* API calls authorized with HTTP header
This mod allows API calls to be authorized with HTTP header
when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without
it user authenticated by reverse proxy is able to access
gitea UI but not API which is inconsistent.
Author-Change-Id: IB#
1107572
* Fixed API calls authorized with HTTP header
Only reqBasicAuth is modified to allow reverse proxy
auth as alternative and reqToken is left untouched.
Fixes: dc952c063206d11504085ddea966f121e796a04c
Author-Change-Id: IB#
1107572
* Reverse proxy API auth separated in docs
Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#
1107572
* Reverse proxy API auth separated in docs
Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#
1107572
* Reverse proxy API auth separated
Related: https://github.com/go-gitea/gitea/pull/15119#discussion_r621322127
Author-Change-Id: IB#
1107572
* ReverseProxyAuth removed from swagger
ReverseProxyAuth removed from swagger as in upstream's suggestion.
Related: https://github.com/go-gitea/gitea/pull/15119#pullrequestreview-
692180940
Author-Change-Id: IB#
1107572
* ReverseProxyAuth API authorization fixed
Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-
868465099
Author-Change-Id: IB#
1107572
* ReverseProxyAuth API authorization fixed
Related: https://github.com/go-gitea/gitea/pull/15119#issuecomment-
868465099
Author-Change-Id: IB#
1107572
}
}
-func reqBasicAuth() func(ctx *context.APIContext) {
+func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
return func(ctx *context.APIContext) {
+ if ctx.IsSigned && setting.Service.EnableReverseProxyAuth && ctx.Data["AuthedMethod"].(string) == new(auth.ReverseProxy).Name() {
+ return
+ }
if !ctx.Context.IsBasicAuth {
- ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "basic auth required")
+ ctx.Error(http.StatusUnauthorized, "reqBasicOrRevProxyAuth", "auth required")
return
}
ctx.CheckForOTP()
m.Combo("").Get(user.ListAccessTokens).
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
m.Combo("/{id}").Delete(user.DeleteAccessToken)
- }, reqBasicAuth())
+ }, reqBasicOrRevProxyAuth())
})
})