From ca372c8e16204ebf6e2a937c4aa03d16c9ca0851 Mon Sep 17 00:00:00 2001
From: Francesco Faraone <ffaraone@gmail.com>
Date: Mon, 13 Apr 2026 16:33:56 +0200
Subject: [PATCH] MPT-20242 don't enable auth in frontend if disabled by
 settings

---
 mrok/frontend/main.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/mrok/frontend/main.py b/mrok/frontend/main.py
index 4aa6d4e..a0ac8fa 100644
--- a/mrok/frontend/main.py
+++ b/mrok/frontend/main.py
@@ -32,8 +32,6 @@ def load_config(self):
 
     def load(self):
         settings = get_settings()
-        auth_manager = HTTPAuthManager(settings.controller.auth)
-
         frontend_app = FrontendProxyApp(
             str(self.options["mrok"]["identity_file"]),
             max_connections=self.options["mrok"]["max_connections"],
@@ -42,10 +40,11 @@ def load(self):
         )
         app = ASGIAppWrapper(frontend_app)
         app.add_middleware(HealthCheckMiddleware)
-        app.add_middleware(
-            ASGIAuthenticationMiddleware,
-            auth_manager=auth_manager,
-        )
+        if settings.frontend.auth.enabled:
+            app.add_middleware(
+                ASGIAuthenticationMiddleware,
+                auth_manager=HTTPAuthManager(settings.frontend.auth),
+            )
         return app