mirror of https://github.com/go-gitea/gitea.git
17c5c654a5
* Prevent double-login for Git HTTP and LFS and simplify login There are a number of inconsistencies with our current methods for logging in for git and lfs. The first is that there is a double login process. This is particularly evident in 1.13 where there are no less than 4 hash checks for basic authentication due to the previous IsPasswordSet behaviour. This duplicated code had individual inconsistencies that were not helpful and caused confusion. This PR does the following: * Remove the specific login code from the git and lfs handlers except for the lfs special bearer token * Simplify the meaning of DisableBasicAuthentication to allow Token and Oauth2 sign-in. * The removal of the specific code from git and lfs means that these both now have the same login semantics and can - if not DisableBasicAuthentication - login from external services. Further it allows Oauth2 token authentication as per our standard mechanisms. * The change in the recovery handler prevents the service from re-attempting to login - primarily because this could easily cause a further panic and it is wasteful. * add test Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> |
4 years ago | |
|---|---|---|
| .. | ||
| access_log.go | 4 years ago | |
| api.go | 4 years ago | |
| api_org.go | 8 years ago | |
| api_test.go | 6 years ago | |
| auth.go | 4 years ago | |
| captcha.go | 4 years ago | |
| context.go | 4 years ago | |
| csrf.go | 4 years ago | |
| form.go | 4 years ago | |
| org.go | 4 years ago | |
| pagination.go | 4 years ago | |
| permission.go | 4 years ago | |
| private.go | 4 years ago | |
| repo.go | 4 years ago | |
| response.go | 4 years ago | |
| xsrf.go | 4 years ago | |
| xsrf_test.go | 4 years ago | |