Opserver icon indicating copy to clipboard operation
Opserver copied to clipboard

Published 20 hours ago verified publisher icon opserver

Automatically log in for EveryonesAnAdminProvider and EveryonesReadOnlyProvider

Open AlexSikilinda opened this issue 7 years ago • 2 comments

When EveryonesAnAdmin or EveryonesReadOnly is selected as the security provider users are redirected to the login page where they are supposed to type random login/password.

This commit introduces custom view which contains auto-submitted form so that users don't need to login.

AlexSikilinda avatar Sep 04 '17 11:09 AlexSikilinda

This isn't the intent of the "EveryoneIsAnAdmin". A key aspect is you still need to login. Actions should still be traceable to you, including in exceptions, admin operations, etc.

EveryoneIsAnAdmin is also everyone who can log in is an admin, this may or may not be everyone. Such a view breaks that use case (and the intent above).

NickCraver avatar Sep 04 '17 12:09 NickCraver

Was under the impression that EveryonesAnAdminProvider means everyone can login + everyone is an admin, since ValidateUser always returns true:

public class EveryonesAnAdminProvider : SecurityProvider
{
    public override bool IsAdmin => true;

    internal override bool InAdminGroups(ISecurableModule settings) { return true; }
    public override bool InGroups(string groupNames, string accountName) { return true; }
    public override bool ValidateUser(string userName, string password) { return true; } // <-- here
}

But I got your point about authenticating an admin, it's just a little bit confusing that you have to type a random password which actually isn't validated. Maybe the password input should be hidden on the login page, just wondering.

AlexSikilinda avatar Sep 04 '17 14:09 AlexSikilinda