fix: only use groups in OAuth

2025-10-28 12:45:47 +00:00 · 2025-05-01 22:00:37 +03:00
parent 5278fbea68
commit a98a91a394
3 changed files with 68 additions and 46 deletions
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -70,7 +70,7 @@ export const ContinuePage = () => {
        </Button>
        <Button
          fullWidth
-          mt="sm"
+          mt="xs"
          color="gray"
          onClick={() => (window.location.href = "/")}
        >
@@ -110,7 +110,7 @@ export const ContinuePage = () => {
        </Button>
        <Button
          fullWidth
-          mt="sm"
+          mt="xs"
          color="gray"
          onClick={() => (window.location.href = "/")}
        >
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -2,8 +2,9 @@ import { Button, Code, Paper, Text } from "@mantine/core";
 import { Layout } from "../components/layouts/layout";
 import { Navigate } from "react-router";
 import { Trans, useTranslation } from "react-i18next";
-import React from "react";
+import React, { useEffect } from "react";
 import { isValidQuery } from "../utils/utils";
 import { useIsMounted } from "../lib/hooks/use-is-mounted";
 export const UnauthorizedPage = () => {
  const queryString = window.location.search;
@@ -12,13 +13,31 @@ export const UnauthorizedPage = () => {
  const groupErr = params.get("groupErr") ?? "";
  const resource = params.get("resource") ?? "";
  const [isGroupErr, setIsGroupErr] = React.useState(false);
  const useMounted = useIsMounted();
  useEffect(() => {
    if (useMounted()) {
      if (isValidQuery(groupErr)) {
        if (groupErr === "true") {
          setIsGroupErr(true);
          return;
        }
        setIsGroupErr(false);
        return;
      }
      setIsGroupErr(false);
    }
  }, []);
  const { t } = useTranslation();
  if (!isValidQuery(username)) {
    return <Navigate to="/" />;
  }
-  if (isValidQuery(resource) && !isValidQuery(groupErr)) {
+  if (isValidQuery(resource) && !isGroupErr) {
    return (
      <UnauthorizedLayout>
        <Trans
@@ -31,7 +50,7 @@ export const UnauthorizedPage = () => {
    );
  }
-  if (isValidQuery(groupErr) && isValidQuery(resource)) {
+  if (isGroupErr && isValidQuery(resource)) {
    return (
      <UnauthorizedLayout>
        <Trans
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -75,6 +75,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	// Get the container labels
 	labels, err := h.Docker.GetLabels(appId)
 	log.Debug().Interface("labels", labels).Msg("Got labels")
 	// Check if there was an error
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get container labels")
@@ -183,8 +185,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 			return
 		}
-		log.Debug().Interface("labels", labels).Msg("Got labels")
+		// Check groups if using OAuth
-
+		if userContext.OAuth {
 			// Check if user is in required groups
 			groupOk := h.Auth.OAuthGroup(c, userContext, labels)
@@ -232,6 +234,7 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
 				return
 			}
 		}
 		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))