The original PR tries to set a default value for the config option, which makes the config parser fail. Removing it still results in false default behaviour.
I do not know what the behaviour would be with a provider other than google. This probably should not be merged as-is.
Testing
You can find the binaries of this change here and ghrc.io docker images here.
Hi, love the project and thanks for maintaining @thomseddon
Okay so, I've run into an issue where a user will authenticate with an erroneous email address and then be stuck on 'Not authorized', I don't think it's anything new, and the issue seems well documented with #147 and #103
The current workflow for remedying the issue currently seems to be to clear your auth cookie manually which is a little bit awkward for end-users.
My goal with this pull request was to create a more user-friendly workflow for allowing the user to retry with a new email address, without degrading any security features of the project.
My intention was as follows:
Find the point where a user's email address is checked against the allow list
Clear the auth cookie with as much pre-existing code as possible (using the existing ClearCookie function)
Give the user feedback, prompting them to try again
Set up a config flag that allows for this feature to be turned on or off
Default this feature to off as to not affect existing workflows
This is my first time touching Go, so definitely check over my changes.
This fixes the small bug in https://github.com/thomseddon/traefik-forward-auth/pull/286 and adds a test.
The original PR tries to set a default value for the config option, which makes the config parser fail. Removing it still results in
falsedefault behaviour.I do not know what the behaviour would be with a provider other than google. This probably should not be merged as-is.
Testing
You can find the binaries of this change here and ghrc.io docker images here.
Original PR (https://github.com/thomseddon/traefik-forward-auth/pull/286)
Hi, love the project and thanks for maintaining @thomseddon
Okay so, I've run into an issue where a user will authenticate with an erroneous email address and then be stuck on 'Not authorized', I don't think it's anything new, and the issue seems well documented with #147 and #103
The current workflow for remedying the issue currently seems to be to clear your auth cookie manually which is a little bit awkward for end-users.
My goal with this pull request was to create a more user-friendly workflow for allowing the user to retry with a new email address, without degrading any security features of the project.
My intention was as follows:
Find the point where a user's email address is checked against the allow list Clear the auth cookie with as much pre-existing code as possible (using the existing ClearCookie function) Give the user feedback, prompting them to try again Set up a config flag that allows for this feature to be turned on or off Default this feature to off as to not affect existing workflows This is my first time touching Go, so definitely check over my changes.
Thanks again, Luis