diff options
author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-21 22:22:11 +0300 |
---|---|---|
committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-08-21 22:22:11 +0300 |
commit | 036f5bd5f519d54a502ae44e966e6c5dbcefc315 (patch) | |
tree | aa08398d16db8533ba6bddbb28db91ac69b30722 | |
parent | f6edf4e90517c8ba0ffa3190f0b9db537f5f0e1b (diff) |
Make private projects not accessible if auth is not configured
-rw-r--r-- | acceptance_test.go | 4 | ||||
-rw-r--r-- | internal/auth/auth.go | 4 |
2 files changed, 5 insertions, 3 deletions
diff --git a/acceptance_test.go b/acceptance_test.go index 31f4e3e5..23abad5d 100644 --- a/acceptance_test.go +++ b/acceptance_test.go @@ -576,7 +576,7 @@ func TestKnownHostInReverseProxySetupReturns200(t *testing.T) { } } -func TestWhenAuthIsDisabledPrivateIsAccessible(t *testing.T) { +func TestWhenAuthIsDisabledPrivateIsNotAccessible(t *testing.T) { skipUnlessEnabled(t) teardown := RunPagesProcess(t, *pagesBinary, listeners, "", "") defer teardown() @@ -585,7 +585,7 @@ func TestWhenAuthIsDisabledPrivateIsAccessible(t *testing.T) { require.NoError(t, err) rsp.Body.Close() - assert.Equal(t, http.StatusOK, rsp.StatusCode) + assert.Equal(t, http.StatusInternalServerError, rsp.StatusCode) } func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { diff --git a/internal/auth/auth.go b/internal/auth/auth.go index f8524405..8b0396d4 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -427,7 +427,9 @@ func (a *Auth) CheckAuthenticationWithoutProject(w http.ResponseWriter, r *http. func (a *Auth) CheckAuthentication(w http.ResponseWriter, r *http.Request, projectID uint64) bool { if a == nil { - return false + log.Debug("Authentication is not configured") + httperrors.Serve500(w) + return true } session, err := a.checkSession(w, r) |