[GH-ISSUE #2488] Password protection not enforced in Authentication Methods #10935

New Issue

Closed

opened 2026-05-06 15:35:49 -05:00 by GiteaMirror · 2 comments

GiteaMirror commented 2026-05-06 15:35:49 -05:00

Owner

Copy Link

Originally created by @jtechbyte on GitHub (Feb 16, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2488

Describe the Bug

When configuring password protection under the Authentication Methods section in Pangolin, the security layer is not being enforced.

After assigning a password to protect a resource, the application does not prompt for authentication and allows access without requiring the configured credentials.

Environment

• OS Type & Version: (e.g., Ubuntu 22.04)
• Pangolin Version: 1.15.4
• Gerbil Version: 1.3.0
• Traefik Version: 3.6.8
• Newt Version: 1.9.0
• Olm Version: (if applicable)

To Reproduce

1. Navigate to Authentication Methods.
2. Assign password protection to a resource.
3. Attempt to access the protected resource.
4. Observe that no authentication is required

Expected Behavior

Once password protection is enabled and configured, users should be required to authenticate before gaining access to the protected resource.

Originally created by @jtechbyte on GitHub (Feb 16, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2488 ### Describe the Bug When configuring password protection under the Authentication Methods section in Pangolin, the security layer is not being enforced. After assigning a password to protect a resource, the application does not prompt for authentication and allows access without requiring the configured credentials. ### Environment - OS Type & Version: (e.g., Ubuntu 22.04) - Pangolin Version: 1.15.4 - Gerbil Version: 1.3.0 - Traefik Version: 3.6.8 - Newt Version: 1.9.0 - Olm Version: (if applicable) ### To Reproduce 1. Navigate to Authentication Methods. 2. Assign password protection to a resource. 3. Attempt to access the protected resource. 4. Observe that no authentication is required ### Expected Behavior Once password protection is enabled and configured, users should be required to authenticate before gaining access to the protected resource.

GiteaMirror closed this issue 2026-05-06 15:35:50 -05:00

GiteaMirror commented 2026-05-06 15:35:51 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Feb 25, 2026):

You likely already have a session. Try clearing the cookies or using incognito. I am unable to reproduce.

<!-- gh-comment-id:3961742504 --> @miloschwartz commented on GitHub (Feb 25, 2026): You likely already have a session. Try clearing the cookies or using incognito. I am unable to reproduce.

GiteaMirror commented 2026-05-06 15:35:51 -05:00

Author

Owner

Copy Link

@jtechbyte commented on GitHub (Feb 25, 2026):

Yeah I tried external browsers and I still get the login screen without the
extra layer of protection.

On Wed, Feb 25, 2026 at 3:09 PM Milo Schwartz @.***>
wrote:

Closed #2488 https://github.com/fosrl/pangolin/issues/2488 as completed.

—
Reply to this email directly, view it on GitHub
https://github.com/fosrl/pangolin/issues/2488#event-23080440144, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AAR74TAWLR5YR2DCOHTLEJ34NX6QDAVCNFSM6AAAAACVJSF3QKVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMRTGA4DANBUGAYTINA
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:3961933068 --> @jtechbyte commented on GitHub (Feb 25, 2026): Yeah I tried external browsers and I still get the login screen without the extra layer of protection. On Wed, Feb 25, 2026 at 3:09 PM Milo Schwartz ***@***.***> wrote: > Closed #2488 <https://github.com/fosrl/pangolin/issues/2488> as completed. > > — > Reply to this email directly, view it on GitHub > <https://github.com/fosrl/pangolin/issues/2488#event-23080440144>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAR74TAWLR5YR2DCOHTLEJ34NX6QDAVCNFSM6AAAAACVJSF3QKVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMRTGA4DANBUGAYTINA> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/fast-xml-builder-1.2.0

dependabot/npm_and_yarn/axios-1.15.2

s3

dependabot/npm_and_yarn/next-intl-4.9.2

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3-s.2

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#10935