-
- Downloads
Don't allow wide-open Google or Github configs
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.
Showing
- cmd/cashierd/main.go 6 additions, 2 deletionscmd/cashierd/main.go
- server/auth/github/github.go 6 additions, 5 deletionsserver/auth/github/github.go
- server/auth/github/github_test.go 13 additions, 3 deletionsserver/auth/github/github_test.go
- server/auth/google/google.go 7 additions, 2 deletionsserver/auth/google/google.go
- server/auth/google/google_test.go 15 additions, 4 deletionsserver/auth/google/google_test.go
Loading
Please register or sign in to comment