From 6f98a907aa74d408ea49d0973f543389d3d45088 Mon Sep 17 00:00:00 2001
From: schroda <50052685+schroda@users.noreply.github.com>
Date: Fri, 22 Nov 2024 18:12:52 +0100
Subject: [PATCH] Handle missing credentials as being invalid

In case the credentials were missing the basic authentication was just bypassed
---
 .../src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
index 5f857152e..a900b0b84 100644
--- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
+++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
@@ -108,7 +108,7 @@ object JavalinSetup {
 
         app.beforeMatched { ctx ->
             fun credentialsValid(): Boolean {
-                val basicAuthCredentials = ctx.basicAuthCredentials() ?: return true
+                val basicAuthCredentials = ctx.basicAuthCredentials() ?: return false
                 val (username, password) = basicAuthCredentials
                 return username == serverConfig.basicAuthUsername.value &&
                     password == serverConfig.basicAuthPassword.value