patch: bug when disabling password protection being invalid even though it should be disabled

2025-04-17 18:18:11 +00:00 · 2024-05-23 10:46:12 -07:00 · 2024-05-23 10:46:12 -07:00 · bfc9a96e87
commit bfc9a96e87
parent 961630f7d5
1 changed files with 14 additions and 7 deletions
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@ -436,14 +436,21 @@ function systemEndpoints(app) {
          return;
        }

+        let error = null;
        const { usePassword, newPassword } = reqBody(request);
-        const { error } = await updateENV(
-          {
-            AuthToken: usePassword ? newPassword : "",
-            JWTSecret: usePassword ? v4() : "",
-          },
-          true
-        );
+        if (!usePassword) { // Password is being disabled so directly unset everything to bypass validation.
+          process.env.AUTH_TOKEN = "";
+          process.env.JWT_SECRET = "";
+        } else {
+          error = await updateENV(
+            {
+              AuthToken: newPassword,
+              JWTSecret: v4(),
+            },
+            true
+          )?.error;
+        }
+
        if (process.env.NODE_ENV === "production") await dumpENV();
        response.status(200).json({ success: !error, error });
      } catch (e) {