Skip to content

Add corporate_id check to authentication middleware#32

Open
UsamaSadiq wants to merge 1 commit into
foss-sandboxfrom
usama/enforce-corporate-id-auth
Open

Add corporate_id check to authentication middleware#32
UsamaSadiq wants to merge 1 commit into
foss-sandboxfrom
usama/enforce-corporate-id-auth

Conversation

@UsamaSadiq

Copy link
Copy Markdown
Collaborator

Description

Add tenant isolation enforcement to Outline's authentication middleware. When SMB_CORPORATE_ID is configured, the fwd: token path in validateAuthentication() decodes the x-auth-request-access-token JWT payload and verifies that custom:corporate_id matches. Individual (non-corporate) tokens and mismatched corporate tokens are rejected with AuthenticationError.

Enforcement is opt-in: when SMB_CORPORATE_ID is unset, the check is skipped entirely.

Testing

  • Set SMB_CORPORATE_ID=<uuid> in .env
  • Verify matching corporate users can access Outline normally
  • Verify mismatched corporate users get authentication error
  • Verify unset SMB_CORPORATE_ID allows all users (backward compatible)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant