diff options
| author | zeripath <art27@cantab.net> | 2020-08-22 10:09:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-22 12:09:43 +0300 |
| commit | b78448e94e1415eb810ee1126135c64ec2942c0f (patch) | |
| tree | 9d7e0fb2c73d34f2221b676d2f36c17bcd3c1d8f /modules | |
| parent | d4e35b9dc61779559fe28a7537d28bef2938a443 (diff) | |
| download | gitea-b78448e94e1415eb810ee1126135c64ec2942c0f.tar.gz gitea-b78448e94e1415eb810ee1126135c64ec2942c0f.zip | |
Skip SSPI authentication attempts for /api/internal (#12556)
* Skip SSPI authentication attempts for /api/internal
SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.
Fix #11260
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update oauth2.go
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/sso/oauth2.go | 2 | ||||
| -rw-r--r-- | modules/auth/sso/sso.go | 5 | ||||
| -rw-r--r-- | modules/auth/sso/sspi_windows.go | 2 |
3 files changed, 8 insertions, 1 deletions
diff --git a/modules/auth/sso/oauth2.go b/modules/auth/sso/oauth2.go index 6860c12e39..3f530f036f 100644 --- a/modules/auth/sso/oauth2.go +++ b/modules/auth/sso/oauth2.go @@ -121,7 +121,7 @@ func (o *OAuth2) VerifyAuthData(ctx *macaron.Context, sess session.Store) *model return nil } - if !isAPIPath(ctx) && !isAttachmentDownload(ctx) { + if isInternalPath(ctx) || !isAPIPath(ctx) && !isAttachmentDownload(ctx) { return nil } diff --git a/modules/auth/sso/sso.go b/modules/auth/sso/sso.go index cf8148d89b..c2e36f3f5e 100644 --- a/modules/auth/sso/sso.go +++ b/modules/auth/sso/sso.go @@ -100,6 +100,11 @@ func isAPIPath(ctx *macaron.Context) bool { return strings.HasPrefix(ctx.Req.URL.Path, "/api/") } +// isInternalPath returns true if the specified URL is an internal API path +func isInternalPath(ctx *macaron.Context) bool { + return strings.HasPrefix(ctx.Req.URL.Path, "/api/internal/") +} + // isAttachmentDownload check if request is a file download (GET) with URL to an attachment func isAttachmentDownload(ctx *macaron.Context) bool { return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET" diff --git a/modules/auth/sso/sspi_windows.go b/modules/auth/sso/sspi_windows.go index 2bced4be28..00f15d97be 100644 --- a/modules/auth/sso/sspi_windows.go +++ b/modules/auth/sso/sspi_windows.go @@ -148,6 +148,8 @@ func (s *SSPI) shouldAuthenticate(ctx *macaron.Context) (shouldAuth bool) { } else if ctx.Req.FormValue("auth_with_sspi") == "1" { shouldAuth = true } + } else if isInternalPath(ctx) { + shouldAuth = false } else if isAPIPath(ctx) || isAttachmentDownload(ctx) { shouldAuth = true } |