Commit cb19bb9c authored by Daniel LACROIX's avatar Daniel LACROIX
Browse files

remove auth from Nginx. clean up the ticket in Etherpad auth

parent d6d5d5ab
......@@ -120,10 +120,6 @@ exports.authenticate = async function (hook_name, context, cb) {
return cb([false]);
}
//TODO Is this needed ?
// // clear any previous invalid credentials
// context.req.session.invalidCredentials = false;
// User authenticated, save off some information needed for authorization
context.req.session.user = {
username: user.uid,
......@@ -131,9 +127,11 @@ exports.authenticate = async function (hook_name, context, cb) {
is_admin: true
};
//TODO Once logged in, remove ticket
// laclasseLogger.info('authenticate: successful authentication', context.req.session.user);
return cb([true]);
// once logged in, redirect to the resource without the ticket
context.res.redirect(getServiceURL(context.req));
//laclasseLogger.info('authenticate: successful authentication', context.req.session.user);
return cb([false]);
}
exports.authFailure = function(hook_name, context, cb) {
......@@ -141,9 +139,8 @@ exports.authFailure = function(hook_name, context, cb) {
const urlParams = new URLSearchParams({ service: getServiceURL(context.req) });
const url = `${baseUrl.toString()}?${urlParams.toString()}`;
//TODO Try to redirect a few times before giving up and showing an error message
if(ticket == null)
context.res.redirect(url);
// redirect to the auth url
context.res.redirect(url);
laclasseLogger.warn('authFailure: Redirect to SSO: ',url);
// signal that we have handled it
......
......@@ -20,36 +20,6 @@ server {
root /usr/share/nginx/html/;
}
location /pads/p {
rewrite /pads/?(.+) /$1 break;
proxy_pass http://localhost:9001/;
proxy_redirect / /pads/;
proxy_buffering off;
auth_request /pads/auth;
auth_request_set $auth_status $upstream_status;
auth_request_set $auth_redirect "$scheme://$host$request_uri";
error_page 401 = /pads/auth_401;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location = /pads/auth {
internal;
proxy_pass $AUTH_URL;
proxy_pass_request_body off;
proxy_pass_request_headers on;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
location = /pads/auth_401 {
return 302 "/sso/login?ticket=false&service=$auth_redirect";
}
# Relocate root url
location /pads/ {
rewrite /pads/?(.+) /$1 break;
......@@ -61,7 +31,6 @@ server {
proxy_set_header Connection "Upgrade";
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment