-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server segfaults on parse_url
#139
Comments
This was caused by my config not having appropriate OIDC settings defined. The implementation currently relies on a GET request as part of the OIDC flow. If we want to allow users to authenticate using Basic auth in a browser, we'll need to adjust how the HTTP API handles OIDC. Perhaps an op param can be introduced or a separate endpoint. |
So we definitely need to put bumpers on that use case (missing config items). A separate endpoint might be easier / separate the concerns. |
This commit makes it so that the server only runs OIDC authentication code paths when the OIDC stanza is present. Before this commit, the server would crash when the following was true: - The configuration file did not contain an OIDC stanza. - A user sent a GET request to the /authenticate endpoint. The server crashed because the GET logic of the endpoint handled a special OIDC case.
This commit makes it so that the server only runs OIDC authentication code paths when the OIDC stanza is present. Before this commit, the server would crash when the following was true: - The configuration file did not contain an OIDC stanza. - A user sent a GET request to the /authenticate endpoint. The server crashed because the GET logic of the endpoint handled a special OIDC case.
Supporting authentication using the following syntax is not a requirement of the HTTP API.
For that reason, this issue has been resolved since attempting to do what's described in this issue no longer results in the server crashing. |
Need to add tests for this. |
Bug Report
I attempted to reach the /authenticate endpoint by typing the URL in Google Chrome and before I got the prompt, the server crashed with the following.
Below is what I typed in the browser.
The text was updated successfully, but these errors were encountered: