samson icon indicating copy to clipboard operation
samson copied to clipboard

Published 20 hours ago verified publisher icon zendesk

Github Authentication fails open when misconfigured

Open patrobinson opened this issue 5 years ago • 1 comments

If you misconfigure authentication, say by mis-spelling "GITHUB_ORGANIZATION" or failing to provide this environment variable, then the default is for Samson to allow all Github users to authenticate to it. This doesn't seem like a reasonable default and I believe the authentication should fail closed.

This was raised in #1062 but I'd like to re-iterate the comments there. Opening authentication to all Github users should be an explicit setting, not implicit.

patrobinson avatar Apr 09 '20 03:04 patrobinson

sounds good ... can you make a PR ? ... can just do raise unless ENV['GITHUB_ORGANIZATION'] and require it to be set to all for current behavior 🤷‍♂

grosser avatar Apr 09 '20 03:04 grosser