[BUG] No authentication with only a credentials file

[laomaiweng]

Describe the bug When running TiddlyWiki on Node.js with only a credentials file (tiddlywiki --listen credentials=creds.csv), no login is performed by the basic authenticator. This is because in core/modules/server/server.js, when neither the username/password nor the readers/writers parameters are set, the default authorized username is (anon), thus bypassing authentication (state.allowAnon is set to true in Server.requestHandler).

It would probably make more sense to default to (authenticated) as the default authorized username in the presence of a credentials file, or even to have an additional column in the credentials file indicating which role each username is authorized for.

I will try to submit a PR shortly, implementing the above proposal. Please feel free to suggest a preferred/better approach for this issue!

To reproduce:

1. Run TiddlyWiki on Node.js with no username/password/readers/writers and a credentials file: tiddlywiki --listen credentials=creds.csv
2. Navigate to the wiki URL
3. The wiki can be accessed and modified without authentication

Expected behavior When a credentials file is used, it would make sense for the wiki to require authentication. Currently, this can be worked-around by explicitly providing the readers/writers parameters.

TiddlyWiki Configuration:

• Version: v5.1.23, master
• Saving mechanism: Node.js
• Plugins installed: none

Client:

• OS: Windows, Android (Termux)
• Browser: Chrome
• Version: 88, 89

[Jermolene]

Thanks @laomaiweng I think that's a reasonable approach.