Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow users to escape 'Not authorized' when their email address is not found on the allow-list #286

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

luisvsm
Copy link

@luisvsm luisvsm commented Nov 30, 2021

Hi, love the project and thanks for maintaining @thomseddon

Okay so, I've run into an issue where a user will authenticate with an erroneous email address and then be stuck on 'Not authorized', I don't think it's anything new, and the issue seems well documented with #147 and #103

The current workflow for remedying the issue currently seems to be to clear your auth cookie manually which is a little bit awkward for end-users.

My goal with this pull request was to create a more user-friendly workflow for allowing the user to retry with a new email address, without degrading any security features of the project.

My intention was as follows:

  1. Find the point where a user's email address is checked against the allow list
  2. Clear the auth cookie with as much pre-existing code as possible (using the existing ClearCookie function)
  3. Give the user feedback, prompting them to try again
  4. Set up a config flag that allows for this feature to be turned on or off
  5. Default this feature to off as to not affect existing workflows

This is my first time touching Go, so definitely check over my changes.

Thanks again,
Luis

@luisvsm luisvsm changed the title Allow users to escape 'Not authorized' when their email address is now found on the allow-list Allow users to escape 'Not authorized' when their email address is not found on the allow-list Jan 17, 2022
@LennardSchwarz
Copy link

Hi Luis,
thanks for your work! I also ran into the issue and could solve it with your PR. See #392

@luisvsm
Copy link
Author

luisvsm commented Sep 18, 2024

Awesome I'm glad that it helped :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants