Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github Authentication fails open when misconfigured #3767

Open
patrobinson opened this issue Apr 9, 2020 · 1 comment
Open

Github Authentication fails open when misconfigured #3767

patrobinson opened this issue Apr 9, 2020 · 1 comment

Comments

@patrobinson
Copy link
Contributor

If you misconfigure authentication, say by mis-spelling "GITHUB_ORGANIZATION" or failing to provide this environment variable, then the default is for Samson to allow all Github users to authenticate to it.
This doesn't seem like a reasonable default and I believe the authentication should fail closed.

This was raised in #1062 but I'd like to re-iterate the comments there. Opening authentication to all Github users should be an explicit setting, not implicit.
@grosser
Copy link
Contributor

grosser commented Apr 9, 2020

sounds good ... can you make a PR ?
... can just do raise unless ENV['GITHUB_ORGANIZATION'] and require it to be set to all for current behavior 🤷‍♂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grosser @patrobinson