paulproteus / marmoset

Automatically exported from code.google.com/p/marmoset
1 stars 0 forks source link

Users can force authentication method #6

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Even if authentication is set to LDAP, a user can navigate to 
/authenticate/openid/ and attempt to authenticate through OpenID. It's not 
clear what the consequences are, exactly, but it shouldn't be allowed.

Original issue reported on code.google.com by rws...@gmail.com on 7 Jan 2012 at 6:03

GoogleCodeExporter commented 9 years ago
Added filter to /authenticate/* urls that checks that correct authentication 
type is being used.

Original comment by rws...@gmail.com on 8 Jan 2012 at 10:27