Ensure basic auth and body are only tested if explicitly set (#28)

* Ensure basic auth and body are only tested if explicitly set * Update CHANGELOG.md
elastic · Sep 30, 2021 · 81b9d4a · 81b9d4a
1 parent 3eea352
commit 81b9d4a
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,15 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Added
+
+- Added file template helper function. [#25](https://github.com/elastic/stream/pull/25)
+- Added regular expression-based body matching [#26](https://github.com/elastic/stream/pull/26)
+
+### Fixed
+
+- Ensure basic auth and body are only tested if explicitly set. [#28](https://github.com/elastic/stream/pull/28)
+
 ## [0.5.0]
 
 - Added option to set up custom buffer size for the log reader. [#22](https://github.com/elastic/stream/pull/22)

diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go
@@ -174,7 +174,13 @@ func newHandlerFromConfig(config *config, logger *zap.SugaredLogger) (http.Handl
 
 		route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool {
 			user, password, _ := r.BasicAuth()
-			return rule.User == user && rule.Password == password
+			if rule.User != "" && user != rule.User {
+				return false
+			}
+			if rule.Password != "" && password != rule.Password {
+				return false
+			}
+			return true
 		})
 
 		var bodyRE *regexp.Regexp
@@ -187,6 +193,9 @@ func newHandlerFromConfig(config *config, logger *zap.SugaredLogger) (http.Handl
 			}
 		}
 		route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool {
+			if rule.RequestBody == "" {
+				return true
+			}
 			body, err := ioutil.ReadAll(r.Body)
 			if err != nil {
 				return false