Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Protect against set but empty OAuth variables #1292

Merged
merged 2 commits into from Jun 25, 2018

Conversation

Projects
None yet
3 participants
@c-w
Copy link
Contributor

commented Jun 25, 2018

Currently we're only checking whether the variables like GOOGLE_ID or MICROSOFT_APP_SECRET are set as environment variables but we aren't validating whether the variables are non-empty. This means that the
server start might be successful but we'll fail later at login time which is harder to debug. This change fixes that behavior and prevents server start if the OAuth variables are set but contain empty values.

Protect against set but empty OAuth variables
Currently we're only checking whether the variables like `GOOGLE_ID` or
`MICROSOFT_APP_SECRET` are set as environment variables but we aren't
validating whether the variables are non-empty. This means that the
server start might be successful but we'll fail later at login time
which is harder to debug. This change fixes that behavior and prevents
server start if the OAuth variables are set but contain empty values.
@c-w

This comment has been minimized.

Copy link
Contributor Author

commented Jun 25, 2018

@liliankasem @cicorias FYI

@colinschoen
Copy link
Member

left a comment

LGTM

@colinschoen colinschoen merged commit ef6af87 into okpy:master Jun 25, 2018

0 of 2 checks passed

ci/circleci Your tests are queued behind your running builds
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details

@c-w c-w deleted the c-w:bug/c-w/protect-against-empty-oauth-variables branch Jun 25, 2018

colinschoen added a commit that referenced this pull request Jun 26, 2018

Merge branch 'master' into enhancement/colinschoen/ci-integration
* master:
  Protect against set but empty OAuth variables (#1292)
  Fix link to ARM template (#1291)
  increased verbosity
  remove extraneous subtraction (#1289)
  Refactor section console controller (#1288)
@liliankasem

This comment has been minimized.

Copy link
Contributor

commented Jun 26, 2018

@c-w thanks for cleaning up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.