forgejo/modules
zeripath 17c5c654a5
Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Prevent double-login for Git HTTP and LFS and simplify login

There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.

This duplicated code had individual inconsistencies that were not
helpful and caused confusion.

This PR does the following:

* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.

* add test

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-05-15 17:32:09 +02:00
..
analyze Speed up enry.IsVendor (#15213) 2021-04-01 19:41:09 +02:00
auth Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
avatar Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
base fix truncate utf8 string (#15828) 2021-05-13 08:50:57 +01:00
cache [Vendor] Update go-redis to v8.5.0 (#13749) 2021-02-10 21:28:32 +00:00
charset Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
context Prevent double-login for Git HTTP and LFS and simplify login (#15303) 2021-05-15 17:32:09 +02:00
convert Fix individual tests (addition to #15802) (#15818) 2021-05-12 00:13:42 -04:00
cron add cron job to delete old actions from database (#15688) 2021-05-01 14:17:02 +02:00
csv Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
doctor Add err to log (#15813) 2021-05-10 20:48:23 +01:00
emoji Fix several render issues (#14986) 2021-03-16 00:20:05 +01:00
eventsource Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
generate Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
git Fix LFS commit finder not working (#15856) 2021-05-14 14:12:11 +01:00
gitgraph Fix bug on commit graph (#15517) 2021-04-17 10:27:25 +01:00
graceful Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Allow custom highlight mapping beyond file extensions (#15808) 2021-05-13 12:31:23 +03:00
httpcache Add ETag header (#15370) 2021-04-12 10:49:26 -04:00
httplib fix webhook timeout bug (#15613) 2021-04-25 21:48:12 +03:00
indexer Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
lfs Fix lfs management find (#15537) 2021-04-21 18:31:59 +02:00
log Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
markup Fixed individual markdown tests. (#15802) 2021-05-09 15:29:49 +02:00
matchlist Add Allow-/Block-List for Migrate & Mirrors (#13610) 2020-11-28 19:37:58 -05:00
metrics Prometheus endpoint (#5256) 2018-11-04 22:20:00 -05:00
migrations Close the gitrepo when deleting the repository (#15876) 2021-05-14 21:19:38 +01:00
nosql Fix setting redis db path (#15698) 2021-05-03 13:24:24 -04:00
notification Refactor renders (#15175) 2021-04-19 18:25:08 -04:00
options Add StatDir and replace com.StatDir (#14099) 2020-12-22 07:40:57 +08:00
password Check passwords against HaveIBeenPwned (#12716) 2020-09-08 17:06:39 -05:00
pprof Add golangci (#6418) 2019-06-12 15:41:28 -04:00
private Move restore repo to internal router and invoke from command to avoid open the same db file or queues files (#15790) 2021-05-10 15:57:45 +08:00
process Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
public add /assets as root dir of public files (#15219) 2021-04-28 12:35:06 +00:00
queue Multiple Queue improvements: LevelDB Wait on empty, shutdown empty shadow level queue, reduce goroutines etc (#15693) 2021-05-15 16:22:26 +02:00
recaptcha Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
references Respect default merge message syntax when parsing item references (#15772) 2021-05-09 19:25:23 +01:00
repofiles Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
repository Set GIT_DIR correctly if it is not set (#15751) 2021-05-07 15:19:09 +02:00
secret Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
session Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
setting Add mimetype mapping settings (#15133) 2021-05-10 16:38:08 -04:00
ssh Make internal SSH server host key path configurable (#14918) 2021-03-08 03:43:59 +01:00
storage Code Formats, Nits & Unused Func/Var deletions (#15286) 2021-04-09 09:40:34 +02:00
structs Add Active and ProhibitLogin to API (#15689) 2021-05-11 02:22:29 +02:00
svg Fix filepath basename on Windows for SVG bindata (#12241) 2020-07-13 21:16:40 +01:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
task Migrate to use jsoniter instead of encoding/json (#14841) 2021-03-01 22:08:10 +01:00
templates Fix incorrect asset URL (#15805) 2021-05-09 21:03:09 +01:00
test Move middlewares to web/middleware (#14480) 2021-01-30 10:55:53 +02:00
timeutil Fix display since time round (#14226) 2021-01-28 13:29:22 +01:00
translation Use index of the supported tags to choose user lang (#15452) 2021-04-14 19:52:01 +01:00
upload Update golangci-lint to version 1.31.0 (#13102) 2020-10-11 21:27:20 +01:00
uri Dump github/gitlab/gitea repository data to a local directory and restore to gitea (#12244) 2020-12-27 11:34:19 +08:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Use single shared random string generation function (#15741) 2021-05-10 07:45:17 +01:00
validation Move macaron to chi (#14293) 2021-01-26 16:36:53 +01:00
web Defer closing the gitrepo until the end of the wrapped context functions (#15653) 2021-05-06 01:30:25 +02:00