[Server] handling of token and cookies, auth and session middleware #11003
+117
−70
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Notes for Reviewers
This PR fixes #10977
Meshery
.This caused an issue where users were being redirected to
401 Unauthenticated
page when server was configured to use a specific provider (None
) but because auto-select doesn't; happen on theProvider UI
page, if the user selects a provider different thanNone
it was being treated by the server as unauthorized (sending 401 response directly).The PR ensures if the server is configured to use a specific provider, it gets auto-selected.
Before continuing the server to configure for auto-selection the provided env var
PROVIDER
is verified if it's supported.SessionInjectionMiddleware
was also performing auth checks in addition to checks being already done withAuthMiddleware
.Signed commits