From 27c8a113de23414e1b6a065ff4f0ee38ab3a3dce Mon Sep 17 00:00:00 2001 From: Jeroen Oudshoorn Date: Fri, 3 Jan 2025 12:04:17 +0100 Subject: [PATCH] Make webui login optional. Signed-off-by: Jeroen Oudshoorn --- pwnagotchi/defaults.toml | 5 +++-- pwnagotchi/ui/web/handler.py | 13 ++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/pwnagotchi/defaults.toml b/pwnagotchi/defaults.toml index 656e8948..a3d3094c 100644 --- a/pwnagotchi/defaults.toml +++ b/pwnagotchi/defaults.toml @@ -158,8 +158,9 @@ ui.faces.position_y = 34 ui.web.enabled = true ui.web.address = "::" # listening on both ipv4 and ipv6 - switch to 0.0.0.0 to listen on just ipv4 -ui.web.username = "changeme" -ui.web.password = "changeme" +ui.web.auth = false +ui.web.username = "changeme" # if auth is true +ui.web.password = "changeme" # if auth is true ui.web.origin = "" ui.web.port = 8080 ui.web.on_frame = "" diff --git a/pwnagotchi/ui/web/handler.py b/pwnagotchi/ui/web/handler.py index 766a9902..6e75cb02 100644 --- a/pwnagotchi/ui/web/handler.py +++ b/pwnagotchi/ui/web/handler.py @@ -64,11 +64,14 @@ class Handler: def with_auth(self, f): @wraps(f) def wrapper(*args, **kwargs): - auth = request.authorization - if not auth or not auth.username or not auth.password or not self._check_creds(auth.username, - auth.password): - return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Unauthorized"'}) - return f(*args, **kwargs) + if not self._config['auth']: + return f(*args, **kwargs) + else: + auth = request.authorization + if not auth or not auth.username or not auth.password or not self._check_creds(auth.username, + auth.password): + return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Unauthorized"'}) + return f(*args, **kwargs) return wrapper