435de7bdfdbb9976edfa34d7d20874c7689679ba
max
  Tue Jun 26 01:48:46 2018 -0700
Allowing non-basic-auth connections again.

This reverts commit 92caf6b44d2a66bf52d2e41961355a325d9d16fb.

diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c
index dbfcd69..33f27e0 100644
--- src/hg/lib/wikiLink.c
+++ src/hg/lib/wikiLink.c
@@ -361,32 +361,36 @@
 int wordCount = chopString(tokenPlain, ":", words, ArraySize(words));
 if (wordCount!=2)
     errAbort("wikiLink/basicAuthUser: got illegal basic auth token");
 char *user = words[0];
 
 return user;
 }
 
 char *wikiLinkUserName()
 /* Return the user name specified in cookies from the browser, or NULL if 
  * the user doesn't appear to be logged in. */
 {
 if (loginUseBasicAuth())
     {
     char *token = getHttpBasicToken();
-    if (!token) 
-        printTokenErrorAndExit();
+    //XX The following should be uncommented for security reasons
+    //if (!token) 
+        //printTokenErrorAndExit();
+    // May 2017: Allowing normal login even when HTTP Basic is enabled. This may be insecure. 
+    // Keeping it insecure pending Jim's/Clay's approval, for backwards compatibility.
+    if (token) 
         return basicAuthUser(token);
     }
 
 if (loginSystemEnabled())
     {
     if (! alreadyAuthenticated)
         loginValidateCookies();
     if (authenticated)
         return cloneString(getLoginUserName());
     }
 else if (wikiLinkEnabled())
     {
     char *wikiUserName = findCookieData(wikiLinkUserNameCookie());
     char *wikiLoggedIn = findCookieData(wikiLinkLoggedInCookie());
     if (isNotEmpty(wikiLoggedIn) && isNotEmpty(wikiUserName))