llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-22 18:25:47 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bugs in Apple OAuth login path

Browse Source
This commit is contained in:
Yang Luo 2023-10-31 22:36:56 +08:00
parent b285144a64
commit 140737b2f6
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authz/authz.go
View File

@ -147,7 +147,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
if method == "POST" {
if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
return true
} else if urlPath == "/api/update-user" {
// Allow ordinary users to update their own information

4
object/check.go
View File

@ -351,8 +351,8 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
}
func CheckLoginPermission(userId string, application *Application) (bool, error) {
var err error
if userId == "built-in/admin" {
owner, _ := util.GetOwnerAndNameFromId(userId)
if owner == "built-in" {
return true, nil
}

5
routers/cors_filter.go
View File

@ -51,6 +51,11 @@ func CorsFilter(ctx *context.Context) {
return
}
if originHostname == "appleid.apple.com" {
setCorsHeaders(ctx, origin)
return
}
if ctx.Request.Method == "POST" && ctx.Request.RequestURI == "/api/login/oauth/access_token" {
setCorsHeaders(ctx, origin)
return