From 6ee4d3daaaa8cedd73cb6a5a4f9fc7b9ccd0cd5f Mon Sep 17 00:00:00 2001
From: SamTV12345 <40429738+samtv12345@users.noreply.github.com>
Date: Sun, 2 Jul 2023 17:48:16 +0200
Subject: [PATCH] Fixed password with only numbers being rejected.

---
 src/node/hooks/express/webaccess.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 81ed69b0..e0a5bd08 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -149,7 +149,10 @@ const checkAccess = async (req, res, next) => {
   if (!(await aCallFirst0('authenticate', ctx))) {
     // Fall back to HTTP basic auth.
     const {[ctx.username]: {password} = {}} = settings.users;
-    if (!httpBasicAuth || !ctx.username || password == null || password !== ctx.password) {
+
+    if (!httpBasicAuth ||
+        !ctx.username ||
+        password == null || password.toString() !== ctx.password) {
       httpLogger.info(`Failed authentication from IP ${req.ip}`);
       if (await aCallFirst0('authnFailure', {req, res})) return;
       if (await aCallFirst0('authFailure', {req, res, next})) return;