diff options
Diffstat (limited to 'src/chttpd/src/chttpd_auth.erl')
-rw-r--r-- | src/chttpd/src/chttpd_auth.erl | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/chttpd/src/chttpd_auth.erl b/src/chttpd/src/chttpd_auth.erl index 45e11905b..607f09a8a 100644 --- a/src/chttpd/src/chttpd_auth.erl +++ b/src/chttpd/src/chttpd_auth.erl @@ -55,10 +55,12 @@ party_mode_handler(#httpd{method='POST', path_parts=[<<"_session">>]} = Req) -> % See #1947 - users should always be able to attempt a login Req#httpd{user_ctx=#user_ctx{}}; party_mode_handler(Req) -> - case config:get("chttpd", "require_valid_user", "false") of - "true" -> + RequireValidUser = config:get_boolean("chttpd", "require_valid_user", false), + ExceptUp = config:get_boolean("chttpd", "require_valid_user_except_for_up", true), + case RequireValidUser andalso not ExceptUp of + true -> throw({unauthorized, <<"Authentication required.">>}); - "false" -> + false -> case config:get("admins") of [] -> Req#httpd{user_ctx = ?ADMIN_USER}; |