forked from gitea/gitea
1
0
Fork 0
gitea/modules/context
zeripath 17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-15 17:32:09 +02:00
..
access_log.go Fix access log (#14475) 2021-01-27 18:46:35 +01:00
api.go [refactor] replace int with httpStatusCodes (#15282) 2021-04-05 11:30:52 -04:00
api_org.go Golint fixed for modules/context 2016-11-25 14:53:59 +08:00
api_test.go fix API link header (#7298) 2019-06-26 16:51:32 +08:00
auth.go [refactor] replace int with httpStatusCodes (#15282) 2021-04-05 11:30:52 -04:00
captcha.go Fix captcha (#14488) 2021-01-27 22:56:54 +08:00
context.go Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
csrf.go Add SameSite setting for cookies (#14900) 2021-03-07 08:12:43 +00:00
form.go Move macaron to chi (#14293) 2021-01-26 16:36:53 +01:00
org.go Unified link creation. (#15619) 2021-04-30 19:25:13 +02:00
pagination.go [Feature] add precise search type for Elastic Search (#12869) 2021-01-27 12:00:35 +02:00
permission.go Update docs and comments to remove macaron (#14491) 2021-01-29 16:35:30 +01:00
private.go Update docs and comments to remove macaron (#14491) 2021-01-29 16:35:30 +01:00
repo.go On open repository open common cat file batch and batch-check (#15667) 2021-05-10 03:27:03 +02:00
response.go Stop calling WriteHeader in Write (#15862) 2021-05-14 11:05:50 +03:00
xsrf.go Move macaron to chi (#14293) 2021-01-26 16:36:53 +01:00
xsrf_test.go Move macaron to chi (#14293) 2021-01-26 16:36:53 +01:00