From 75a58b435dd851b2fc379d549edfc0f3281ba2a9 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Tue, 20 Sep 2022 21:40:21 +0200
Subject: [PATCH] reject anon ftp if anon has no read/write

---
 copyparty/ftpd.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/copyparty/ftpd.py b/copyparty/ftpd.py
index 30eeb336..b0d291cf 100644
--- a/copyparty/ftpd.py
+++ b/copyparty/ftpd.py
@@ -56,7 +56,9 @@ class FtpAuth(DummyAuthorizer):
 
         handler.username = uname
 
-        if password and not uname:
+        if (password and not uname) or not (
+            asrv.vfs.aread.get(uname) or asrv.vfs.awrite.get(uname)
+        ):
             raise AuthenticationFailed("Authentication failed.")
 
     def get_home_dir(self, username: str) -> str: