Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hotfix #178

Merged
merged 5 commits into from
Jul 19, 2023
Merged

Hotfix #178

merged 5 commits into from
Jul 19, 2023

Conversation

moebiusband73
Copy link
Member

Refactor and document authentication module.
Querstion: Is it on purpose that the authentication is not stopped if an authenticator is successful?

@moebiusband73
Copy link
Member Author

Also the fact that the Cookie based login takes place in Auth and not Login is not optimal.
How does the Header JWT login initiates a session?

@spacehamster87
Copy link
Contributor

spacehamster87 commented Jul 7, 2023
edited
Loading

@ 1) Is the authenticator loop not stopped via ServeHTTP + return as soon as one authenticator succeeds? See

log.Infof("login successfull: user: %#v (roles: %v, projects: %v)", user.Username, user.Roles, user.Projects)
ctx := context.WithValue(r.Context(), ContextUserKey, user)
onsuccess.ServeHTTP(rw, r.WithContext(ctx))
return

@ 2) Indeed we should move the cookie login there as well. Still, we should also better check if there is any hidden reason for the current solution though.

@ 3) URL (Crosslogin) Token is set and then further used in Login() at jwt.go:118, if you mean that.

@moebiusband73 moebiusband73 merged commit 19f2e16 into master Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spacehamster87 spacehamster87 Awaiting requested review from spacehamster87

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@moebiusband73 @spacehamster87