From 6ee4d3daaaa8cedd73cb6a5a4f9fc7b9ccd0cd5f Mon Sep 17 00:00:00 2001 From: SamTV12345 <40429738+samtv12345@users.noreply.github.com> Date: Sun, 2 Jul 2023 17:48:16 +0200 Subject: [PATCH] Fixed password with only numbers being rejected. --- src/node/hooks/express/webaccess.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js index 81ed69b07..e0a5bd084 100644 --- a/src/node/hooks/express/webaccess.js +++ b/src/node/hooks/express/webaccess.js @@ -149,7 +149,10 @@ const checkAccess = async (req, res, next) => { if (!(await aCallFirst0('authenticate', ctx))) { // Fall back to HTTP basic auth. const {[ctx.username]: {password} = {}} = settings.users; - if (!httpBasicAuth || !ctx.username || password == null || password !== ctx.password) { + + if (!httpBasicAuth || + !ctx.username || + password == null || password.toString() !== ctx.password) { httpLogger.info(`Failed authentication from IP ${req.ip}`); if (await aCallFirst0('authnFailure', {req, res})) return; if (await aCallFirst0('authFailure', {req, res, next})) return;