From fc197df0564e24c32e6de08ab9c59e5534a5d71e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sat, 20 Jul 2024 15:48:46 +0200
Subject: [PATCH] relay/api: allow clients without authentication when no relay
 password is defined and option relay.network.allow_empty_password is on
 (issue #2158)

---
 CHANGELOG.md                   |   1 +
 src/plugins/relay/relay-http.c | 124 ++++++++++++++++++---------------
 2 files changed, 68 insertions(+), 57 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 462eb37d3..e25098afe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -52,6 +52,7 @@
 - ruby: fix builtin functions not available ([#2109](https://github.com/weechat/weechat/issues/2109))
 - php: fix return value of function hdata_longlong
 - tcl: fix return value of function hdata_longlong ([#2119](https://github.com/weechat/weechat/issues/2119))
+- relay/api: allow clients without authentication when no relay password is defined and option relay.network.allow_empty_password is on ([#2158](https://github.com/weechat/weechat/issues/2158))
 - relay/api: fix timezone of dates sent to clients ([#2151](https://github.com/weechat/weechat/issues/2151))
 - relay/api: fix "body_type" returned when lines or nicks of a buffer are requested
 - relay/api: fix read of one buffer line
diff --git a/src/plugins/relay/relay-http.c b/src/plugins/relay/relay-http.c
index a443c7925..622b9d14e 100644
--- a/src/plugins/relay/relay-http.c
+++ b/src/plugins/relay/relay-http.c
@@ -579,72 +579,82 @@ relay_http_get_auth_status (struct t_relay_client *client)
         goto end;
     }
 
-    auth = weechat_hashtable_get (client->http_req->headers, "authorization");
-    if (!auth || (weechat_strncasecmp (auth, "basic ", 6) != 0))
-    {
-        rc = -1;
-        goto end;
-    }
-
-    pos = auth + 6;
-    while (pos[0] == ' ')
-    {
-        pos++;
-    }
-
-    length = strlen (pos);
-    user_pass = malloc (length + 1);
-    if (!user_pass)
-    {
-        rc = -8;
-        goto end;
-    }
-    length = weechat_string_base_decode ("64", pos, user_pass);
-    if (length < 0)
+    if (!relay_password[0]
+        && !weechat_config_boolean (relay_config_network_allow_empty_password))
     {
         rc = -2;
         goto end;
     }
-    if (strncmp (user_pass, "plain:", 6) == 0)
+
+    if (relay_password[0])
     {
-        switch (relay_auth_check_password_plain (client, user_pass + 6, relay_password))
+        auth = weechat_hashtable_get (client->http_req->headers, "authorization");
+        if (!auth || (weechat_strncasecmp (auth, "basic ", 6) != 0))
         {
-            case 0: /* password OK */
-                break;
-            case -1: /* "plain" is not allowed */
-                rc = -5;
-                goto end;
-            case -2: /* invalid password */
-            default:
-                rc = -2;
-                goto end;
+            rc = -1;
+            goto end;
         }
-    }
-    else if (strncmp (user_pass, "hash:", 5) == 0)
-    {
-        switch (relay_auth_password_hash (client, user_pass + 5, relay_password))
+
+        pos = auth + 6;
+        while (pos[0] == ' ')
         {
-            case 0: /* password OK */
-                break;
-            case -1: /* invalid hash algorithm */
-                rc = -5;
-                goto end;
-            case -2: /* invalid timestamp */
-                rc = -6;
-                goto end;
-            case -3: /* invalid iterations */
-                rc = -7;
-                goto end;
-            case -4: /* invalid password */
-            default:
-                rc = -2;
-                goto end;
+            pos++;
+        }
+
+        length = strlen (pos);
+        user_pass = malloc (length + 1);
+        if (!user_pass)
+        {
+            rc = -8;
+            goto end;
+        }
+        length = weechat_string_base_decode ("64", pos, user_pass);
+        if (length < 0)
+        {
+            rc = -2;
+            goto end;
+        }
+        if (strncmp (user_pass, "plain:", 6) == 0)
+        {
+            switch (relay_auth_check_password_plain (client, user_pass + 6, relay_password))
+            {
+                case 0: /* password OK */
+                    break;
+                case -1: /* "plain" is not allowed */
+                    rc = -5;
+                    goto end;
+                case -2: /* invalid password */
+                default:
+                    rc = -2;
+                    goto end;
+            }
+        }
+        else if (strncmp (user_pass, "hash:", 5) == 0)
+        {
+            switch (relay_auth_password_hash (client, user_pass + 5, relay_password))
+            {
+                case 0: /* password OK */
+                    break;
+                case -1: /* invalid hash algorithm */
+                    rc = -5;
+                    goto end;
+                case -2: /* invalid timestamp */
+                    rc = -6;
+                    goto end;
+                case -3: /* invalid iterations */
+                    rc = -7;
+                    goto end;
+                case -4: /* invalid password */
+                default:
+                    rc = -2;
+                    goto end;
+            }
+        }
+        else
+        {
+            rc = -2;
+            goto end;
         }
-    }
-    else
-    {
-        rc = -2;
-        goto end;
     }
 
     totp_secret = weechat_string_eval_expression (