diff options
Diffstat (limited to 'modules/middleware/auth.go')
| -rw-r--r-- | modules/middleware/auth.go | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go index 39b7796d92..cd00d4679e 100644 --- a/modules/middleware/auth.go +++ b/modules/middleware/auth.go @@ -21,23 +21,21 @@ type ToggleOptions struct { func Toggle(options *ToggleOptions) martini.Handler { return func(ctx *Context) { + // Cannot view any page before installation. if !base.InstallLock { ctx.Redirect("/install") return } + // Redirect to dashboard if user tries to visit any non-login page. if options.SignOutRequire && ctx.IsSigned && ctx.Req.RequestURI != "/" { ctx.Redirect("/") return } - if !options.DisableCsrf { - if ctx.Req.Method == "POST" { - if !ctx.CsrfTokenValid() { - ctx.Error(403, "CSRF token does not match") - return - } - } + if !options.DisableCsrf && ctx.Req.Method == "POST" && !ctx.CsrfTokenValid() { + ctx.Error(403, "CSRF token does not match") + return } if options.SignInRequire { |