From 00e19399d75a6b341fab5037d59cfd5f4d92915c Mon Sep 17 00:00:00 2001
From: Alex Ling <hkalexling@gmail.com>
Date: Sat, 9 Jan 2021 06:35:26 +0000
Subject: [PATCH] Check login is disabled before accessing default username

---
 src/handlers/auth_handler.cr | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/handlers/auth_handler.cr b/src/handlers/auth_handler.cr
index 42d9cf6..53af8e8 100644
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@@ -75,7 +75,8 @@ class AuthHandler < Kemal::Handler
       #   this is why we check the default username first before checking the
       #   token.
       should_reject = true
-      if Storage.default.username_is_admin Config.current.default_username
+      if Config.current.disable_login &&
+         Storage.default.username_is_admin Config.current.default_username
         should_reject = false
       end
       if env.session.string? "token"