Public random link whilst password protection for the whole gallery

[goooooouwa]

Is your feature request related to a problem? Please describe. Currently while password protection for the whole gallery site is on, the random link will also require authentication. As the random link is mainly used for other clients (e.g. change desktop background periodically), authentication makes it hard to use for the use case.

Describe the solution you'd like I suggest we have a seperate toggle to allow anonymous access specifically to random link whist the password protection for the whole gallery is still on.

Describe alternatives you've considered (optional) I don't know if I can workaround this with public sharing link. It would be easy to get public random link this way.

BTW, thanks for building PiGallery2. I aboslutely love it.

[bpatrik]

Hi,

yeah that is indeed an security issue.

I think password protecting it not a good approach. That would prevent apps to use it, but adding an extra token to the url (like a sharing link) would be a good alternative.

For that it should be possible to share searches, which is not a trivial problem.

[bpatrik]

So, I have misread the original issue. I though that it is posing a security risk, but the other way around, too restrictive. (hence its a enhancement not a bug).

Resolution would be still the same: random link is technically a special search. Making less restrictive random-link requires share-able searches.

I do not want to enable unprotected random-links. A workaround I can recommend is: running the app twice, with --Client-authenticationRequired=false switch to disable password protection (otherwise you can use the same config).