You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In \Drupal\oe_authentication\Access\ExternalUserAccessCheck::access() there is this piece of code:
if ($this->authMap->getAll($account->id()) === []) {
returnAccessResult::allowed();
}
Using ::getAll() here is wrong because on a system might offer support for multiple external authentication authorities (social media, Github, OpenID, etc.)
Even if limiting the access to those routes could be useful when using other provider/authority, this module should not make assumptions on behalf them.
The text was updated successfully, but these errors were encountered:
In
\Drupal\oe_authentication\Access\ExternalUserAccessCheck::access()there is this piece of code:Using
::getAll()here is wrong because on a system might offer support for multiple external authentication authorities (social media, Github, OpenID, etc.)Even if limiting the access to those routes could be useful when using other provider/authority, this module should not make assumptions on behalf them.
The text was updated successfully, but these errors were encountered: