Skip to content

Fix: Execute auth backends sequentially to prevent spurious push notifications#137

Merged
anishapant21 merged 2 commits intodevfrom
copilot/fix-push-notification-issue
Feb 13, 2026
Merged

Fix: Execute auth backends sequentially to prevent spurious push notifications#137
anishapant21 merged 2 commits intodevfrom
copilot/fix-push-notification-issue

Conversation

Copy link
Contributor

Copilot AI commented Feb 12, 2026
edited
Loading

Auth backends were executing in parallel via Promise.all(), causing all providers to fire regardless of earlier failures. With AUTH_BACKENDS=sql,notification, incorrect passwords triggered push notifications because the notification provider ran before the password check completed.

Changes

LdapEngine.js - Sequential execution with early termination

// Before: All providers execute in parallel
return Promise.all(
  this.authProviders.map(provider => provider.authenticate(username, password, req))
).then(authResults => {
  const isAuthenticated = authResults.every(result => result === true);
  // ...
});

// After: Sequential execution, stop on first failure
const authenticateSequentially = async () => {
  for (const provider of this.authProviders) {
    const result = await provider.authenticate(username, password, req);
    if (result !== true) {
      return false;
    }
  }
  return true;
};

Test coverage

  • Verifies sequential execution timing (50ms delay between providers)
  • Confirms early termination (notification provider never called on password failure)
  • Validates complete execution when all providers succeed

MockAuthProvider

  • Fixed return type from object to boolean (matches production providers)
Original prompt

This section details on the original issue you should resolve

<issue_title>Incorrect passwords still trigger Push notification</issue_title>
<issue_description>All attempts at authenticating to the LDAP server with a valid username trigger a notification, even those that don't succeed password verification. This makes it look like the password has succeeded but then authentication fails when the Notification is approved. AUTH_BACKENDS should be checked in sequence, not parellel so that any failing backend prevents the next one from firing.</issue_description>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Fix incorrect password notifications for LDAP authentication Fix: Execute auth backends sequentially to prevent spurious push notifications Feb 12, 2026
Copilot AI requested a review from runleveldev February 12, 2026 21:21
@runleveldev
Fix: Execute auth backends sequentially instead of in parallel
ee14939 
- Changed Promise.all() to sequential for-loop in LdapEngine.js
- Backends now execute in order, stopping on first failure
- Added unit tests for sequential execution and early termination
- Fixed MockAuthProvider to return boolean instead of object
- All unit tests passing (68 tests)

Co-authored-by: runleveldev <44057501+runleveldev@users.noreply.github.com>
@runleveldev runleveldev force-pushed the copilot/fix-push-notification-issue branch from 2c87e33 to ee14939 Compare February 12, 2026 21:41
runleveldev
runleveldev approved these changes Feb 12, 2026
View reviewed changes
Copy link
Contributor

@runleveldev runleveldev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@anishapant21 anishapant21 marked this pull request as ready for review February 13, 2026 04:57
@anishapant21 anishapant21 merged commit 767bb26 into dev Feb 13, 2026
5 checks passed
@runleveldev runleveldev deleted the copilot/fix-push-notification-issue branch February 13, 2026 13:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anishapant21 anishapant21 anishapant21 approved these changes

+1 more reviewer

@runleveldev runleveldev runleveldev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@runleveldev runleveldev

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Incorrect passwords still trigger Push notification

3 participants

@runleveldev @anishapant21