calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-01-29 06:10:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Return unauthorized if header auth is the only one

Browse Source
This commit is contained in:
Owen
2025-10-13 15:20:04 -07:00
parent 6664efaa13
commit 48af91c976
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
messages/en-US.json
View File

@@ -1754,7 +1754,7 @@
"resourceHeaderAuthSetup": "Header Authentication set successfully",
"resourceHeaderAuthSetupDescription": "Header authentication has been successfully set.",
"resourceHeaderAuthSetupTitle": "Set Header Authentication",
"resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Leave both fields blank to remove existing header authentication.",
"resourceHeaderAuthSetupTitleDescription": "Set the basic auth credentials (username and password) to protect this resource with HTTP Header Authentication. Access it using the format https://username:password@resource.example.com",
"resourceHeaderAuthSubmit": "Set Header Authentication",
"actionSetResourceHeaderAuth": "Set Header Authentication",
"enterpriseEdition": "Enterprise Edition",

5
server/routers/badger/verifySession.ts
View File

@@ -314,6 +314,11 @@ export async function verifyResourceSession(
logger.debug("Resource allowed because header auth is valid");
return allowed(res);
}
// if there are no other auth methods we need to return unauthorized here
if (!sso && !pincode && !password && !resource.emailWhitelistEnabled) {
return notAllowed(res);
}
}
if (!sessions) {