Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-28 04:36:11 +01:00
forgejo/routers
zeripath 17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-15 17:32:09 +02:00
..
admin Close the gitrepo when deleting the repository (#15876) 2021-05-14 21:19:38 +01:00
api/v1 Close the gitrepo when deleting the repository (#15876) 2021-05-14 21:19:38 +01:00
dev [refactor] replace int with httpStatusCodes (#15282) 2021-04-05 11:30:52 -04:00
events Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
org Unified link creation. (#15619) 2021-04-30 19:25:13 +02:00
private Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
repo Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
routes Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
user Fix goth user infer bug (#15821) 2021-05-10 16:31:32 +01:00
utils Clarify the suffices and prefixes of setting.AppSubURL and setting.AppURL (#12999) 2021-02-19 22:36:43 +01:00
home.go [refactor] replace int with httpStatusCodes (#15282) 2021-04-05 11:30:52 -04:00
init.go Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
install.go Move modules/forms to services/forms (#15305) 2021-04-06 20:44:05 +01:00
metrics.go Move metrics from macaron to chi (#13601) 2020-11-17 15:50:06 -05:00
swagger_json.go [refactor] replace int with httpStatusCodes (#15282) 2021-04-05 11:30:52 -04:00