gristlabs_grist-core

Archives/gristlabs_grist-core

Fork 0

mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00

Commit Graph

Author	SHA1	Message	Date
George Gevoian	90fb4434cc	Add ws id and doc name params to POST /docs (#655 )	2023-09-05 14:27:35 -04:00
Paul Fitzpatrick	561d9696aa	(core) clean up interaction of forward auth with session Summary: For self-hosted Grist, forward auth has proven useful, where some proxy wrapped around Grist manages authentication, and passes on user information to Grist in a trusted header. The current implementation is adequate when Grist is the only place where the user logs in or out, but is confusing otherwise (see https://github.com/gristlabs/grist-core/issues/207). Here we take some steps to broaden the scenarios Grist's forward auth support can be used with: * When a trusted header is present and is blank, treat that as the user not being logged in, and don't look any further for identity information. Specifically, don't look in Grist's session information. * Add a `GRIST_IGNORE_SESSION` flag to entirely prevent Grist from picking up identity information from a cookie, in order to avoid confusion between multiple login methods. * Add tests for common scenarios. Test Plan: added tests Reviewers: georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D3482	2022-06-15 13:06:12 -04:00
Paul Fitzpatrick	fea8f906d7	(core) add a login method based on headers Summary: This fleshes out header-based authentication a little more to work with traefik-forward-auth. Test Plan: manually tested Reviewers: georgegevoian Reviewed By: georgegevoian Subscribers: alexmojaki Differential Revision: https://phab.getgrist.com/D3348	2022-04-04 18:36:09 -04:00

Author

SHA1

Message

Date

George Gevoian

90fb4434cc

Add ws id and doc name params to POST /docs (#655 )

2023-09-05 14:27:35 -04:00

Paul Fitzpatrick

561d9696aa

(core) clean up interaction of forward auth with session

Summary:
For self-hosted Grist, forward auth has proven useful, where
some proxy wrapped around Grist manages authentication, and
passes on user information to Grist in a trusted header.
The current implementation is adequate when Grist is the
only place where the user logs in or out, but is confusing
otherwise (see https://github.com/gristlabs/grist-core/issues/207).
Here we take some steps to broaden the scenarios Grist's
forward auth support can be used with:

  * When a trusted header is present and is blank, treat
    that as the user not being logged in, and don't look
    any further for identity information. Specifically,
    don't look in Grist's session information.
  * Add a `GRIST_IGNORE_SESSION` flag to entirely prevent
    Grist from picking up identity information from a cookie,
    in order to avoid confusion between multiple login methods.
  * Add tests for common scenarios.

Test Plan: added tests

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D3482

2022-06-15 13:06:12 -04:00

Paul Fitzpatrick

fea8f906d7

(core) add a login method based on headers

Summary:
This fleshes out header-based authentication a little more to
work with traefik-forward-auth.

Test Plan: manually tested

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: alexmojaki

Differential Revision: https://phab.getgrist.com/D3348

2022-04-04 18:36:09 -04:00

3 Commits