(core) clean up interaction of forward auth with session

Summary: For self-hosted Grist, forward auth has proven useful, where some proxy wrapped around Grist manages authentication, and passes on user information to Grist in a trusted header. The current implementation is adequate when Grist is the only place where the user logs in or out, but is confusing otherwise (see https://github.com/gristlabs/grist-core/issues/207). Here we take some steps to broaden the scenarios Grist's forward auth support can be used with: * When a trusted header is present and is blank, treat that as the user not being logged in, and don't look any further for identity information. Specifically, don't look in Grist's session information. * Add a `GRIST_IGNORE_SESSION` flag to entirely prevent Grist from picking up identity information from a cookie, in order to avoid confusion between multiple login methods. * Add tests for common scenarios. Test Plan: added tests Reviewers: georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D3482
2026-03-02 04:09:24 +00:00 · 2022-06-15 10:29:29 -04:00
parent 0005ad013e
commit 561d9696aa
10 changed files with 263 additions and 151 deletions
--- a/app/common/gutil.ts
+++ b/app/common/gutil.ts
@@ -150,6 +150,17 @@ export function undef<T extends Array<any>>(...list: T): Undef<T> {
  return undefined as any;
 }

+/**
+ * Like undef, but each element of list is a method that is only called
+ * if needed, and promises are supported. No fancy type inference though, sorry.
+ */
+export async function firstDefined<T>(...list: Array<() => Promise<T>>): Promise<T | undefined> {
+  for(const op of list) {
+    const value = await op();
+    if (value !== undefined) { return value; }
+  }
+  return undefined;
+}

 /**
 * Parses json and returns the result, or returns defaultVal if parsing fails.