return authentication header, if the login attempt limit is disabled

scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java

@@ -484,12 +484,25 @@ public class ScmConfiguration
     return forceBaseUrl;
   }
 
+  /**
+   * Returns true if the login attempt limit is enabled.
+   *
+   *
+   * @return true if login attempt limit is enabled
+   *
+   * @since 1.37
+   */
+  public boolean isLoginAttemptLimitEnabled()
+  {
+    return loginAttemptLimit > 0;
+  }
+
   /**
    * Returns true if failed authenticators are skipped.
    *
    *
    * @return true if failed authenticators are skipped
-   * 
+   *
    * @since 1.36
    */
   public boolean isSkipFailedAuthenticators()
@@ -762,11 +775,11 @@ public class ScmConfiguration
   }
 
   /**
-   * If set to true the authentication chain is not stopped, if an 
+   * If set to true the authentication chain is not stopped, if an
    * authenticator finds the user but fails to authenticate the user.
    *
    * @param skipFailedAuthenticators true to skip failed authenticators
-   * 
+   *
    * @since 1.36
    */
   public void setSkipFailedAuthenticators(boolean skipFailedAuthenticators)

scm-plugins/scm-hg-plugin/src/main/java/sonia/scm/web/HgBasicAuthenticationFilter.java

@@ -87,7 +87,8 @@ public class HgBasicAuthenticationFilter extends BasicAuthenticationFilter
     HttpServletResponse response)
     throws IOException
   {
-    if (HgUtil.isHgClient(request))
+    if (HgUtil.isHgClient(request)
+      && (configuration.isLoginAttemptLimitEnabled()))
     {
       response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
     }