file: fix basic auth regression

Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/file.c b/file.c
index a4d9b1d4b2402e7dbec8dec893db224ef99b2f83..a1775f5b6c18aa496c10bd929d3dbee32bb6f878 100644 (file)
--- a/file.c
+++ b/file.c
@@ -794,7 +794,7 @@ static bool __handle_file_request(struct client *cl, char *url)
        struct dispatch_handler *d;
        struct blob_attr *tb[__HDR_MAX];
        struct path_info *pi;
-       char *user, *pass;
+       char *user, *pass, *auth;
 
        pi = uh_path_lookup(cl, url);
        if (!pi)
@@ -804,14 +804,15 @@ static bool __handle_file_request(struct client *cl, char *url)
                return true;
 
        blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(cl->hdr.head), blob_len(cl->hdr.head));
-       if (tb[HDR_AUTHORIZATION]) {
-               if (!uh_auth_check(cl, pi->name, blobmsg_data(tb[HDR_AUTHORIZATION]), &user, &pass))
-                       return true;
 
-               if (user && pass) {
-                       blobmsg_add_string(&cl->hdr, "http-auth-user", user);
-                       blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
-               }
+       auth = tb[HDR_AUTHORIZATION] ? blobmsg_data(tb[HDR_AUTHORIZATION]) : NULL;
+
+       if (!uh_auth_check(cl, pi->name, auth, &user, &pass))
+               return true;
+
+       if (user && pass) {
+               blobmsg_add_string(&cl->hdr, "http-auth-user", user);
+               blobmsg_add_string(&cl->hdr, "http-auth-pass", pass);
        }
 
        d = dispatch_find(url, pi);