From 04e1d5c75deeffac10d0559ab4498ba572339a96 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Wed, 23 Apr 2025 13:30:27 +0200
Subject: [PATCH] fix(docker): ensure password hashing only occurs when HTTP
 Basic Authentication is enabled

---
 bootstrap/helpers/docker.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bootstrap/helpers/docker.php b/bootstrap/helpers/docker.php
index 9363e4bf0..f2554f715 100644
--- a/bootstrap/helpers/docker.php
+++ b/bootstrap/helpers/docker.php
@@ -307,7 +307,9 @@ function fqdnLabelsForCaddy(string $network, string $uuid, Collection $domains,
     }
 
     $is_http_basic_auth_enabled = $is_http_basic_auth_enabled && $http_basic_auth_username !== null && $http_basic_auth_password !== null;
-    $hashedPassword = password_hash($http_basic_auth_password, PASSWORD_BCRYPT, ['cost' => 10]);
+    if ($is_http_basic_auth_enabled) {
+        $hashedPassword = password_hash($http_basic_auth_password, PASSWORD_BCRYPT, ['cost' => 10]);
+    }
 
     foreach ($domains as $loop => $domain) {
         $url = Url::fromString($domain);
@@ -362,7 +364,9 @@ function fqdnLabelsForTraefik(string $uuid, Collection $domains, bool $is_force_
 
     $is_http_basic_auth_enabled = $is_http_basic_auth_enabled && $http_basic_auth_username !== null && $http_basic_auth_password !== null;
     $http_basic_auth_label = "http-basic-auth-{$uuid}";
-    $hashedPassword = password_hash($http_basic_auth_password, PASSWORD_BCRYPT, ['cost' => 10]);
+    if ($is_http_basic_auth_enabled) {
+        $hashedPassword = password_hash($http_basic_auth_password, PASSWORD_BCRYPT, ['cost' => 10]);
+    }
 
     if ($is_http_basic_auth_enabled) {
         $labels->push("traefik.http.middlewares.{$http_basic_auth_label}.basicauth.users={$http_basic_auth_username}:{$hashedPassword}");