do not authenticate on handler if bypass backend auth is not set

FerretDB · Feb 19, 2024 · f694f4e · f694f4e
1 parent 8d72103
commit f694f4e
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/internal/handler/authenticate.go b/internal/handler/authenticate.go
@@ -30,7 +30,8 @@ import (
 )
 
 // authenticate validates the user's credentials in the connection with the
-// credentials in the database. If EnableNewAuth is false, it does nothing.
+// credentials in the database. If EnableNewAuth is false or bypass backend auth
+// is set false, it succeeds authentication.
 //
 // When admin.systems.user contains no user, the authentication succeeds until
 // the first user is created.
@@ -39,6 +40,10 @@ func (h *Handler) authenticate(ctx context.Context, msg *wire.OpMsg) error {
 		return nil
 	}
 
+	if !conninfo.Get(ctx).BypassBackendAuth() {
+		return nil
+	}
+
 	adminDB, err := h.b.Database("admin")
 	if err != nil {
 		return lazyerrors.Error(err)