file: fix basic auth regression

Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

1 files changed, 9 insertions, 8 deletions

diff --git a/file.c b/file.c
index a4d9b1d..a1775f5 100644
--- a/file.c
+++ b/file.c
@@ -794,7 +794,7 @@ static bool __handle_file_request(struct client *cl, char *url)
 	struct dispatch_handler *d;
 	struct blob_attr *tb[__HDR_MAX];
 	struct path_info *pi;
-	char *user, *pass;
+	char *user, *pass, *auth;
 
 	pi = uh_path_lookup(cl, url);
 	if (!pi)
@@ -804,14 +804,15 @@ static bool __handle_file_request(struct client *cl, char *url)
 		return true;
 
 	blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
-	if (tb[HDR_AUTHORIZATION]) {
-		if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass))
-			return true;
 
-		if (user && pass) {
-			blobmsg_add_string(&cl->hdr, "http-auth-user", user);
-			blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
-		}
+	auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL;
+
+	if (!uh_auth_check(cl, pi->name, auth, &user, &pass))
+		return true;
+
+	if (user && pass) {
+		blobmsg_add_string(&cl->hdr, "http-auth-user", user);
+		blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
 	}
 
 	d = dispatch_find(url, pi);