List user plug before auth

We should not allow someone to list apps if they don't have a user.
livebook-dev · Oct 17, 2023 · 7c7d8c1 · 7c7d8c1
1 parent 9e8c6ec
commit 7c7d8c1
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/lib/livebook_web/router.ex b/lib/livebook_web/router.ex
@@ -22,8 +22,10 @@ defmodule LivebookWeb.Router do
   end
 
   pipeline :auth do
-    plug LivebookWeb.AuthPlug
+    # If identity provider is enabled and we don't have access
+    # we don't want to show Livebook's authentication
     plug LivebookWeb.UserPlug
+    plug LivebookWeb.AuthPlug
   end
 
   pipeline :user do
@@ -141,7 +143,7 @@ defmodule LivebookWeb.Router do
   end
 
   scope "/authenticate", LivebookWeb do
-    pipe_through :browser
+    pipe_through [:browser, :user]
 
     get "/", AuthController, :index
     post "/", AuthController, :authenticate