gristlabs_grist-core

Archives/gristlabs_grist-core

Fork 0

mirror of https://github.com/gristlabs/grist-core.git synced 2024-09-28 12:10:47 +00:00

Commit Graph

Author	SHA1	Message	Date
Paul Fitzpatrick	561d9696aa	(core) clean up interaction of forward auth with session Summary: For self-hosted Grist, forward auth has proven useful, where some proxy wrapped around Grist manages authentication, and passes on user information to Grist in a trusted header. The current implementation is adequate when Grist is the only place where the user logs in or out, but is confusing otherwise (see https://github.com/gristlabs/grist-core/issues/207). Here we take some steps to broaden the scenarios Grist's forward auth support can be used with: * When a trusted header is present and is blank, treat that as the user not being logged in, and don't look any further for identity information. Specifically, don't look in Grist's session information. * Add a `GRIST_IGNORE_SESSION` flag to entirely prevent Grist from picking up identity information from a cookie, in order to avoid confusion between multiple login methods. * Add tests for common scenarios. Test Plan: added tests Reviewers: georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D3482	2022-06-15 13:06:12 -04:00
Paul Fitzpatrick	1c6f80f956	(core) make it easier to enable Azure storage without setting GRIST_DOCS_S3_BUCKET Summary: Previously, absence of `GRIST_DOCS_S3_BUCKET` was equated with absence of external storage, but that is no longer true now that Azure is available. Azure could be used by setting `GRIST_DOCS_S3_BUCKET` but the alternative `GRIST_AZURE_CONTAINER` flag is friendlier. Test Plan: confirmed manually that Azure can be configured and used now without `GRIST_DOCS_S3_BUCKET` Reviewers: alexmojaki Reviewed By: alexmojaki Subscribers: alexmojaki Differential Revision: https://phab.getgrist.com/D3448	2022-06-03 14:50:31 -04:00

Author

SHA1

Message

Date

Paul Fitzpatrick

561d9696aa

(core) clean up interaction of forward auth with session

Summary:
For self-hosted Grist, forward auth has proven useful, where
some proxy wrapped around Grist manages authentication, and
passes on user information to Grist in a trusted header.
The current implementation is adequate when Grist is the
only place where the user logs in or out, but is confusing
otherwise (see https://github.com/gristlabs/grist-core/issues/207).
Here we take some steps to broaden the scenarios Grist's
forward auth support can be used with:

  * When a trusted header is present and is blank, treat
    that as the user not being logged in, and don't look
    any further for identity information. Specifically,
    don't look in Grist's session information.
  * Add a `GRIST_IGNORE_SESSION` flag to entirely prevent
    Grist from picking up identity information from a cookie,
    in order to avoid confusion between multiple login methods.
  * Add tests for common scenarios.

Test Plan: added tests

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D3482

2022-06-15 13:06:12 -04:00

Paul Fitzpatrick

1c6f80f956

(core) make it easier to enable Azure storage without setting GRIST_DOCS_S3_BUCKET

Summary:
Previously, absence of `GRIST_DOCS_S3_BUCKET` was equated with absence
of external storage, but that is no longer true now that Azure is
available. Azure could be used by setting `GRIST_DOCS_S3_BUCKET`
but the alternative `GRIST_AZURE_CONTAINER` flag is friendlier.

Test Plan:
confirmed manually that Azure can be configured and
used now without `GRIST_DOCS_S3_BUCKET`

Reviewers: alexmojaki

Reviewed By: alexmojaki

Subscribers: alexmojaki

Differential Revision: https://phab.getgrist.com/D3448

2022-06-03 14:50:31 -04:00

2 Commits