Make webui login optional.

Signed-off-by: Jeroen Oudshoorn <oudshoorn.jeroen@gmail.com>
2025-07-01 18:37:27 -04:00 · 2025-01-03 12:04:17 +01:00
parent 9ea6728a26
commit 27c8a113de
2 changed files with 11 additions and 7 deletions
--- a/pwnagotchi/defaults.toml
+++ b/pwnagotchi/defaults.toml
@ -158,8 +158,9 @@ ui.faces.position_y = 34

 ui.web.enabled = true
 ui.web.address = "::" # listening on both ipv4 and ipv6 - switch to 0.0.0.0 to listen on just ipv4
-ui.web.username = "changeme"
-ui.web.password = "changeme"
+ui.web.auth = false
+ui.web.username = "changeme" # if auth is true
+ui.web.password = "changeme" # if auth is true
 ui.web.origin = ""
 ui.web.port = 8080
 ui.web.on_frame = ""
--- a/pwnagotchi/ui/web/handler.py
+++ b/pwnagotchi/ui/web/handler.py
@ -64,11 +64,14 @@ class Handler:
    def with_auth(self, f):
        @wraps(f)
        def wrapper(*args, **kwargs):
-            auth = request.authorization
-            if not auth or not auth.username or not auth.password or not self._check_creds(auth.username,
-                                                                                           auth.password):
-                return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Unauthorized"'})
-            return f(*args, **kwargs)
+            if not self._config['auth']:
+                return f(*args, **kwargs)
+            else:
+                auth = request.authorization
+                if not auth or not auth.username or not auth.password or not self._check_creds(auth.username,
+                                                                                               auth.password):
+                    return Response('Unauthorized', 401, {'WWW-Authenticate': 'Basic realm="Unauthorized"'})
+                return f(*args, **kwargs)

        return wrapper