diff --git a/changelog/unreleased/fix-auth-allow-empty-cred-chain.md b/changelog/unreleased/fix-auth-allow-empty-cred-chain.md new file mode 100644 index 0000000000..995c9130a6 --- /dev/null +++ b/changelog/unreleased/fix-auth-allow-empty-cred-chain.md @@ -0,0 +1,8 @@ +Bugfix: Allow an empty credentials chain in the auth middleware + +When running with ocis, all external http-authentication is handled by the proxy +service. So the reva auth middleware should not try to do any basic or +bearer auth. + +https://github.com/cs3org/reva/pull/4241 +https://github.com/owncloud/ocis/issues/6692 diff --git a/internal/http/interceptors/auth/auth.go b/internal/http/interceptors/auth/auth.go index 14027fc348..800fe8408e 100644 --- a/internal/http/interceptors/auth/auth.go +++ b/internal/http/interceptors/auth/auth.go @@ -109,10 +109,6 @@ func New(m map[string]interface{}, unprotected []string, tp trace.TracerProvider conf.TokenManager = "jwt" } - if len(conf.CredentialChain) == 0 { - conf.CredentialChain = []string{"basic", "bearer"} - } - if conf.CredentialsByUserAgent == nil { conf.CredentialsByUserAgent = map[string]string{} } diff --git a/tests/oc-integration-tests/drone/frontend-global.toml b/tests/oc-integration-tests/drone/frontend-global.toml index d8e158e63e..6fd2e2bc72 100644 --- a/tests/oc-integration-tests/drone/frontend-global.toml +++ b/tests/oc-integration-tests/drone/frontend-global.toml @@ -15,6 +15,9 @@ address = "0.0.0.0:20180" [http.middlewares.cors] allow_credentials = true +[http.middlewares.auth] +credential_chain = ["basic"] + [http.services.ocdav] # serve ocdav on the root path prefix = "" diff --git a/tests/oc-integration-tests/drone/frontend.toml b/tests/oc-integration-tests/drone/frontend.toml index a0225c90e9..07679cf736 100644 --- a/tests/oc-integration-tests/drone/frontend.toml +++ b/tests/oc-integration-tests/drone/frontend.toml @@ -16,6 +16,9 @@ address = "0.0.0.0:20080" [http.middlewares.cors] allow_credentials = true +[http.middlewares.auth] +credential_chain = ["basic"] + [http.services.ocdav] # serve ocdav on the root path prefix = "" diff --git a/tests/oc-integration-tests/local/frontend.toml b/tests/oc-integration-tests/local/frontend.toml index 3da4d5bacf..86071204f9 100644 --- a/tests/oc-integration-tests/local/frontend.toml +++ b/tests/oc-integration-tests/local/frontend.toml @@ -23,6 +23,9 @@ address = "0.0.0.0:20080" [http.middlewares.cors] allow_credentials = true +[http.middlewares.auth] +credential_chain = ["basic"] + [http.services.ocdav] # serve ocdav on the root path prefix = ""