forked from gitea/gitea
Skip SSPI authentication attempts for /api/internal (#12556)
* Skip SSPI authentication attempts for /api/internal SSPI fails badly on authentication attempts to /api/internal which it can never succesfully authenticate. Fix #11260 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update oauth2.go Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
parent
d4e35b9dc6
commit
b78448e94e
|
@ -121,7 +121,7 @@ func (o *OAuth2) VerifyAuthData(ctx *macaron.Context, sess session.Store) *model
|
|||
return nil
|
||||
}
|
||||
|
||||
if !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
|
||||
if isInternalPath(ctx) || !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -100,6 +100,11 @@ func isAPIPath(ctx *macaron.Context) bool {
|
|||
return strings.HasPrefix(ctx.Req.URL.Path, "/api/")
|
||||
}
|
||||
|
||||
// isInternalPath returns true if the specified URL is an internal API path
|
||||
func isInternalPath(ctx *macaron.Context) bool {
|
||||
return strings.HasPrefix(ctx.Req.URL.Path, "/api/internal/")
|
||||
}
|
||||
|
||||
// isAttachmentDownload check if request is a file download (GET) with URL to an attachment
|
||||
func isAttachmentDownload(ctx *macaron.Context) bool {
|
||||
return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET"
|
||||
|
|
|
@ -148,6 +148,8 @@ func (s *SSPI) shouldAuthenticate(ctx *macaron.Context) (shouldAuth bool) {
|
|||
} else if ctx.Req.FormValue("auth_with_sspi") == "1" {
|
||||
shouldAuth = true
|
||||
}
|
||||
} else if isInternalPath(ctx) {
|
||||
shouldAuth = false
|
||||
} else if isAPIPath(ctx) || isAttachmentDownload(ctx) {
|
||||
shouldAuth = true
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue