Commit

src/dashboard.py

@@ -1319,7 +1319,7 @@ class DashboardConfig:
             open(DASHBOARD_CONF, "x")
         self.__config = configparser.ConfigParser(strict=False)
         self.__config.read_file(open(DASHBOARD_CONF, "r+"))
-        self.hiddenAttribute = ["totp_key"]
+        self.hiddenAttribute = ["totp_key", "auth_req"]
         self.__default = {
             "Account": {
                 "username": "admin",
@@ -1661,7 +1661,7 @@ API Routes
 @app.before_request
 def auth_req():
     if request.method.lower() == 'options':
-        return ResponseObject(True)
+        return ResponseObject(True)        
 
     DashboardConfig.APIAccessed = False
     if "api" in request.path:
@@ -1712,16 +1712,21 @@ def auth_req():
                 return response
 
 @app.route(f'{APP_PREFIX}/api/handshake', methods=["GET", "OPTIONS"])
-def API_ValidateAPIKey():
+def API_Handshake():
     return ResponseObject(True)
 
 @app.get(f'{APP_PREFIX}/api/validateAuthentication')
 def API_ValidateAuthentication():
-    token = request.cookies.get("authToken") + ""
-    if token == "" or "username" not in session or session["username"] != token:
-        return ResponseObject(False, "Invalid authentication.")
+    token = request.cookies.get("authToken")
+    if DashboardConfig.GetConfig("Server", "auth_req")[1]:
+        if token is None or token == "" or "username" not in session or session["username"] != token:
+            return ResponseObject(False, "Invalid authentication.")
     return ResponseObject(True)
 
+@app.get(f'{APP_PREFIX}/api/requireAuthentication')
+def API_RequireAuthentication():
+    return ResponseObject(data=DashboardConfig.GetConfig("Server", "auth_req")[1])
+
 @app.post(f'{APP_PREFIX}/api/authenticate')
 def API_AuthenticateLogin():
     data = request.get_json()