Make warden available across entire application #19017
Merged
+29
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NobodysNightmare
force-pushed
the
global-warden
branch
from
25c98df to
6710373
Compare
This will be required to use warden for our SCIM endpoints as well,
which are implemented in rails controllers. Since Rails controllers do
not support mounting rack middlewares partially (the way that e.g. Grape does),
the mounting of warden needed to be moved.
This was not super straight-forward, because of load order issues:
* Requiring a Rails middleware must be done before initialization finished
* Our warden config was so far done _after_ initialization
* static_routes were defined in lib, which is automatically reloaded,
but auto-reloading code is not allowed during initialization
* lib_static which is autoloaded_once is fine during init,
this is also where the rest of warden authentication is defined
Additionally warden was configured to not handle HTTP 401 responses generated
by the upstream app itself. Warden will only be responsible for its own authentication
failures and it's still possible to invoke the warden failure app by throwing the :warden
symbol, but the application keeps its capability of responding with custom 401 responses.
NobodysNightmare
force-pushed
the
global-warden
branch
from
6710373 to
7c97803
Compare
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This will be required to use warden for our SCIM endpoints as well, which are implemented in rails controllers. Since Rails controllers do not support mounting rack middlewares partially (the way that e.g. Grape does), the mounting of warden needed to be moved.
This was not super straight-forward, because of load order issues:
Additionally warden was configured to not handle HTTP 401 responses generated by the upstream app itself. Warden will only be responsible for its own authentication failures and it's still possible to invoke the warden failure app by throwing the :warden symbol, but the application keeps its capability of responding with custom 401 responses.
Ticket
This will enable implementation of https://community.openproject.org/wp/62592