do not switch to legacy authentication system when readUser, readPass, publishUser, publishPass are present but are empty (#3113)

2024-03-06 18:04:08 +01:00 · 2024-03-06 18:04:08 +01:00 · dd3b268346
commit dd3b268346
parent 2c857fc329
2 changed files with 26 additions and 14 deletions
--- a/internal/conf/conf.go
+++ b/internal/conf/conf.go
@ -94,14 +94,24 @@ func mustParseCIDR(v string) net.IPNet {
 	return *ne
 }
 func credentialIsNotEmpty(c *Credential) bool {
 	return c != nil && *c != ""
 }
 func ipNetworkIsNotEmpty(i *IPNetworks) bool {
 	return i != nil && len(*i) != 0
 }
 func anyPathHasDeprecatedCredentials(paths map[string]*OptionalPath) bool {
 	for _, pa := range paths {
 		if pa != nil {
 			rva := reflect.ValueOf(pa.Values).Elem()
-			if !rva.FieldByName("PublishUser").IsNil() || !rva.FieldByName("PublishPass").IsNil() ||
+			if credentialIsNotEmpty(rva.FieldByName("PublishUser").Interface().(*Credential)) ||
-				!rva.FieldByName("PublishIPs").IsNil() ||
+				credentialIsNotEmpty(rva.FieldByName("PublishPass").Interface().(*Credential)) ||
-				!rva.FieldByName("ReadUser").IsNil() || !rva.FieldByName("ReadPass").IsNil() ||
+				ipNetworkIsNotEmpty(rva.FieldByName("PublishIPs").Interface().(*IPNetworks)) ||
-				!rva.FieldByName("ReadIPs").IsNil() {
+				credentialIsNotEmpty(rva.FieldByName("ReadUser").Interface().(*Credential)) ||
 				credentialIsNotEmpty(rva.FieldByName("ReadPass").Interface().(*Credential)) ||
 				ipNetworkIsNotEmpty(rva.FieldByName("ReadIPs").Interface().(*IPNetworks)) {
 				return true
 			}
 		}
@ -460,10 +470,12 @@ func (conf *Conf) Validate() error {
 		return fmt.Errorf("'authJWTJWKS' must be a HTTP URL")
 	}
 	deprecatedCredentialsMode := false
-	if conf.PathDefaults.PublishUser != nil || conf.PathDefaults.PublishPass != nil ||
+	if credentialIsNotEmpty(conf.PathDefaults.PublishUser) ||
-		conf.PathDefaults.PublishIPs != nil ||
+		credentialIsNotEmpty(conf.PathDefaults.PublishPass) ||
-		conf.PathDefaults.ReadUser != nil || conf.PathDefaults.ReadPass != nil ||
+		ipNetworkIsNotEmpty(conf.PathDefaults.PublishIPs) ||
-		conf.PathDefaults.ReadIPs != nil ||
+		credentialIsNotEmpty(conf.PathDefaults.ReadUser) ||
 		credentialIsNotEmpty(conf.PathDefaults.ReadPass) ||
 		ipNetworkIsNotEmpty(conf.PathDefaults.ReadIPs) ||
 		anyPathHasDeprecatedCredentials(conf.OptionalPaths) {
 		conf.AuthInternalUsers = []AuthInternalUser{
 			{
--- a/internal/conf/path.go
+++ b/internal/conf/path.go
@ -383,17 +383,17 @@ func (pconf *Path) validate(
 	if deprecatedCredentialsMode {
 		func() {
 			var user Credential = "any"
-			if pconf.PublishUser != nil {
+			if credentialIsNotEmpty(pconf.PublishUser) {
 				user = *pconf.PublishUser
 			}
 			var pass Credential
-			if pconf.PublishPass != nil {
+			if credentialIsNotEmpty(pconf.PublishPass) {
 				pass = *pconf.PublishPass
 			}
 			ips := IPNetworks{mustParseCIDR("0.0.0.0/0")}
-			if pconf.PublishIPs != nil {
+			if ipNetworkIsNotEmpty(pconf.PublishIPs) {
 				ips = *pconf.PublishIPs
 			}
@ -415,17 +415,17 @@ func (pconf *Path) validate(
 		func() {
 			var user Credential = "any"
-			if pconf.ReadUser != nil {
+			if credentialIsNotEmpty(pconf.ReadUser) {
 				user = *pconf.ReadUser
 			}
 			var pass Credential
-			if pconf.ReadPass != nil {
+			if credentialIsNotEmpty(pconf.ReadPass) {
 				pass = *pconf.ReadPass
 			}
 			ips := IPNetworks{mustParseCIDR("0.0.0.0/0")}
-			if pconf.ReadIPs != nil {
+			if ipNetworkIsNotEmpty(pconf.ReadIPs) {
 				ips = *pconf.ReadIPs
 			}