patch: bug when disabling password protection being invalid even though it should be disabled

server/endpoints/system.js

@@ -436,14 +436,21 @@ function systemEndpoints(app) {
           return;
         }
 
+        let error = null;
         const { usePassword, newPassword } = reqBody(request);
-        const { error } = await updateENV(
+        if (!usePassword) { // Password is being disabled so directly unset everything to bypass validation.
-          {
+          process.env.AUTH_TOKEN = "";
-            AuthToken: usePassword ? newPassword : "",
+          process.env.JWT_SECRET = "";
-            JWTSecret: usePassword ? v4() : "",
+        } else {
-          },
+          error = await updateENV(
-          true
+            {
-        );
+              AuthToken: newPassword,
+              JWTSecret: v4(),
+            },
+            true
+          )?.error;
+        }
+
         if (process.env.NODE_ENV === "production") await dumpENV();
         response.status(200).json({ success: !error, error });
       } catch (e) {