Send authenticated requests even when API token is empty

[sterrenb]

Source: https://www.reddit.com/r/pihole/comments/gqafe5/flutterhole_an_android_app_for_pihole_has_been/frsdhqm

Interesting...here's what I got.

Request:
http://pi.hole/admin/api.php?enable&auth=No%20password%20set

Response:
Not authorized

--

Request:
http://pi.hole/admin/api.php?enable&auth=

Response:
{"status": "enabled"}

So it seems like it returns just the plaintext not authorized wih the 'wrong' API key. Perhaps its due to the space escaping..however having no spaces at all:http://pi.hole/admin/api.php?enable&auth=Nopasswordset it also returns the same Not authorized string.

Weird how you just get [].

For reference this is Pi-Hole v5:

$ pihole version Pi-hole version is v5.0 (Latest: v5.0) AdminLTE version is v5.0 (Latest: v5.0) FTL version is v5.0 (Latest: v5.0)

[chan-vince]

Thanks for making an issue on my behalf!

I think the ideal solution would be to maintain the UX you already have with the "Require API token for authenticated requests" checkbox.

If the user has left that unticked, then the requests are the same, including a blank query parameter for auth. If the user has ticked the box, then use auth parameter is whatever they put in the textbox.

Does that make any sense?