fix(auth): Disallow Falsy credentials

Allowing Falsy auth credentials will cause problems later, for example in `hmac.compare_digest(input_password.encode(), correct_password.encode())` as NoneType has no `encode` method. Moreover, allowing empty passwords would make no sense from a security point of view.
gradio-app · Jul 2, 2024 · 123f771 · 123f771
1 parent 9e0d677
commit 123f771
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/gradio/blocks.py b/gradio/blocks.py
@@ -2230,6 +2230,19 @@ def reverse(text):
             self.auth = [auth]
         else:
             self.auth = auth
+
+        if (
+            auth
+            and not callable(self.auth)
+            and any(
+                not authenticable[0] or not authenticable[1]
+                for authenticable in self.auth
+            )
+        ):
+            raise ValueError(
+                "You must provide a username and password for authentication."
+            )
+
         self.auth_message = auth_message
         self.show_error = show_error
         self.height = height