From 54f39c0777e34ffc2e623d1adef2fc18a34b9c23 Mon Sep 17 00:00:00 2001
From: Elvis Pranskevichus <elvis@edgedb.com>
Date: Thu, 18 Apr 2024 22:32:26 -0700
Subject: [PATCH] Drop ad-hoc TLS requirement from `JWT` and `Password` auth
 (#7231)

---
 edb/server/protocol/protocol.pyx | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/edb/server/protocol/protocol.pyx b/edb/server/protocol/protocol.pyx
index 772c6cd5550..d5bfde55c1d 100644
--- a/edb/server/protocol/protocol.pyx
+++ b/edb/server/protocol/protocol.pyx
@@ -877,17 +877,9 @@ cdef class HttpProtocol:
                     # If the auth method and the provided auth information
                     # match, try to resolve the authentication.
                     if authmethod_name == 'JWT' and scheme == 'bearer':
-                        if not self.is_tls:
-                            raise errors.AuthenticationError(
-                                'JWT HTTP auth must use HTTPS')
-
                         auth_helpers.auth_jwt(
                             self.tenant, auth_payload, username, dbname)
                     elif authmethod_name == 'Password' and scheme == 'basic':
-                        if not self.is_tls:
-                            raise errors.AuthenticationError(
-                                'Basic HTTP auth must use HTTPS')
-
                         auth_helpers.auth_basic(
                             self.tenant, username, opt_password)
                     elif authmethod_name == 'Trust':