diff options
author | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-28 21:50:02 +0300 |
---|---|---|
committer | Tuomo Ala-Vannesluoma <tuomoav@gmail.com> | 2018-06-30 22:51:43 +0300 |
commit | a57640fd330cc854b0d48a3b685dd61bec9cf57d (patch) | |
tree | 77342b90e0ccb51ac13c2ea18ed5c07f4b7a8d3d /app.go | |
parent | a0ba5ba1c3397987be7159c7952dfa38da219ab7 (diff) |
Fix not exposing project existence when group is found but project is not
Diffstat (limited to 'app.go')
-rw-r--r-- | app.go | 22 |
1 files changed, 17 insertions, 5 deletions
@@ -95,15 +95,27 @@ func (a *theApp) getHostAndDomain(r *http.Request) (host string, domain *domain. } func (a *theApp) checkAuthenticationIfNotExists(domain *domain.D, w http.ResponseWriter, r *http.Request) bool { - if domain == nil { - // To avoid user knowing if pages exist, we will force user to login and authorize pages - if a.Auth.CheckAuthenticationWithoutProject(w, r) { + if domain == nil || domain.GetID(r) == 0 { + + // Only if auth is supported + if a.Auth.IsAuthSupported() { + + // To avoid user knowing if pages exist, we will force user to login and authorize pages + if a.Auth.CheckAuthenticationWithoutProject(w, r) { + return true + } + + // User is authenticated, show the 404 + httperrors.Serve404(w) return true } - // User is authenticated, show the 404 + } + + // Without auth, fall back to 404 + if domain == nil { httperrors.Serve404(w) - return true } + return false } |