Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New admin setting to redirect unauthorized guests to login provider #6335

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

pofallon
Copy link

When the administrator has chosen to bypass the login screen, this change will take an unauthorized guest user to the login provider for any link, not just the home page. This should provide a solution for several feedback items, such as:

https://feedback.js.wiki/wiki/p/bypass-login-screen-option-should-apply-to-deep-links (mine! 😄)
https://feedback.js.wiki/wiki/p/login-auto-redirect
https://feedback.js.wiki/wiki/p/skip-unauthorized-screen-for-private-wikis

Steps to recreate (in a dev instance):

  1. Create a /subpage as a secondary page (in addition to the homepage)
  2. Remove all read access to guests in the admin section
  3. Choose "Bypass Login Screen" in the Security area of the admin section
  4. Log out (or open a private browsing window)
  5. Navigate directly to the newly created /subpage -- it should send you to the login screen instead of returning an 'Unauthorized' error.

If there's a different way you'd prefer this implemented, I'm happy to help!

@auto-assign auto-assign bot requested a review from NGPixel April 10, 2023 02:17
@pofallon pofallon changed the title Always redirect to login provider when autoLogin is set Always redirect unauthorized guests to login provider when autoLogin is set Apr 10, 2023
@NGPixel
Copy link
Member

NGPixel commented May 4, 2023

That's not what WIKI.config.auth.autoLogin is for and using it for this purpose would be an unexpected behavior. A new setting specific to this feature would be better suited.

@pofallon pofallon changed the title Always redirect unauthorized guests to login provider when autoLogin is set New admin setting to redirect unauthorized guests to login provider May 8, 2023
@pofallon
Copy link
Author

pofallon commented May 8, 2023

Thanks @NGPixel, your comment makes complete sense. The above commits add a new admin switch to enable this functionality (as you suggested). However, there's currently no label or hint in the v-switch (I've moved and commented them out) because without those properties present in the localization config the switch doesn't work (but it does work with them moved out of the way).

I've also submitted a PR to the localization project to add the suggested label and hint properties.

Thanks!

@NGPixel NGPixel added under review Acknowledged, awaiting further review and removed needs-work labels May 12, 2023
@pofallon
Copy link
Author

Hello! Just checking in on this -- let me know if there's anything I can do to help with the review. Thanks!

@PaulD987
Copy link
Contributor

FYI this sounds very like a PR I put in a couple of years back #3786 which was never approved.. if this is approved then that PR should be closed/rejected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
under review Acknowledged, awaiting further review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants