[Error] Casbin Permissions Not Working When Auto-login is Enabled
Opened this issue · 0 comments
Xing-Fax commented
Description: When auto-login is enabled in an application, initiating an authorized login from the application login page can bypass the Casbin deny policy, allowing access directly without enforcing the intended restrictions.
Steps to Reproduce:
Enable auto-login in the application, such as in the Nightingale application.
In Casbin, create a new permission and set Nightingale to "deny."
Attempt to initiate an authorized login from the application's login page.
You'll find that the account is logged in automatically without any error message, indicating an issue.
Disable auto-login in the application.
Try logging in again.
This time, an "Unauthorized Access" error appears, which is the expected behavior.