pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-02 00:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

always check rules even if auth is disabled

Browse Source
This commit is contained in:
miloschwartz
2025-02-24 22:52:38 -05:00
parent ec9d02a735
commit e4789c6b08
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/routers/badger/verifySession.ts
View File

@@ -142,16 +142,6 @@ export async function verifyResourceSession(
return notAllowed(res); return notAllowed(res);
} }
if (
!resource.sso &&
!pincode &&
!password &&
!resource.emailWhitelistEnabled
) {
logger.debug("Resource allowed because no auth");
return allowed(res);
}
// check the rules // check the rules
if (resource.applyRules) { if (resource.applyRules) {
const action = await checkRules( const action = await checkRules(
@@ -171,6 +161,16 @@ export async function verifyResourceSession(
// otherwise its undefined and we pass // otherwise its undefined and we pass
} }
if (
!resource.sso &&
!pincode &&
!password &&
!resource.emailWhitelistEnabled
) {
logger.debug("Resource allowed because no auth");
return allowed(res);
}
const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent( const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent(
resource.resourceId resource.resourceId
)}?redirect=${encodeURIComponent(originalRequestURL)}`; )}?redirect=${encodeURIComponent(originalRequestURL)}`;