summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorB-OnTheGo <42626718+beeonthego@users.noreply.github.com>2018-09-11 02:15:52 +1000
committertechknowlogick <techknowlogick@users.noreply.github.com>2018-09-10 12:15:52 -0400
commite47df0b301510a49b49fc43266f436b7d58a02b1 (patch)
treeacc014c8e82a3b75754c9969f078b25579a523e9 /modules
parent387a4b09c1b62a2a5eb70b89559d5ae53032c989 (diff)
downloadgitea-e47df0b301510a49b49fc43266f436b7d58a02b1.tar.gz
gitea-e47df0b301510a49b49fc43266f436b7d58a02b1.zip
Enforce token on api routes [fixed critical security issue #4357] (#4840)
Diffstat (limited to 'modules')
-rw-r--r--modules/auth/auth.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/auth/auth.go b/modules/auth/auth.go
index f3aac51899..8391e7de8f 100644
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -63,6 +63,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
if err = models.UpdateAccessToken(t); err != nil {
log.Error(4, "UpdateAccessToken: %v", err)
}
+ ctx.Data["IsApiToken"] = true
return t.UID
}
}
@@ -136,7 +137,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
}
return nil, false
}
-
+ ctx.Data["IsApiToken"] = true
return u, true
}
}