mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
* Fix proposal for bug #285 (YunoHost tile is not displayed when the app is installed on root path) * Fix access to administration page
This commit is contained in:
parent
edb1ea079c
commit
b1a1d55e66
1 changed files with 34 additions and 33 deletions
67
access.lua
67
access.lua
|
@ -281,16 +281,48 @@ if conf["skipped_regex"] then
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
-- 6. Specific files (used in YunoHost)
|
||||||
|
--
|
||||||
|
-- We want to serve specific portal assets right at the root of the domain.
|
||||||
|
--
|
||||||
|
-- For example: `https://mydomain.org/ynhpanel.js` will serve the
|
||||||
|
-- `/yunohost/sso/assets/js/ynhpanel.js` file.
|
||||||
|
--
|
||||||
|
|
||||||
|
if hlp.is_logged_in() then
|
||||||
|
if string.match(ngx.var.uri, "^/ynhpanel.js$") then
|
||||||
|
hlp.serve("/yunohost/sso/assets/js/ynhpanel.js")
|
||||||
|
end
|
||||||
|
if string.match(ngx.var.uri, "^/ynhpanel.css$") then
|
||||||
|
hlp.serve("/yunohost/sso/assets/css/ynhpanel.css")
|
||||||
|
end
|
||||||
|
if string.match(ngx.var.uri, "^/ynhpanel.json$") then
|
||||||
|
hlp.serve("/yunohost/sso/assets/js/ynhpanel.json")
|
||||||
|
end
|
||||||
|
|
||||||
|
-- If user has no access to this URL, redirect him to the portal
|
||||||
|
if not hlp.has_access() then
|
||||||
|
return hlp.redirect(conf.portal_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
-- If the user is authenticated and has access to the URL, set the headers
|
||||||
|
-- and let it be
|
||||||
|
hlp.set_headers()
|
||||||
|
return hlp.pass()
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
--
|
--
|
||||||
-- 6. Unprotected URLs
|
-- 7. Unprotected URLs
|
||||||
--
|
--
|
||||||
-- If the URL matches one of the `unprotected_urls` in the configuration file,
|
-- If the URL matches one of the `unprotected_urls` in the configuration file,
|
||||||
-- it means that the URL should not be protected by the SSO *but* headers have
|
-- it means that the URL should not be protected by the SSO *but* headers have
|
||||||
-- to be sent if the user is already authenticated.
|
-- to be sent if the user is already authenticated.
|
||||||
--
|
--
|
||||||
-- It means that you can let anyone access to an app, but if a user has already
|
-- It means that you can let anyone access to an app, but if a user has already
|
||||||
-- been authenticated on the portal, he can have its authentication headers
|
-- been authenticated on the portal, he can have his authentication headers
|
||||||
-- passed to the app.
|
-- passed to the app.
|
||||||
--
|
--
|
||||||
|
|
||||||
|
@ -321,37 +353,6 @@ if conf["unprotected_regex"] then
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
--
|
|
||||||
-- 7. Specific files (used in YunoHost)
|
|
||||||
--
|
|
||||||
-- We want to serve specific portal assets right at the root of the domain.
|
|
||||||
--
|
|
||||||
-- For example: `https://mydomain.org/ynhpanel.js` will serve the
|
|
||||||
-- `/yunohost/sso/assets/js/ynhpanel.js` file.
|
|
||||||
--
|
|
||||||
|
|
||||||
if hlp.is_logged_in() then
|
|
||||||
if string.match(ngx.var.uri, "^/ynhpanel.js$") then
|
|
||||||
hlp.serve("/yunohost/sso/assets/js/ynhpanel.js")
|
|
||||||
end
|
|
||||||
if string.match(ngx.var.uri, "^/ynhpanel.css$") then
|
|
||||||
hlp.serve("/yunohost/sso/assets/css/ynhpanel.css")
|
|
||||||
end
|
|
||||||
if string.match(ngx.var.uri, "^/ynhpanel.json$") then
|
|
||||||
hlp.serve("/yunohost/sso/assets/js/ynhpanel.json")
|
|
||||||
end
|
|
||||||
|
|
||||||
-- If user has no access to this URL, redirect him to the portal
|
|
||||||
if not hlp.has_access() then
|
|
||||||
return hlp.redirect(conf.portal_url)
|
|
||||||
end
|
|
||||||
|
|
||||||
-- If the user is authenticated and has access to the URL, sen the headers
|
|
||||||
-- and let it be
|
|
||||||
hlp.set_headers()
|
|
||||||
return hlp.pass()
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
--
|
--
|
||||||
-- 8. Basic HTTP Authentication
|
-- 8. Basic HTTP Authentication
|
||||||
|
|
Loading…
Reference in a new issue