Check skipped_urls before protected_urls

2024-09-03 20:06:27 +02:00 · 2019-12-02 18:13:19 +01:00 · 2019-12-02 18:13:19 +01:00 · 247847a203
commit 247847a203
parent 927edc1c5f
1 changed files with 31 additions and 32 deletions
--- a/access.lua
+++ b/access.lua
@ -254,7 +254,37 @@ end


 --
-- 4. Protected URLs
+-- 4. Skipped URLs
+--
+-- If the URL matches one of the `skipped_urls` in the configuration file,
+-- it means that the URL should not be protected by the SSO and no header
+-- has to be sent, even if the user is already authenticated.
+--
+
+if conf["skipped_urls"] then
+    for _, url in ipairs(conf["skipped_urls"]) do
+        if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
+        or  hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
+        then
+            logger.debug("Skipping "..ngx.var.uri)
+            return hlp.pass()
+        end
+    end
+end
+
+if conf["skipped_regex"] then
+    for _, regex in ipairs(conf["skipped_regex"]) do
+        if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
+        or  match(ngx.var.uri..hlp.uri_args_string(), regex))
+        then
+            logger.debug("Skipping "..ngx.var.uri)
+            return hlp.pass()
+        end
+    end
+end
+
+--
+-- 5. Protected URLs
 --
 -- If the URL matches one of the `protected_urls` in the configuration file,
 -- we have to protect it even if the URL is also set in the `unprotected_urls`.
@ -289,37 +319,6 @@ function is_protected()
    return false
 end

--
-- 5. Skipped URLs
--
-- If the URL matches one of the `skipped_urls` in the configuration file,
-- it means that the URL should not be protected by the SSO and no header
-- has to be sent, even if the user is already authenticated.
--
-
-if conf["skipped_urls"] then
-    for _, url in ipairs(conf["skipped_urls"]) do
-        if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
-        or  hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
-        and not is_protected() then
-            logger.debug("Skipping "..ngx.var.uri)
-            return hlp.pass()
-        end
-    end
-end
-
-if conf["skipped_regex"] then
-    for _, regex in ipairs(conf["skipped_regex"]) do
-        if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or  match(ngx.var.uri..hlp.uri_args_string(), regex))
-        and not is_protected() then
-            logger.debug("Skipping "..ngx.var.uri)
-            return hlp.pass()
-        end
-    end
-end
-
-
 --
 -- 6. Specific files (used in YunoHost)
 --