diff options
| author | silverwind <me@silverwind.io> | 2020-10-05 07:49:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-05 01:49:33 -0400 |
| commit | cda44750cbdc7a8460666a4f0ac7f652d84a3964 (patch) | |
| tree | 207745d1b529a0cde5207111d23bfc07c1e0312c /models/twofactor.go | |
| parent | 67a5573310cf23726e3c2ef4651221c6dc150075 (diff) | |
| download | gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.tar.gz gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.zip | |
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases
- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
releases to prevent circumvention of allowed types check
Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers
* rename function
* extract GET routes out of RepoMustNotBeArchived
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'models/twofactor.go')
| -rw-r--r-- | models/twofactor.go | 51 |
1 files changed, 5 insertions, 46 deletions
diff --git a/models/twofactor.go b/models/twofactor.go index 888c910b94..a84da8cdb5 100644 --- a/models/twofactor.go +++ b/models/twofactor.go @@ -5,18 +5,14 @@ package models import ( - "crypto/aes" - "crypto/cipher" "crypto/md5" - "crypto/rand" "crypto/sha256" "crypto/subtle" "encoding/base64" - "errors" "fmt" - "io" "code.gitea.io/gitea/modules/generate" + "code.gitea.io/gitea/modules/secret" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/timeutil" @@ -67,8 +63,8 @@ func (t *TwoFactor) getEncryptionKey() []byte { } // SetSecret sets the 2FA secret. -func (t *TwoFactor) SetSecret(secret string) error { - secretBytes, err := aesEncrypt(t.getEncryptionKey(), []byte(secret)) +func (t *TwoFactor) SetSecret(secretString string) error { + secretBytes, err := secret.AesEncrypt(t.getEncryptionKey(), []byte(secretString)) if err != nil { return err } @@ -82,51 +78,14 @@ func (t *TwoFactor) ValidateTOTP(passcode string) (bool, error) { if err != nil { return false, err } - secret, err := aesDecrypt(t.getEncryptionKey(), decodedStoredSecret) + secretBytes, err := secret.AesDecrypt(t.getEncryptionKey(), decodedStoredSecret) if err != nil { return false, err } - secretStr := string(secret) + secretStr := string(secretBytes) return totp.Validate(passcode, secretStr), nil } -// aesEncrypt encrypts text and given key with AES. -func aesEncrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - b := base64.StdEncoding.EncodeToString(text) - ciphertext := make([]byte, aes.BlockSize+len(b)) - iv := ciphertext[:aes.BlockSize] - if _, err := io.ReadFull(rand.Reader, iv); err != nil { - return nil, err - } - cfb := cipher.NewCFBEncrypter(block, iv) - cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b)) - return ciphertext, nil -} - -// aesDecrypt decrypts text and given key with AES. -func aesDecrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - if len(text) < aes.BlockSize { - return nil, errors.New("ciphertext too short") - } - iv := text[:aes.BlockSize] - text = text[aes.BlockSize:] - cfb := cipher.NewCFBDecrypter(block, iv) - cfb.XORKeyStream(text, text) - data, err := base64.StdEncoding.DecodeString(string(text)) - if err != nil { - return nil, err - } - return data, nil -} - // NewTwoFactor creates a new two-factor authentication token. func NewTwoFactor(t *TwoFactor) error { _, err := x.Insert(t) |