Authentication is broken in v4.0.0
makuko opened this issue · 1 comments
makuko commented
In the latest commit in protected-routes.handler.ts the following else if block was introduced:
} else if (AdminRouter.routes.find((r) => r.action === 'bundleComponents')) {
return;
It breaks authentication and AdminJS is accessible without login. After removing it everything works as expected again. A minimal installation following the docs is enough to reproduce the issue.
makuko commented
I did some further investigation. The condition AdminRouter.routes.find((r) => r.action === 'bundleComponents') will always be true because the route always exists. It should be changed to
request.url.match(AdminRouter.routes.find((r) => r.action === 'bundleComponents').path) to only be true when the bundle is requested.