homelab/dozzle
1
0
Fork 0
mirror of https://github.com/amir20/dozzle.git synced 2026-06-23 04:10:12 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix: if roles changed after a restart of Dozzle, then it resets user session (#4139)

Browse Source
This commit is contained in:
Amir Raminfar
2025-09-23 09:03:07 -07:00
committed by GitHub
parent 395d8641ad
commit fb359cb9d5
3 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/auth/roles.go
+2 -1
View File
@@ -17,8 +17,9 @@ const (
const All = Shell | Actions | Download
// ParseRole parses a comma-separated string of roles and returns the corresponding Role. Default is All for empty input.
func ParseRole(commaValues string) Role {
if commaValues == "" {
if strings.TrimSpace(commaValues) == "" {
return All
}
internal/auth/simple.go
+2 -1
View File
@@ -21,6 +21,7 @@ func NewSimpleAuth(userDatabase UserDatabase, ttl time.Duration) *simpleAuthCont
h := sha256.New()
for _, user := range userDatabase.Users {
h.Write([]byte(user.Password))
h.Write([]byte(user.RolesConfigured))
}
tokenAuth := jwtauth.New("HS256", h.Sum(nil), nil)
@@ -38,7 +39,7 @@ func (a *simpleAuthContext) CreateToken(username, password string) (string, erro
return "", ErrInvalidCredentials
}
claims := map[string]interface{}{"username": user.Username, "email": user.Email, "name": user.Name, "filter": user.Filter, "roles": user.RolesConfigured}
claims := map[string]interface{}{"username": user.Username, "email": user.Email, "name": user.Name, "filter": user.Filter, "roles": user.Roles}
jwtauth.SetIssuedNow(claims)
if a.ttl > 0 {
internal/auth/users.go
+8 -3
View File
@@ -112,6 +112,8 @@ func decodeUsersFromFile(path string) (UserDatabase, error) {
if user.Name == "" {
user.Name = username
}
user.Roles = ParseRole(user.RolesConfigured)
}
return users, nil
@@ -201,15 +203,18 @@ func UserFromContext(ctx context.Context) *User {
email := claims["email"].(string)
name := claims["name"].(string)
containerFilter := container.ContainerLabels{}
roles := All
if filter, ok := claims["filter"].(string); ok {
containerFilter, err = container.ParseContainerFilter(filter)
if err != nil {
log.Fatal().Err(err).Str("filter", filter).Msg("Failed to parse container filter")
}
}
if role, ok := claims["roles"].(string); ok {
roles = ParseRole(role)
roles := None
if r, ok := claims["roles"].(float64); ok {
roles = Role(r)
} else {
log.Warn().Interface("roles", claims["roles"]).Msg("Failed to parse roles from JWT claims")
}
user := newUser(username, email, name, containerFilter, roles)