Skip to content

Disable auth check to support older clients#10

Merged
cpg merged 3 commits intoamahi:non-admin-usersfrom
csoni111:disable-auth
Jul 5, 2018
Merged

Disable auth check to support older clients#10
cpg merged 3 commits intoamahi:non-admin-usersfrom
csoni111:disable-auth

Conversation

@csoni111
Copy link
Member

@csoni111 csoni111 commented Jun 30, 2018

It disables auth check (so no 401 or 403 status codes are sent) so that older clients do not start throwing errors but if an Authorization header is supplied (by newer clients), then sends appropriate response (ex limiting shares to what that user can see).

@csoni111
Copy link
Member Author

csoni111 commented Jul 3, 2018

To re enable auth check for everyone sometime in future, we only need to remove the isAdmin method and keep only else part in authMiddleware, shareReadAccess and shareWriteAccess in auth.go file.

cpg
cpg reviewed Jul 3, 2018
View reviewed changes
src/fs/auth.go Outdated
data := make(map[string]interface{})
err := decoder.Decode(&data)
if err != nil {
panic(err)
Copy link
Member

@cpg cpg Jul 3, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this mean that client data in json (malformed) may crash our service?

Copy link
Member Author

@csoni111 csoni111 Jul 3, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing it out. I have corrected it.

@cpg cpg merged commit 8a12c2a into amahi:non-admin-users Jul 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cpg cpg cpg left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@csoni111 @cpg