aboutsummaryrefslogtreecommitdiffstats
path: root/modules/context
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-09-17 12:43:47 +0100
committerGitHub <noreply@github.com>2021-09-17 12:43:47 +0100
commit27b351aba564804f65e5574919a88d6194c75256 (patch)
treefa4857e05e344693e629aa14b05b7f8ffba42cfc /modules/context
parentf96d0d3d5b2acb3545c3a2ced7972879a9750c9d (diff)
downloadgitea-27b351aba564804f65e5574919a88d6194c75256.tar.gz
gitea-27b351aba564804f65e5574919a88d6194c75256.zip
Make LDAP be able to skip local 2FA (#16954)
This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources. Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/context')
-rw-r--r--modules/context/api.go4
-rw-r--r--modules/context/auth.go3
2 files changed, 7 insertions, 0 deletions
diff --git a/modules/context/api.go b/modules/context/api.go
index 47ea8acfe0..e80e63cd96 100644
--- a/modules/context/api.go
+++ b/modules/context/api.go
@@ -214,6 +214,10 @@ func (ctx *APIContext) RequireCSRF() {
// CheckForOTP validates OTP
func (ctx *APIContext) CheckForOTP() {
+ if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
+ return // Skip 2FA
+ }
+
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)
if err != nil {
diff --git a/modules/context/auth.go b/modules/context/auth.go
index ed220d5420..0a62b2741e 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -151,6 +151,9 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
return
}
if ctx.IsSigned && ctx.IsBasicAuth {
+ if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
+ return // Skip 2FA
+ }
twofa, err := models.GetTwoFactorByUID(ctx.User.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {