From 10f1c377305fc990e941f41f6132bbd55176c057 Mon Sep 17 00:00:00 2001
From: Gucheng Wang <nomeguy@qq.com>
Date: Fri, 9 Sep 2022 01:53:21 +0800
Subject: [PATCH] Fix 403 bug for /api/login/* APIs

---
 authz/authz.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/authz/authz.go b/authz/authz.go
index ca3991f7..774ce4de 100644
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -15,6 +15,8 @@
 package authz
 
 import (
+	"strings"
+
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v2"
@@ -144,7 +146,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 
 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if urlPath == "/api/login" || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information