njnu-seafish commented on PR #18384:
URL: 
https://github.com/apache/dolphinscheduler/pull/18384#issuecomment-4831973991

   > The frontend checks added in this PR rely on 
`userStore.getSecurityConfigType`, but the OAuth2/OIDC redirect path only 
stores the session and userInfo. Because the user store is persisted, a browser 
that previously logged in with PASSWORD can keep a stale `securityConfigType 
=== 'PASSWORD'`, so OIDC/OAuth2 users may still see enabled 
create/reset/password UI. The redirect login path should also populate the 
current security config type before entering the app.
   
   The level of thoroughness in this review is outstanding. Really impressive 
work!   Your review is very thorough.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to