1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-24 15:49:44 +02:00

authConfig persistence bug, session vars bug

This commit is contained in:
Harvey Kandola 2017-04-13 16:22:19 +01:00
parent 585c4468c1
commit 6f98db5c29
8 changed files with 693 additions and 660 deletions

View file

@ -233,3 +233,21 @@ type authData struct {
AuthProvider string `json:"authProvider"`
AuthConfig string `json:"authConfig"`
}
// GetAuthConfig returns installation-wide auth configuration
func GetAuthConfig(w http.ResponseWriter, r *http.Request) {
p := request.GetPersister(r)
if !p.Context.Global {
writeForbiddenError(w)
return
}
org, err := p.GetOrganization(p.Context.OrgID)
if err != nil {
writeForbiddenError(w)
return
}
util.WriteJSON(w, org.AuthConfig)
}

View file

@ -236,6 +236,7 @@ func init() {
log.IfErr(Add(RoutePrefixPrivate, "global/smtp", []string{"PUT", "OPTIONS"}, nil, SaveSMTPConfig))
log.IfErr(Add(RoutePrefixPrivate, "global/license", []string{"GET", "OPTIONS"}, nil, GetLicense))
log.IfErr(Add(RoutePrefixPrivate, "global/license", []string{"PUT", "OPTIONS"}, nil, SaveLicense))
log.IfErr(Add(RoutePrefixPrivate, "global/auth", []string{"GET", "OPTIONS"}, nil, GetAuthConfig))
log.IfErr(Add(RoutePrefixPrivate, "global/auth", []string{"PUT", "OPTIONS"}, nil, SaveAuthConfig))
// Pinned items

View file

@ -165,6 +165,9 @@ func cors(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
w.Header().Set("Access-Control-Expose-Headers", "x-documize-version")
if r.Method == "OPTIONS" {
w.Header().Add("X-Documize-Version", Product.Version)
w.Header().Add("Cache-Control", "no-cache")
if _, err := w.Write([]byte("")); err != nil {
log.Error("cors", err)
}
@ -177,7 +180,6 @@ func cors(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
func metrics(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
w.Header().Add("X-Documize-Version", Product.Version)
w.Header().Add("Cache-Control", "no-cache")
// Prevent page from being displayed in an iframe
w.Header().Add("X-Frame-Options", "DENY")