From e4789c6b0812097d47a6f02faa9b1eac89ff8ec6 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 24 Feb 2025 22:52:38 -0500
Subject: [PATCH] always check rules even if auth is disabled

---
 server/routers/badger/verifySession.ts | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index fc1c85f5..1af2eb9e 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -142,16 +142,6 @@ export async function verifyResourceSession(
             return notAllowed(res);
         }
 
-        if (
-            !resource.sso &&
-            !pincode &&
-            !password &&
-            !resource.emailWhitelistEnabled
-        ) {
-            logger.debug("Resource allowed because no auth");
-            return allowed(res);
-        }
-
         // check the rules
         if (resource.applyRules) {
             const action = await checkRules(
@@ -171,6 +161,16 @@ export async function verifyResourceSession(
             // otherwise its undefined and we pass
         }
 
+        if (
+            !resource.sso &&
+            !pincode &&
+            !password &&
+            !resource.emailWhitelistEnabled
+        ) {
+            logger.debug("Resource allowed because no auth");
+            return allowed(res);
+        }
+
         const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent(
             resource.resourceId
         )}?redirect=${encodeURIComponent(originalRequestURL)}`;