diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-04-14 03:45:33 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-13 15:45:33 -0400 |
| commit | 5b9557aef59b190c55de9ea218bf51152bc04786 (patch) | |
| tree | d77004c983875886a00acd1561a74b8c3d5ce682 /routers/web/auth | |
| parent | b7221bec34fd49495234a18c26e4f5d81483e102 (diff) | |
| download | gitea-5b9557aef59b190c55de9ea218bf51152bc04786.tar.gz gitea-5b9557aef59b190c55de9ea218bf51152bc04786.zip | |
Refactor cookie (#24107)
Close #24062
At the beginning, I just wanted to fix the warning mentioned by #24062
But, the cookie code really doesn't look good to me, so clean up them.
Complete the TODO on `SetCookie`:
> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
Diffstat (limited to 'routers/web/auth')
| -rw-r--r-- | routers/web/auth/auth.go | 23 | ||||
| -rw-r--r-- | routers/web/auth/oauth.go | 4 | ||||
| -rw-r--r-- | routers/web/auth/openid.go | 2 | ||||
| -rw-r--r-- | routers/web/auth/password.go | 2 |
4 files changed, 15 insertions, 16 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 5fba632817..d8042afecc 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -49,7 +49,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) { return false, nil } - uname := ctx.GetCookie(setting.CookieUserName) + uname := ctx.GetSiteCookie(setting.CookieUserName) if len(uname) == 0 { return false, nil } @@ -58,8 +58,8 @@ func AutoSignIn(ctx *context.Context) (bool, error) { defer func() { if !isSucceed { log.Trace("auto-login cookie cleared: %s", uname) - ctx.DeleteCookie(setting.CookieUserName) - ctx.DeleteCookie(setting.CookieRememberName) + ctx.DeleteSiteCookie(setting.CookieUserName) + ctx.DeleteSiteCookie(setting.CookieRememberName) } }() @@ -90,7 +90,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) { return false, err } - middleware.DeleteCSRFCookie(ctx.Resp) + ctx.Csrf.DeleteCookie(ctx) return true, nil } @@ -125,7 +125,7 @@ func checkAutoLogin(ctx *context.Context) bool { if len(redirectTo) > 0 { middleware.SetRedirectToCookie(ctx.Resp, redirectTo) } else { - redirectTo = ctx.GetCookie("redirect_to") + redirectTo = ctx.GetSiteCookie("redirect_to") } if isSucceed { @@ -291,7 +291,7 @@ func handleSignIn(ctx *context.Context, u *user_model.User, remember bool) { func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRedirect bool) string { if remember { days := 86400 * setting.LogInRememberDays - ctx.SetCookie(setting.CookieUserName, u.Name, days) + ctx.SetSiteCookie(setting.CookieUserName, u.Name, days) ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd), setting.CookieRememberName, u.Name, days) } @@ -330,7 +330,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe } // Clear whatever CSRF cookie has right now, force to generate a new one - middleware.DeleteCSRFCookie(ctx.Resp) + ctx.Csrf.DeleteCookie(ctx) // Register last login u.SetLastLogin() @@ -339,7 +339,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe return setting.AppSubURL + "/" } - if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) { + if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) { middleware.DeleteRedirectToCookie(ctx.Resp) if obeyRedirect { ctx.RedirectToFirst(redirectTo) @@ -368,10 +368,9 @@ func getUserName(gothUser *goth.User) string { func HandleSignOut(ctx *context.Context) { _ = ctx.Session.Flush() _ = ctx.Session.Destroy(ctx.Resp, ctx.Req) - ctx.DeleteCookie(setting.CookieUserName) - ctx.DeleteCookie(setting.CookieRememberName) - middleware.DeleteCSRFCookie(ctx.Resp) - middleware.DeleteLocaleCookie(ctx.Resp) + ctx.DeleteSiteCookie(setting.CookieUserName) + ctx.DeleteSiteCookie(setting.CookieRememberName) + ctx.Csrf.DeleteCookie(ctx) middleware.DeleteRedirectToCookie(ctx.Resp) } diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index b3c4a234c1..287136e64c 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -1112,7 +1112,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model } // Clear whatever CSRF cookie has right now, force to generate a new one - middleware.DeleteCSRFCookie(ctx.Resp) + ctx.Csrf.DeleteCookie(ctx) // Register last login u.SetLastLogin() @@ -1148,7 +1148,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model return } - if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 { + if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 { middleware.DeleteRedirectToCookie(ctx.Resp) ctx.RedirectToFirst(redirectTo) return diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go index aff2e5f780..5e0e7b258f 100644 --- a/routers/web/auth/openid.go +++ b/routers/web/auth/openid.go @@ -47,7 +47,7 @@ func SignInOpenID(ctx *context.Context) { if len(redirectTo) > 0 { middleware.SetRedirectToCookie(ctx.Resp, redirectTo) } else { - redirectTo = ctx.GetCookie("redirect_to") + redirectTo = ctx.GetSiteCookie("redirect_to") } if isSucceed { diff --git a/routers/web/auth/password.go b/routers/web/auth/password.go index a5aa9c5344..ed0412d745 100644 --- a/routers/web/auth/password.go +++ b/routers/web/auth/password.go @@ -336,7 +336,7 @@ func MustChangePasswordPost(ctx *context.Context) { log.Trace("User updated password: %s", u.Name) - if redirectTo := ctx.GetCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) { + if redirectTo := ctx.GetSiteCookie("redirect_to"); len(redirectTo) > 0 && !utils.IsExternalURL(redirectTo) { middleware.DeleteRedirectToCookie(ctx.Resp) ctx.RedirectToFirst(redirectTo) return |