diff options
| author | zeripath <art27@cantab.net> | 2021-05-15 16:32:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-15 17:32:09 +0200 |
| commit | 17c5c654a57ecf51c8c7c8ecfc6c86ae313d4000 (patch) | |
| tree | 215186f39aba3a6a92a40b64b0ba546f01e23f4b /custom | |
| parent | ba526ceffe33a54b6015cdfbdc9bba920484dc23 (diff) | |
| download | gitea-17c5c654a57ecf51c8c7c8ecfc6c86ae313d4000.tar.gz gitea-17c5c654a57ecf51c8c7c8ecfc6c86ae313d4000.zip | |
Prevent double-login for Git HTTP and LFS and simplify login (#15303)
* Prevent double-login for Git HTTP and LFS and simplify login
There are a number of inconsistencies with our current methods for
logging in for git and lfs. The first is that there is a double login
process. This is particularly evident in 1.13 where there are no less
than 4 hash checks for basic authentication due to the previous
IsPasswordSet behaviour.
This duplicated code had individual inconsistencies that were not
helpful and caused confusion.
This PR does the following:
* Remove the specific login code from the git and lfs handlers except
for the lfs special bearer token
* Simplify the meaning of DisableBasicAuthentication to allow Token and
Oauth2 sign-in.
* The removal of the specific code from git and lfs means that these
both now have the same login semantics and can - if not
DisableBasicAuthentication - login from external services. Further it
allows Oauth2 token authentication as per our standard mechanisms.
* The change in the recovery handler prevents the service from
re-attempting to login - primarily because this could easily cause a
further panic and it is wasteful.
* add test
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'custom')
0 files changed, 0 insertions, 0 deletions