Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor proxy request authentication #4401

Closed
C0rby opened this issue Aug 17, 2022 · 0 comments · Fixed by #4461
Closed

Refactor proxy request authentication #4401

C0rby opened this issue Aug 17, 2022 · 0 comments · Fixed by #4461

Comments

@C0rby
Copy link
Contributor

C0rby commented Aug 17, 2022

In #4374 the request authentication was refactored but this solution is still not very clean.
Before that PR the authentication logic had many implicit behaviors e.g. unauthenticated requests were still forwarded and reva has it's own authentication handler which is why this worked.

But the clean way would be to explicitly handle the authentication in the proxy service and only forward the requests when they were successfully authenticated or when the request is made to "unprotected" paths.

One way to do that would be to add an "unprotected" flag to the proxy routes. Then we would need to route the request before invoking the authentication middleware so that we get the extra information into the context.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[full-ci] Refactor proxy to get rid of the hardcoded unprotected lists owncloud/ocis
1 participant
@C0rby