feat: enable custom providers by default (#2427)

cemalkilic · web-flow · commit 291cdad62dd3 · 2026-03-17T08:35:56.000-07:00
enable custom providers by default
diff --git a/Makefile b/Makefile
@@ -61,7 +61,7 @@ check-gosec:
 		|| go install github.com/securego/gosec/v2/cmd/gosec@latest
 
 vulncheck: check-govulncheck # Check for known vulnerabilities
-	govulncheck $(CHECK_FILES)
+	govulncheck -format json $(CHECK_FILES) | go run ./hack/vulncheck-filter
 
 check-govulncheck:
 	@command -v govulncheck >/dev/null 2>&1 \
diff --git a/hack/vulncheck-filter/main.go b/hack/vulncheck-filter/main.go
@@ -0,0 +1,61 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+)
+
+// Vulnerabilities with no upstream fix — remove entries once fixed.
+var ignore = map[string]string{
+	"GO-2026-4518": "pgproto3/v2 DoS, no fix available (EOL). Transitive via pgconn v1 + pop/v6.",
+}
+
+type message struct {
+	Finding *struct {
+		OSV *struct {
+			ID string `json:"id"`
+		} `json:"osv"`
+	} `json:"finding"`
+}
+
+func main() {
+	dec := json.NewDecoder(os.Stdin)
+
+	var unignored []string
+	seen := make(map[string]bool)
+	for {
+		var m message
+		if err := dec.Decode(&m); err != nil {
+			if err == io.EOF {
+				break
+			}
+			// govulncheck JSON stream may contain objects we don't care about; skip decode errors
+			continue
+		}
+		if m.Finding == nil {
+			continue
+		}
+		if m.Finding.OSV == nil {
+			continue
+		}
+		id := m.Finding.OSV.ID
+		if seen[id] {
+			continue
+		}
+		seen[id] = true
+
+		if reason, ok := ignore[id]; ok {
+			fmt.Fprintf(os.Stderr, "ignoring %s: %s\n", id, reason)
+		} else {
+			fmt.Fprintf(os.Stderr, "ERROR: %s (not in ignore list)\n", id)
+			unignored = append(unignored, id)
+		}
+	}
+
+	if len(unignored) > 0 {
+		fmt.Fprintf(os.Stderr, "\n%d unignored vulnerability(ies) found\n", len(unignored))
+		os.Exit(1)
+	}
+}
diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -87,7 +87,7 @@ type AnonymousProviderConfiguration struct {
 
 // CustomOAuthConfiguration holds configuration for custom OAuth and OIDC providers
 type CustomOAuthConfiguration struct {
-	Enabled      bool `json:"enabled" split_words:"true" default:"false"`
+	Enabled      bool `json:"enabled" split_words:"true" default:"true"`
 	MaxProviders int  `json:"max_providers" split_words:"true" default:"0"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ type AnonymousProviderConfiguration struct {`
`87`	`87`
`88`	`88`	`// CustomOAuthConfiguration holds configuration for custom OAuth and OIDC providers`
`89`	`89`	`type CustomOAuthConfiguration struct {`
`90`		- Enabled bool `json:"enabled" split_words:"true" default:"false"`
	`90`	+ Enabled bool `json:"enabled" split_words:"true" default:"true"`
`91`	`91`	MaxProviders int `json:"max_providers" split_words:"true" default:"0"`
`92`	`92`	`}`
`93`	`93`