auth: fix broken password check

Guessing an existing user's name was enough to successfully authenticate.
2025-10-31 00:25:06 +01:00 · 2017-10-20 16:20:38 +00:00
parent 13613643cc
commit 2edb9522f1
1 changed files with 1 additions and 1 deletions
--- a/lib/dyndnsd.rb
+++ b/lib/dyndnsd.rb
@@ -201,7 +201,7 @@ module Dyndnsd
      # configure rack
      app = Daemon.new(config, db, updater, responder)
      app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|
-        allow = (config['users'].has_key? user) and (config['users'][user]['password'] == pass)
+        allow = ((config['users'].has_key? user) and (config['users'][user]['password'] == pass))
        if not allow
          Dyndnsd.logger.warn "Login failed for #{user}"
          Metriks.meter('requests.auth_failed').mark