SOLVED Feat: Only allow authenticated users
-
The preview and also other related issues like thumbnails is fixed with latest package version.
I was not able to reproduce the missing username login field issue. Do you have any more information on this? Maybe in some cases we hit some caching issue or so?I also fixed an issue with the favicon in the settings dialog now. Still if too large images or unsupported formats are uploaded, they are just accepted and will thus result in missing favicons for now.
-
No, I don't think its a caching thing as I am always trying the login form in an incognito session. This is with v5.13.3:
Settings:
Under access control in Cloudron I have set
Allow all users from this Cloudron. -
@fbartels oh! after looking at your instance itself I found the bug. You probably have the combination of access restriction and no public folder listing, in which case I missed to remove a token check. Will fix in a bit.
-
@nebulon ah yes, that seems to be it. once I enabled public listing the login form did show the title and field for the username.
Thanks
-
@fbartels Ok this should be fixed with the latest package release now. Thanks for all the testing and reporting!
-
@nebulon said in Feat: Only allow authenticated users:
Thanks for all the testing and reporting!
I asked for the feature, it was the least I could do
-
I am trying this out and have a few issues.
Enabling the public folder listing and setting access to user restricted, should not list the content until a user is logged in.
If I open the site in a new tab, it lists the files and shows a login button. Not expected.
If I open an incognito tab, it opens to a login page. As expected.
So the new tab should either give me a login page, or tell me I am logged in, if a browser session is being used to display the file listing.
-
@robi can you explain the "Not expected" case a bit further. Which and where do you see a login screen? (The login button in the public folder listing on the top right will always be there, if that is what you mean)
-
@nebulon expectation is to not get a listing and a login prompt.
since I did, that means the session is being reused and I am logged in, yet the button shows as I am not logged in.
So maybe the fix here is to detect login state and adjust the button accordingly; perhaps a logout instead.
-
Right, since you have the access token in this case in a new tab simply in the local storage, the session is refreshed and you see the files. I will fixup the login state/login button to show somethign like "Admin Dashboard" or so.
