search

arr2036 / omnigollum

Omniauth authentication for gollum
MIT License
145 stars 61 forks source link

authorized_users documentation vs code #42

Open ghost opened 8 years ago

ghost commented 8 years ago

The default option :authorized_users => [] and the code that checks if a user is authorized (when Rexexp, when Array, else) implies that the default option for authorized users is actually an empty list, rather than all authenticated users.

The README still says:

By default, any authenticated user will be able to access the protected routes. Restrict this by setting the authorized_users option.

But, with the default option, an authenticated user will get: User was not found in the authorized users list

In practice, this default-open setting can be enabled by setting :authorized_users => nil in the config.rb file.

tnt commented 7 years ago

I'd consider this a bug. It behaved different in older versions. The default was probably actually nil.

cmazakas commented 6 years ago

Thank you for this issue! I was having trouble as well with following the docs. Manually assigning to nil makes everything work perfectly :)