Skip to content

Redirect to homepage if login page is requested when token auth is not enabled #5123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Aug 5, 2024
Merged

Redirect to homepage if login page is requested when token auth is not enabled #5123

merged 6 commits into from
Aug 5, 2024
+120 −14

Conversation

@adamint
Copy link
Member

@adamint adamint commented Jul 30, 2024
edited by dotnet-policy-service bot
Loading

Looping in a wider range of reviewers because this is modifying a sensitive code path. Fixes #3775 by redirecting if the requested path equals /login and auth mode is not token, including when the token query parameter (t) is not included in the URL.

demo, token auth NOT enabled:

Screen.Recording.2024-07-30.at.3.30.58.PM.mov

demo, token auth enabled (login page still shows and works as normal)

Screen.Recording.2024-07-30.at.3.35.34.PM.mov
Microsoft Reviewers: Open in CodeFlow

@ghost ghost added the area-dashboard label Jul 30, 2024
JamesNK
JamesNK requested changes Jul 30, 2024
View reviewed changes
Copy link
Member

@JamesNK JamesNK left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test please. Can either be an integration test or you could test the middleware on its own.

@dotnet-policy-service dotnet-policy-service bot added the needs-author-action An issue or pull request that requires more info or actions from the author. label Jul 30, 2024
@adamint adamint requested a review from JamesNK July 31, 2024 15:54
@adamint
Copy link
Member Author

adamint commented Jul 31, 2024

Test please. Can either be an integration test or you could test the middleware on its own.

Tested middleware in isolation

https://github.com/dotnet/aspire/pull/5123/files#diff-7a2aaaa04e1d12692092b7e6f57a966eb5450d85638bce7c0158ed615c93bad1

@dotnet-policy-service dotnet-policy-service bot removed the needs-author-action An issue or pull request that requires more info or actions from the author. label Jul 31, 2024
@adamint adamint requested a review from JamesNK August 1, 2024 20:05
@build-analysis build-analysis bot mentioned this pull request Aug 1, 2024
Closed
@adamint
Copy link
Member Author

adamint commented Aug 1, 2024

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 1, 2024

Azure Pipelines successfully started running 1 pipeline(s).

@build-analysis build-analysis bot mentioned this pull request Aug 1, 2024
Open
3 tasks
@adamint
Copy link
Member Author

adamint commented Aug 2, 2024

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 2, 2024

Azure Pipelines successfully started running 1 pipeline(s).

@adamint
Copy link
Member Author

adamint commented Aug 2, 2024

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 2, 2024

Azure Pipelines successfully started running 1 pipeline(s).

JamesNK
JamesNK reviewed Aug 2, 2024
View reviewed changes
@adamint adamint merged commit 0a3e89d into dotnet:main Aug 5, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Sep 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@JamesNK JamesNK JamesNK approved these changes

@drewnoakes drewnoakes Awaiting requested review from drewnoakes

@danmoseley danmoseley Awaiting requested review from danmoseley

@eerhardt eerhardt Awaiting requested review from eerhardt

@tlmii tlmii Awaiting requested review from tlmii

Assignees

No one assigned

Labels

area-dashboard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Token login page should redirect to root if token auth is not configured

2 participants

@adamint @JamesNK