diff options
| author | Denys Konovalov <kontakt@denyskon.de> | 2023-08-09 14:24:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-09 14:24:07 +0200 |
| commit | 63ab92d7971e4931e98f014f2c5385d2242fa780 (patch) | |
| tree | 8e5aabe7ab6d1b24578fd49dc8d4fc0fe8fc2478 /routers | |
| parent | d41aee1d1e1cb07ccf71330dd3414beff603e48a (diff) | |
| download | gitea-63ab92d7971e4931e98f014f2c5385d2242fa780.tar.gz gitea-63ab92d7971e4931e98f014f2c5385d2242fa780.zip | |
Pre-register OAuth2 applications for git credential helpers (#26291)
This PR is an extended implementation of #25189 and builds upon the
proposal by @hickford in #25653, utilizing some ideas proposed
internally by @wxiaoguang.
Mainly, this PR consists of a mechanism to pre-register OAuth2
applications on startup, which can be enabled or disabled by modifying
the `[oauth2].DEFAULT_APPLICATIONS` parameter in app.ini. The OAuth2
applications registered this way are being marked as "locked" and
neither be deleted nor edited over UI to prevent confusing/unexpected
behavior. Instead, they're being removed if no longer enabled in config.
The implemented mechanism can also be used to pre-register other OAuth2
applications in the future, if wanted.
Co-authored-by: hickford <mirth.hickford@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---------
Co-authored-by: M Hickford <mirth.hickford@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/init.go | 2 | ||||
| -rw-r--r-- | routers/web/admin/applications.go | 2 | ||||
| -rw-r--r-- | routers/web/repo/http.go | 2 |
3 files changed, 4 insertions, 2 deletions
diff --git a/routers/init.go b/routers/init.go index ddbabcc397..020fff31c0 100644 --- a/routers/init.go +++ b/routers/init.go @@ -10,6 +10,7 @@ import ( "code.gitea.io/gitea/models" asymkey_model "code.gitea.io/gitea/models/asymkey" + authmodel "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/modules/cache" "code.gitea.io/gitea/modules/eventsource" "code.gitea.io/gitea/modules/git" @@ -138,6 +139,7 @@ func InitWebInstalled(ctx context.Context) { mustInit(oauth2.Init) mustInitCtx(ctx, models.Init) + mustInitCtx(ctx, authmodel.Init) mustInit(repo_service.Init) // Booting long running goroutines. diff --git a/routers/web/admin/applications.go b/routers/web/admin/applications.go index 7b27524340..b26912db48 100644 --- a/routers/web/admin/applications.go +++ b/routers/web/admin/applications.go @@ -39,7 +39,7 @@ func Applications(ctx *context.Context) { return } ctx.Data["Applications"] = apps - + ctx.Data["BuiltinApplications"] = auth.BuiltinApplications() ctx.HTML(http.StatusOK, tplSettingsApplications) } diff --git a/routers/web/repo/http.go b/routers/web/repo/http.go index 0cae9aeda4..c8ecb3b1d8 100644 --- a/routers/web/repo/http.go +++ b/routers/web/repo/http.go @@ -147,7 +147,7 @@ func httpBase(ctx *context.Context) *serviceHandler { // rely on the results of Contexter if !ctx.IsSigned { // TODO: support digit auth - which would be Authorization header with digit - ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"") + ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea"`) ctx.Error(http.StatusUnauthorized) return nil } |