reenable password check for upload

1 files changed, 19 insertions, 20 deletions

diff --git a/src/rhimportd/uploadWeb.go b/src/rhimportd/uploadWeb.go
index 4dc0368..4b56a43 100644
--- a/src/rhimportd/uploadWeb.go
+++ b/src/rhimportd/uploadWeb.go
@@ -88,26 +88,25 @@ func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport
 	}
 
 	username := r.FormValue("LOGIN_NAME")
-	// TODO: re-add this after testing is done!!!!
-	// password := r.FormValue("PASSWORD")
-	// if username == "" {
-	// 	webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME")
-	// 	return
-	// }
-	// if password == "" {
-	// 	webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME")
-	// 	return
-	// }
-
-	// if authenticated, err := db.CheckPassword(username, password); err != nil {
-	// 	rhl.Printf("WebUploadHandler: error checking username/password: %v", err)
-	// 	webUploadErrorResponse(w, http.StatusUnauthorized, err.Error())
-	// 	return
-	// } else if !authenticated {
-	// 	rhl.Printf("WebUploadHandler: invalid username/password")
-	// 	webUploadErrorResponse(w, http.StatusUnauthorized, "invalid username/password")
-	// 	return
-	// }
+	password := r.FormValue("PASSWORD")
+	if username == "" {
+		webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME")
+		return
+	}
+	if password == "" {
+		webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME")
+		return
+	}
+
+	if authenticated, err := db.CheckPassword(username, password); err != nil {
+		rhl.Printf("WebUploadHandler: error checking username/password: %v", err)
+		webUploadErrorResponse(w, http.StatusUnauthorized, err.Error())
+		return
+	} else if !authenticated {
+		rhl.Printf("WebUploadHandler: invalid username/password")
+		webUploadErrorResponse(w, http.StatusUnauthorized, "invalid username/password")
+		return
+	}
 
 	src, hdr, err := r.FormFile("FILENAME")
 	if err != nil {