From fd228b09c2fcf5b4bdc00711582098303a0faaa8 Mon Sep 17 00:00:00 2001
From: Juliusz Chroboczek <jch@irif.fr>
Date: Fri, 29 Apr 2022 01:36:02 +0200
Subject: [PATCH] Fix checking for username when token is present.

---
 group/group.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/group/group.go b/group/group.go
index 19fe5ca..38b7d14 100644
--- a/group/group.go
+++ b/group/group.go
@@ -1075,11 +1075,10 @@ func GetDescription(name string) (*Description, error) {
 }
 
 func (desc *Description) GetPermission(group string, creds ClientCredentials) (string, []string, error) {
-	if !desc.AllowAnonymous && creds.Username == "" {
-		return "", nil, ErrAnonymousNotAuthorised
-	}
-
 	if creds.Token == "" {
+		if !desc.AllowAnonymous && creds.Username == "" {
+			return "", nil, ErrAnonymousNotAuthorised
+		}
 		if found, good := matchClient(group, creds, desc.Op); found {
 			if good {
 				var p []string
@@ -1111,6 +1110,9 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
 		log.Printf("Token authentication: %v", err)
 		return "", nil, ErrNotAuthorised
 	}
+	if !desc.AllowAnonymous && sub == "" {
+		return "", nil, ErrAnonymousNotAuthorised
+	}
 	conf, err := GetConfiguration()
 	if err != nil {
 		log.Printf("Read config.json: %v", err)
@@ -1154,7 +1156,7 @@ type Status struct {
 	ClientCount *int   `json:"clientCount,omitempty"`
 }
 
-func (g *Group) Status (authentified bool) Status {
+func (g *Group) Status(authentified bool) Status {
 	desc := g.Description()
 	d := Status{
 		Name:        g.name,