troldspejlet/forgejo
troldspejlet/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-09-21 05:25:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
forgejo/modules
History
zeripath 17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login (#15303) 
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-15 17:32:09 +02:00
..
analyze
auth Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
avatar Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
base fix truncate utf8 string (#15828) 2021-05-13 08:50:57 +01:00
cache
charset
context Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
convert Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
cron
csv
doctor Add err to log (#15813) 2021-05-10 20:48:23 +01:00
emoji
eventsource
generate Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
git Fix LFS commit finder not working (#15856) 2021-05-14 14:12:11 +01:00
gitgraph
graceful Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
hcaptcha
highlight Allow custom highlight mapping beyond file extensions (#15808) 2021-05-13 12:31:23 +03:00
httpcache
httplib
indexer Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
lfs
log
markup Fixed individual markdown tests. (#15802) 2021-05-09 15:29:49 +02:00
matchlist
metrics
migrations Close the gitrepo when deleting the repository (#15876) 2021-05-14 21:19:38 +01:00
nosql
notification
options
password
pprof
private Move restore repo to internal router and invoke from command to avoid open the same db file or queues files (#15790) 2021-05-10 15:57:45 +08:00
process
public
queue Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
recaptcha
references Respect default merge message syntax when parsing item references (#15772) 2021-05-09 19:25:23 +01:00
repofiles
repository Set GIT_DIR correctly if it is not set (#15751) 2021-05-07 15:19:09 +02:00
secret Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
session
setting Add mimetype mapping settings (#15133) 2021-05-10 16:38:08 -04:00
ssh
storage
structs Add Active and ProhibitLogin to API (#15689) 2021-05-11 02:22:29 +02:00
svg
sync
task
templates Fix incorrect asset URL (#15805) 2021-05-09 21:03:09 +01:00
test
timeutil
translation
upload
uri
user
util Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
validation
web