return authentication header, if the login attempt limit is disabled

scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java

@@ -484,6 +484,19 @@ public class ScmConfiguration
     return forceBaseUrl;
   }
 
+  /**
+   * Returns true if the login attempt limit is enabled.
+   *
+   *
+   * @return true if login attempt limit is enabled
+   *
+   * @since 1.37
+   */
+  public boolean isLoginAttemptLimitEnabled()
+  {
+    return loginAttemptLimit > 0;
+  }
+
   /**
    * Returns true if failed authenticators are skipped.
    *

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java

@@ -87,7 +87,8 @@ public class HgBasicAuthenticationFilter extends BasicAuthenticationFilter
     HttpServletResponse response)
     throws IOException
   {
-    if (HgUtil.isHgClient(request))
+    if (HgUtil.isHgClient(request)
+      && (configuration.isLoginAttemptLimitEnabled()))
     {
       response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }