do not reauth if we are already logged in

2024-09-03 20:06:27 +02:00 · 2020-05-21 22:56:52 +02:00 · 2020-05-21 22:56:52 +02:00 · 720e35df4e
commit 720e35df4e
parent 24b3f7dc3a
1 changed files with 18 additions and 16 deletions
--- a/access.lua
+++ b/access.lua
@ -249,25 +249,27 @@ end
 -- via cURL for example.
 --

-local auth_header = ngx.req.get_headers()["Authorization"]
+if not is_logged_in then
+    local auth_header = ngx.req.get_headers()["Authorization"]

-if auth_header then
-    _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
-    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
-    user = hlp.authenticate(user, password)
-    if user then
-        logger.debug("User got authenticated through basic auth")
+    if auth_header then
+        _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
+        _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
+        user = hlp.authenticate(user, password)
+        if user then
+            logger.debug("User got authenticated through basic auth")

-        -- If user has no access to this URL, redirect him to the portal
-        if not permission or not hlp.has_access(permission, user) then
-           return hlp.redirect(conf.portal_url)
+            -- If user has no access to this URL, redirect him to the portal
+            if not permission or not hlp.has_access(permission, user) then
+            return hlp.redirect(conf.portal_url)
+            end
+
+            if permission["auth_header"] then
+                logger.debug("Set Headers")
+                hlp.set_headers(user)
+            end
+            return hlp.pass()
        end
-
-        if permission["auth_header"] then
-            logger.debug("Set Headers")
-            hlp.set_headers(user)
-        end
-        return hlp.pass()
    end
 end