From 8d3f45074c0edb2b07cae3987d646e658b9310e8 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 20 Dec 2019 12:18:21 +0000
Subject: [PATCH] Always set the keystore shard in maybeUnlockKeystore()

---
 server/http.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/http.go b/server/http.go
index 83e253f..d781697 100644
--- a/server/http.go
+++ b/server/http.go
@@ -193,7 +193,6 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
 		return false, nil
 	}
 
-	var shard string
 	if len(h.keystoreGroups) > 0 {
 		if userinfo == nil {
 			return false, nil
@@ -201,8 +200,13 @@ func (h *Server) maybeUnlockKeystore(ctx context.Context, username, password str
 		if !inAnyGroups(userinfo.Groups, h.keystoreGroups) {
 			return false, nil
 		}
+	}
+
+	var shard string
+	if userinfo != nil {
 		shard = userinfo.Shard
 	}
+
 	// Add a 'grace time' of 30 minutes to the key ttl.
 	ttl := h.authSessionLifetime + 1800
 	return true, h.keystore.Open(ctx, shard, username, password, ttl)
-- 
GitLab