mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-09 20:35:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

always check rules even if auth is disabled

Browse source
This commit is contained in:
miloschwartz 2025-02-24 22:52:38 -05:00
parent ec9d02a735
commit e4789c6b08
No known key found for this signature in database
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
server/routers/badger/verifySession.ts
View file

@ -142,16 +142,6 @@ export async function verifyResourceSession(
return notAllowed(res); return notAllowed(res);
} }
if (
!resource.sso &&
!pincode &&
!password &&
!resource.emailWhitelistEnabled
) {
logger.debug("Resource allowed because no auth");
return allowed(res);
}
// check the rules // check the rules
if (resource.applyRules) { if (resource.applyRules) {
const action = await checkRules( const action = await checkRules(
@ -171,6 +161,16 @@ export async function verifyResourceSession(
// otherwise its undefined and we pass // otherwise its undefined and we pass
} }
if (
!resource.sso &&
!pincode &&
!password &&
!resource.emailWhitelistEnabled
) {
logger.debug("Resource allowed because no auth");
return allowed(res);
}
const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent( const redirectUrl = `${config.getRawConfig().app.dashboard_url}/auth/resource/${encodeURIComponent(
resource.resourceId resource.resourceId
)}?redirect=${encodeURIComponent(originalRequestURL)}`; )}?redirect=${encodeURIComponent(originalRequestURL)}`;