Skip to content

Comments

Upgrade to OmniAuth CAS 3.x#20

Merged
awilfox merged 1 commit intomainfrom
awilfox/AP-270-cas
Feb 19, 2026
Merged

Upgrade to OmniAuth CAS 3.x#20
awilfox merged 1 commit intomainfrom
awilfox/AP-270-cas

Conversation

@awilfox
Copy link
Member

@awilfox awilfox commented Feb 13, 2026

  • Display button on UnauthorizedError instead of redirecting to login.

  • Use ForbiddenError instead of redirecting to login when a user that is not an admin tries to access an admin page in the section for ref cards/stack passes.

  • Update specs.

Potential TODOs:

  • How do we want the button to look? Right now it's a plain button, and could probably use a bit of style.
  • Is my change of using Forbidden when a non-admin user tries to access admin pages for the ref card/stack pass the correct way to go? It feels weird to ask them to log in again when they're already logged in, just not as an admin user. (Is this for shared computers, perhaps? That would … almost make sense.)

@awilfox awilfox self-assigned this Feb 13, 2026
@awilfox
Copy link
Member Author

awilfox commented Feb 13, 2026

Example of what the login button looks like right now:

Screenshot 2026-02-12 at 19 20 08

davezuckerman
davezuckerman reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

@davezuckerman davezuckerman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me as far as the code goes. As for the questions.

I think the current button looks fine (maybe a bit boring) but I don't have a great artistic eye for that kind of stuff.

For the question about a user being logged in but not being an admin. It seems correct to raise the forbidden error. Even if it's a shared computer they should still be logging in as themself right?

yzhoubk
yzhoubk reviewed Feb 13, 2026
View reviewed changes
Copy link
Contributor

@yzhoubk yzhoubk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good on my local and the workflow makes sense. Admin page looks solid, would be nice to get Jesse's thoughts too.

anarchivist
anarchivist approved these changes Feb 17, 2026
View reviewed changes
Copy link
Member

@anarchivist anarchivist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

r+.

fwiw, in avplayer, we styled the login button as a link - not sure that's the right case here, but we could argue that it's consistent.

jason-raitz
jason-raitz approved these changes Feb 18, 2026
View reviewed changes
Copy link
Contributor

@jason-raitz jason-raitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

@awilfox
Upgrade to OmniAuth CAS 3.x
2dbb9ee 
* Display button on `UnauthorizedError` instead of redirecting to login.

* Use `ForbiddenError` instead of redirecting to login when a user
  that is not an admin tries to access an admin page in the section
  for ref cards/stack passes.

* Update specs.
@awilfox awilfox merged commit 2dbb9ee into main Feb 19, 2026
5 checks passed
@awilfox awilfox deleted the awilfox/AP-270-cas branch February 19, 2026 16:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anarchivist anarchivist anarchivist approved these changes

@davezuckerman davezuckerman davezuckerman approved these changes

@yzhoubk yzhoubk yzhoubk approved these changes

@jason-raitz jason-raitz jason-raitz approved these changes

@steve-sullivan steve-sullivan Awaiting requested review from steve-sullivan

Assignees

@awilfox awilfox

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@awilfox @anarchivist @davezuckerman @yzhoubk @jason-raitz