/controller/rpc.lua index 7255c1780a..6b091163f1 100644 --- a/modules/rpc/luasrc/controller/rpc.lua +++ b/modules/rpc/luasrc/controller/rpc.lua @@ -24,11 +24,13 @@ module "luci.controller.rpc" function index() local function authenticator(validator, accs) local auth = luci.http.formvalue("auth", true) - if auth then + if auth then -- if authentication token was given local sdat = luci.sauth.read(auth) - user = loadstring(sdat)().user - if user and luci.util.contains(accs, user) then - return user, auth + if sdat then -- if given token is valid + user = loadstring(sdat)().user + if user and luci.util.contains(accs, user) then + return user, auth + end end end luci.http.status(403, "Forbidden") |