aboutsummaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2024-10-10 11:48:21 +0800
committerGitHub <noreply@github.com>2024-10-10 03:48:21 +0000
commitdd83cfcacc989d0e7cbd21ec5eba029fdfcb72dd (patch)
treef2d23e3e6e8a1f010593bafe94f42081a7b2a4cb /routers
parent368b0881f502dd36a1ae725493c85683803fd816 (diff)
downloadgitea-dd83cfcacc989d0e7cbd21ec5eba029fdfcb72dd.tar.gz
gitea-dd83cfcacc989d0e7cbd21ec5eba029fdfcb72dd.zip
Refactor CSRF token (#32216)
Diffstat (limited to 'routers')
-rw-r--r--routers/web/auth/auth.go8
-rw-r--r--routers/web/auth/oauth.go4
2 files changed, 7 insertions, 5 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 5cbe2f5388..c9ef9193f1 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -98,7 +98,7 @@ func autoSignIn(ctx *context.Context) (bool, error) {
return false, err
}
- ctx.Csrf.DeleteCookie(ctx)
+ ctx.Csrf.PrepareForSessionUser(ctx)
return true, nil
}
@@ -359,8 +359,8 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
}
- // Clear whatever CSRF cookie has right now, force to generate a new one
- ctx.Csrf.DeleteCookie(ctx)
+ // force to generate a new CSRF token
+ ctx.Csrf.PrepareForSessionUser(ctx)
// Register last login
if err := user_service.UpdateUser(ctx, u, &user_service.UpdateOptions{SetLastLogin: true}); err != nil {
@@ -804,6 +804,8 @@ func handleAccountActivation(ctx *context.Context, user *user_model.User) {
return
}
+ ctx.Csrf.PrepareForSessionUser(ctx)
+
if err := resetLocale(ctx, user); err != nil {
ctx.ServerError("resetLocale", err)
return
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index ccbb3bebf1..730d68051b 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -358,8 +358,8 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
return
}
- // Clear whatever CSRF cookie has right now, force to generate a new one
- ctx.Csrf.DeleteCookie(ctx)
+ // force to generate a new CSRF token
+ ctx.Csrf.PrepareForSessionUser(ctx)
if err := resetLocale(ctx, u); err != nil {
ctx.ServerError("resetLocale", err)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 21:45:18 +0000