Skip to content

fix(authentication): feature should be disabled by default #8951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
klesh merged 1 commit into from
Jun 25, 2026
+10 −9
Merged

fix(authentication): feature should be disabled by default #8951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions backend/helpers/oidchelper/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,11 +88,11 @@ func (c *Config) ProviderNames() []string {
}

// LoadConfig reads auth env vars via Viper and validates required fields.
// AUTH_ENABLED defaults to true unless it is explicitly set to false.
// AUTH_ENABLED defaults to false unless it is explicitly set to true.
func LoadConfig(basicRes context.BasicRes) (*Config, error) {
cfg := basicRes.GetConfigReader()

authEnabled := true
authEnabled := false
if cfg.IsSet("AUTH_ENABLED") {
authEnabled = cfg.GetBool("AUTH_ENABLED")
}
Expand Down
7 changes: 4 additions & 3 deletions backend/helpers/oidchelper/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,15 +105,15 @@ func (b basicResStub) ReplaceLogger(log.Logger) corectx.BasicRes {
}
func (b basicResStub) GetDal() dal.Dal { return nil }

func TestLoadConfigDefaultsAuthEnabled(t *testing.T) {
func TestLoadConfigDefaultsAuthDisabled(t *testing.T) {
v := viper.New()

cfg, err := LoadConfig(basicResStub{cfg: v})
if err != nil {
t.Fatalf("LoadConfig returned error: %v", err)
}
if !cfg.AuthEnabled {
t.Fatal("AuthEnabled should default to true when AUTH_ENABLED is unset")
if cfg.AuthEnabled {
t.Fatal("AuthEnabled should default to false when AUTH_ENABLED is unset")
}
if cfg.OIDCEnabled {
t.Fatal("OIDCEnabled should default to false")
Expand All @@ -125,6 +125,7 @@ func TestLoadConfigDefaultsAuthEnabled(t *testing.T) {

func TestLoadConfigRequiresSessionSecretForOIDC(t *testing.T) {
v := viper.New()
v.Set("AUTH_ENABLED", true)
v.Set("OIDC_ENABLED", true)

if _, err := LoadConfig(basicResStub{cfg: v}); err == nil {
Expand Down
8 changes: 4 additions & 4 deletions env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,10 @@ ENABLE_SUBTASKS_BY_DEFAULT="jira:collectIssueChangelogs:true,jira:extractIssueCh
##########################
# OIDC / Authentication
##########################
# Master switch. Auth is enabled by default; set false only for isolated local
# development. When enabled without OIDC, DevLake accepts API keys for /rest/*
# and can trust X-Forwarded-User from an upstream proxy.
AUTH_ENABLED=true
# Master switch. Auth is disabled by default; set true to require
# authentication. When enabled without OIDC, DevLake accepts API keys for
# /rest/* and can trust X-Forwarded-User from an upstream proxy.
AUTH_ENABLED=false

# OIDC user login. Requires AUTH_ENABLED=true.
OIDC_ENABLED=false
Expand Down
Loading