From 21a3bbf9d60303b175a956989b4fd0dc678640e1 Mon Sep 17 00:00:00 2001
From: quentin <quentin@minster.io>
Date: Wed, 10 Mar 2021 23:16:41 +0100
Subject: [PATCH] server: Authorize only authenticated users when using a
 credentials file

---
 core/modules/server/server.js | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/core/modules/server/server.js b/core/modules/server/server.js
index b4859a2b4..85463fb9b 100644
--- a/core/modules/server/server.js
+++ b/core/modules/server/server.js
@@ -52,14 +52,21 @@ function Server(options) {
 	// Initialize browser-caching
 	this.enableBrowserCache = this.get("use-browser-cache") === "yes";
 	// Initialise authorization
-	var authorizedUserName = (this.get("username") && this.get("password")) ? this.get("username") : "(anon)";
+	var authorizedUserName;
+	if(this.get("username") && this.get("password")) {
+		authorizedUserName = this.get("username");
+	} else if(this.get("credentials")) {
+		authorizedUserName = "(authenticated)";
+	} else {
+		authorizedUserName = "(anon)";
+	}
 	this.authorizationPrincipals = {
 		readers: (this.get("readers") || authorizedUserName).split(",").map($tw.utils.trim),
 		writers: (this.get("writers") || authorizedUserName).split(",").map($tw.utils.trim)
 	}
 	// Load and initialise authenticators
 	$tw.modules.forEachModuleOfType("authenticator", function(title,authenticatorDefinition) {
-		// console.log("Loading server route " + title);
+		// console.log("Loading authenticator " + title);
 		self.addAuthenticator(authenticatorDefinition.AuthenticatorClass);
 	});
 	// Load route handlers