diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2023-04-14 03:45:33 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-13 15:45:33 -0400 |
| commit | 5b9557aef59b190c55de9ea218bf51152bc04786 (patch) | |
| tree | d77004c983875886a00acd1561a74b8c3d5ce682 /services | |
| parent | b7221bec34fd49495234a18c26e4f5d81483e102 (diff) | |
| download | gitea-5b9557aef59b190c55de9ea218bf51152bc04786.tar.gz gitea-5b9557aef59b190c55de9ea218bf51152bc04786.zip | |
Refactor cookie (#24107)
Close #24062
At the beginning, I just wanted to fix the warning mentioned by #24062
But, the cookie code really doesn't look good to me, so clean up them.
Complete the TODO on `SetCookie`:
> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
Diffstat (limited to 'services')
| -rw-r--r-- | services/auth/auth.go | 5 | ||||
| -rw-r--r-- | services/auth/sspi_windows.go | 16 |
2 files changed, 9 insertions, 12 deletions
diff --git a/services/auth/auth.go b/services/auth/auth.go index 00e277c41a..905c776e58 100644 --- a/services/auth/auth.go +++ b/services/auth/auth.go @@ -13,6 +13,7 @@ import ( "code.gitea.io/gitea/models/db" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/auth/webauthn" + gitea_context "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/session" "code.gitea.io/gitea/modules/setting" @@ -91,5 +92,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore middleware.SetLocaleCookie(resp, user.Language, 0) // Clear whatever CSRF has right now, force to generate a new one - middleware.DeleteCSRFCookie(resp) + if ctx := gitea_context.GetContext(req); ctx != nil { + ctx.Csrf.DeleteCookie(ctx) + } } diff --git a/services/auth/sspi_windows.go b/services/auth/sspi_windows.go index b6e8d42980..176f4f574f 100644 --- a/services/auth/sspi_windows.go +++ b/services/auth/sspi_windows.go @@ -13,9 +13,9 @@ import ( "code.gitea.io/gitea/models/avatars" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/base" + gitea_context "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" - "code.gitea.io/gitea/modules/templates" "code.gitea.io/gitea/modules/util" "code.gitea.io/gitea/modules/web/middleware" "code.gitea.io/gitea/services/auth/source/sspi" @@ -46,9 +46,7 @@ var ( // via the built-in SSPI module in Windows for SPNEGO authentication. // On successful authentication returns a valid user object. // Returns nil if authentication fails. -type SSPI struct { - rnd *templates.HTMLRender -} +type SSPI struct{} // Init creates a new global websspi.Authenticator object func (s *SSPI) Init(ctx context.Context) error { @@ -58,7 +56,6 @@ func (s *SSPI) Init(ctx context.Context) error { if err != nil { return err } - _, s.rnd = templates.HTMLRenderer(ctx) return nil } @@ -101,12 +98,9 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, } store.GetData()["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn store.GetData()["EnableSSPI"] = true - - err := s.rnd.HTML(w, http.StatusUnauthorized, string(tplSignIn), templates.BaseVars().Merge(store.GetData())) - if err != nil { - log.Error("%v", err) - } - + // in this case, the store is Gitea's web Context + // FIXME: it doesn't look good to render the page here, why not redirect? + store.(*gitea_context.Context).HTML(http.StatusUnauthorized, tplSignIn) return nil, err } if outToken != "" { |