diff options
Diffstat (limited to 'app/middleware/auth.go')
-rw-r--r-- | app/middleware/auth.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/app/middleware/auth.go b/app/middleware/auth.go index 58b10a7..7cef4d7 100644 --- a/app/middleware/auth.go +++ b/app/middleware/auth.go | |||
@@ -187,6 +187,13 @@ func (m *AuthenticationMiddleware) HandleCompleteLogin(c echo.Context) error { | |||
187 | return echo.ErrUnauthorized | 187 | return echo.ErrUnauthorized |
188 | } | 188 | } |
189 | 189 | ||
190 | // Service users should only be allowed to submit self-signed JWTs. A | ||
191 | // service user should never be able to use GitHub auth. | ||
192 | if dbUser.IsService { | ||
193 | c.Logger().Errorf("Service user %s attempted to use GitHub auth", user) | ||
194 | return echo.ErrUnauthorized | ||
195 | } | ||
196 | |||
190 | jwt, sk, err := m.JWTManager.CreateForUser(dbUser) | 197 | jwt, sk, err := m.JWTManager.CreateForUser(dbUser) |
191 | if err != nil { | 198 | if err != nil { |
192 | return echo.ErrInternalServerError | 199 | return echo.ErrInternalServerError |