Fixing some issues with public endpoints causing logout loop.

This commit is contained in:
mike12345567 2021-07-27 16:17:02 +01:00
parent 1df08ffe35
commit fb562908ee
3 changed files with 5 additions and 7 deletions

View File

@ -23,7 +23,8 @@ function buildNoAuthRegex(patterns) {
})
}
function finalise(ctx, { authenticated, user, internal, version } = {}) {
function finalise(ctx, { authenticated, user, internal, version, publicEndpoint } = {}) {
ctx.publicEndpoint = publicEndpoint || false
ctx.isAuthenticated = authenticated || false
ctx.user = user
ctx.internal = internal || false
@ -90,12 +91,12 @@ module.exports = (noAuthPatterns = [], opts) => {
authenticated = false
}
// isAuthenticated is a function, so use a variable to be able to check authed state
finalise(ctx, { authenticated, user, internal, version })
finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
return next()
} catch (err) {
// allow configuring for public access
if ((opts && opts.publicAllowed) || publicEndpoint) {
finalise(ctx, { authenticated: false, version })
finalise(ctx, { authenticated: false, version, publicEndpoint })
} else {
ctx.throw(err.status || 403, err)
}

View File

@ -16,9 +16,6 @@
// Force creation of an admin user if one doesn't exist
$: {
console.log(`loaded: ${loaded}`)
console.log(`tenancy: ${multiTenancyEnabled}`)
console.log(`tenant set: ${tenantSet}`)
if (loaded && multiTenancyEnabled && !tenantSet) {
$redirect("./auth/org")
} else if (loaded && !hasAdminUser) {

View File

@ -56,7 +56,7 @@ router
.use(buildAuthMiddleware(PUBLIC_ENDPOINTS))
// for now no public access is allowed to worker (bar health check)
.use((ctx, next) => {
if (!ctx.isAuthenticated) {
if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
ctx.throw(403, "Unauthorized - no public worker access")
}
return next()