Closed jamesbornholt closed 9 years ago
sampsyo
commented
9 years ago Ugh, security is hard! :fish:
I think you're right, and I don't know why that line was there in the first place.
Does this mean you've been getting the error message all along, and able to use the jasmine hooknook anyway? If so, can you please check that you're now correctly locked out, since the whitelist there just has me, @uwsampa, and @bholt right now? Then I can add you to the whitelist to let you in legit-like.
jamesbornholt
commented
9 years ago Yep, I was always able to use the jasmine hooknook, but I'm locked out now.
sampsyo
commented
9 years ago So embarrassed. :flushed: You should be good now.
jamesbornholt
commented
9 years ago Yep! Thanks! :see_no_evil:
bholt
commented
9 years ago Haha. :+1:
There's a bug in the authentication logic -- I think you need to delete line 307 in hooknook.py (duplicates line 318). Right now, the github_token session variable gets set even if a user isn't on the whitelist, so even though the "you are not allowed" error gets displayed, you can just navigate back to / and everything will work.