From 6f86efb594721bc577c56b284f5f2499e563c45c Mon Sep 17 00:00:00 2001 From: Patrick O'Doherty
Date: Mon, 23 May 2016 17:56:15 +0100 Subject: Don't allow wide-open Google or Github configs Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set. --- cmd/cashierd/main.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'cmd/cashierd') diff --git a/cmd/cashierd/main.go b/cmd/cashierd/main.go index e482dde..61461a7 100644 --- a/cmd/cashierd/main.go +++ b/cmd/cashierd/main.go @@ -212,13 +212,17 @@ func main() { var authprovider auth.Provider switch config.Auth.Provider { case "google": - authprovider = google.New(&config.Auth) + authprovider, err = google.New(&config.Auth) case "github": - authprovider = github.New(&config.Auth) + authprovider, err = github.New(&config.Auth) default: log.Fatalln("Unknown provider %s", config.Auth.Provider) } + if err != nil { + log.Fatal(err) + } + ctx := &appContext{ cookiestore: sessions.NewCookieStore([]byte(config.Server.CookieSecret)), authprovider: authprovider, -- cgit v1.2.3