From df2092d5e39d0707541af015934f6836d865a67c Mon Sep 17 00:00:00 2001
From: Francesco Servida <git.fservida@gmail.com>
Date: Tue, 15 Feb 2022 23:40:23 +0100
Subject: [PATCH] Implemented check for header auth enabled also in backend

---
 src/Ombi/Controllers/V1/TokenController.cs | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/Ombi/Controllers/V1/TokenController.cs b/src/Ombi/Controllers/V1/TokenController.cs
index 66cc66acf..67f0e1189 100644
--- a/src/Ombi/Controllers/V1/TokenController.cs
+++ b/src/Ombi/Controllers/V1/TokenController.cs
@@ -283,13 +283,9 @@ namespace Ombi.Controllers.V1
         {
             string username = null;
 
-            // Check if Header Auth is enabled and Proxy IP is trusted
-            // TODO
-            // var ombiSettings = await repo.GetSettingsAsync();
-            // END TODO
             var authSettings = await _authSettings.GetSettingsAsync();
             _log.LogInformation("Logging with header: " + authSettings.HeaderAuthVariable);
-            if (authSettings.HeaderAuthVariable != null)
+            if (authSettings.HeaderAuthVariable != null && authSettings.EnableHeaderAuth)
             {
                 if (Request.HttpContext?.Request?.Headers != null && Request.HttpContext.Request.Headers.ContainsKey(authSettings.HeaderAuthVariable))
                 {