[bug] Only allow connecting to specified connections when array given in config

[mwllgr]

Hello,

I specified a single SMB connection in my configuration:

    "connections": [
        {
            "advanced": false,
            "domain": "FSRV",
            "host": "fsrv",
            "label": "fsrv",
            "path": null,
            "port": 445,
            "share": null,
            "type": "samba"
        }
    ]

This also removes every other connection method from the login form - greatly appreciated for my use case!

However, manipulating the POST request from the login still seems to allow the user to log in on other hosts / IP addresses in the network:

In my example, this didn't work as DNS requests are not allowed inside the network.

In my opinion, when specifying connections in the config, there should be a switch to only allow the specific type-host-combination or a general whitelisting feature to prevent access to other hosts in the network. Right now, I'm dealing with this situation by creating a custom Docker network which is restricted in terms of allowed outgoing traffic/ports.

[mickael-kerjean]

That feature you are using isn't documented for the reason you describe. Also that's one of the many reason why I've made authentication middleware. Once the new frontend is done, that feature will disappear and what you're doing won't be possible at all.

[mwllgr]

Got it, thanks. Already thought of that - any other way to restrict the server the user connects to, @mickael-kerjean?