From 3bc8f4bec2207c9bc660b408d2ca7e228611c28b Mon Sep 17 00:00:00 2001
From: Me Car <menoc4r@gmail.com>
Date: Mon, 11 Jan 2016 10:17:30 +0900
Subject: [PATCH] Do not register users and connect users without passwords
 when authentication is not activated.

---
 Mage.Server/src/main/java/mage/server/Session.java | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/Mage.Server/src/main/java/mage/server/Session.java b/Mage.Server/src/main/java/mage/server/Session.java
index 9bddf546bd..6d7792c91b 100644
--- a/Mage.Server/src/main/java/mage/server/Session.java
+++ b/Mage.Server/src/main/java/mage/server/Session.java
@@ -75,6 +75,9 @@ public class Session {
     }
 
     public String registerUser(String userName, String password, String email) throws MageException {
+        if (!ConfigSettings.getInstance().isAuthenticationActivated()) {
+            return "Registration is disabled by the server config.";
+        }
         synchronized(AuthorizedUserRepository.instance) {
             String returnMessage = validateUserName(userName);
             if (returnMessage != null) {
@@ -140,9 +143,12 @@ public class Session {
 
     public String connectUserHandling(String userName, String password) throws MageException {
         this.isAdmin = false;
-        AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.get(userName);
-        if (authorizedUser == null || !authorizedUser.doCredentialsMatch(userName, password)) {
-            return "Wrong username or password";
+
+        if (ConfigSettings.getInstance().isAuthenticationActivated()) {
+            AuthorizedUser authorizedUser = AuthorizedUserRepository.instance.get(userName);
+            if (authorizedUser == null || !authorizedUser.doCredentialsMatch(userName, password)) {
+                return "Wrong username or password";
+            }
         }
 
         User user = UserManager.getInstance().createUser(userName, host);