feat(authentication): add a --no-auth flag to disable authentication (#553)

2025-07-22 23:09:41 +02:00 · 2017-02-01 22:13:48 +13:00 · 2017-02-01 22:13:48 +13:00 · 10f7744a62
commit 10f7744a62
parent 779fcf8e7f
16 changed files with 203 additions and 191 deletions
--- a/api/http/auth_handler.go
+++ b/api/http/auth_handler.go
@ -16,6 +16,7 @@ import (
 type AuthHandler struct {
 	*mux.Router
 	Logger        *log.Logger
+	authDisabled  bool
 	UserService   portainer.UserService
 	CryptoService portainer.CryptoService
 	JWTService    portainer.JWTService
@ -26,6 +27,9 @@ const (
 	ErrInvalidCredentialsFormat = portainer.Error("Invalid credentials format")
 	// ErrInvalidCredentials is an error raised when credentials for a user are invalid
 	ErrInvalidCredentials = portainer.Error("Invalid credentials")
+	// ErrAuthDisabled is an error raised when trying to access the authentication endpoints
+	// when the server has been started with the --no-auth flag
+	ErrAuthDisabled = portainer.Error("Authentication is disabled")
 )

 // NewAuthHandler returns a new instance of AuthHandler.
@ -44,6 +48,11 @@ func (handler *AuthHandler) handlePostAuth(w http.ResponseWriter, r *http.Reques
 		return
 	}

+	if handler.authDisabled {
+		Error(w, ErrAuthDisabled, http.StatusServiceUnavailable, handler.Logger)
+		return
+	}
+
 	var req postAuthRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		Error(w, ErrInvalidJSON, http.StatusBadRequest, handler.Logger)