mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-07-17 15:31:13 +00:00
fix: abstain when OAuth whitelist is empty (#1010)
Co-authored-by: wwhsaber <wwhsaber@foxmail.com>
This commit is contained in:
@@ -43,6 +43,11 @@ func (rule *UserAllowedRule) Evaluate(ctx *ACLContext) Effect {
|
||||
rule.Log.App.Debug().Msg("User is an OAuth user, checking OAuth whitelist")
|
||||
match, err := utils.CheckFilter(ctx.ACLs.OAuth.Whitelist, ctx.UserContext.OAuth.Email)
|
||||
if err != nil {
|
||||
// Empty whitelist means "not configured" — let OAuth group rules decide.
|
||||
if err == utils.ErrFilterEmpty {
|
||||
rule.Log.App.Debug().Msg("OAuth whitelist is empty, abstaining")
|
||||
return EffectAbstain
|
||||
}
|
||||
rule.Log.App.Warn().Err(err).Str("item", ctx.UserContext.OAuth.Email).Msg("Invalid entry in OAuth whitelist")
|
||||
return EffectDeny
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user