Warn against Falsy credentials (#8683)

* fix(auth): Disallow Falsy credentials Allowing Falsy auth credentials will cause problems later, for example in `hmac.compare_digest(input_password.encode(), correct_password.encode())` as NoneType has no `encode` method. Moreover, allowing empty passwords would make no sense from a security point of view. * fix(auth): Produce warning instead of raising an error * add changeset * add changeset --------- Co-authored-by: gradio-pr-bot <[email protected]>
gradio-app · Jul 2, 2024 · a92c3e8 · a92c3e8
1 parent c946c6f
commit a92c3e8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/.changeset/chubby-spiders-love.md b/.changeset/chubby-spiders-love.md
@@ -0,0 +1,5 @@
+---
+"gradio": patch
+---
+
+feat:Warn against Falsy credentials
diff --git a/gradio/blocks.py b/gradio/blocks.py
@@ -2230,6 +2230,17 @@ def reverse(text):
             self.auth = [auth]
         else:
             self.auth = auth
+
+        if self.auth and not callable(self.auth):
+            if any(not authenticable[0] for authenticable in self.auth):
+                warnings.warn(
+                    "You have provided an empty username in `auth`. Please provide a valid username."
+                )
+            if any(not authenticable[1] for authenticable in self.auth):
+                warnings.warn(
+                    "You have provided an empty password in `auth`. Please provide a valid password."
+                )
+
         self.auth_message = auth_message
         self.show_error = show_error
         self.height = height