njnu-seafish commented on PR #18384: URL: https://github.com/apache/dolphinscheduler/pull/18384#issuecomment-4831973991
> The frontend checks added in this PR rely on `userStore.getSecurityConfigType`, but the OAuth2/OIDC redirect path only stores the session and userInfo. Because the user store is persisted, a browser that previously logged in with PASSWORD can keep a stale `securityConfigType === 'PASSWORD'`, so OIDC/OAuth2 users may still see enabled create/reset/password UI. The redirect login path should also populate the current security config type before entering the app. The level of thoroughness in this review is outstanding. Really impressive work! Your review is very thorough. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
