summaryrefslogtreecommitdiffstats
path: root/services/auth
Commit message (Collapse)AuthorAgeFilesLines
* Revert unrelated changes for SMTP auth (#21767)wxiaoguang2022-11-103-5/+5
| | | | | | | The purpose of #18982 is to improve the SMTP mailer, but there were some unrelated changes made to the SMTP auth in https://github.com/go-gitea/gitea/pull/18982/commits/d60c43869420f5fc43ad19b454c9ae50dad65964 This PR reverts these unrelated changes, fix #21744
* Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)delvh2022-10-243-4/+4
| | | | | | | | | Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* SessionUser protection against nil pointer dereference (#21358)Paweł Bogusławski2022-10-061-0/+4
| | | | | | | | | | | | | | | | | | | `SessionUser` should be protected against passing `sess` = `nil` to avoid ``` PANIC: runtime error: invalid memory address or nil pointer dereference ``` in https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69 after upgrade from gitea v1.16 to v1.17. Related: https://github.com/go-gitea/gitea/pull/18452 Author-Change-Id: IB#1126459
* Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)Clar Fon2022-10-021-1/+1
| | | | | | Only load SECRET_KEY and INTERNAL_TOKEN if they exist. Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add support for authentication based on reverse proxy email (#19949)Hasnain Lakhani2022-09-281-8/+52
| | | | | | | | | | | | | | | | | | | | | | | | This is useful in scenarios where the reverse proxy may have knowledge of user emails, but does not know about usernames set on gitea, as in the feature request in #19948. I tested this by setting up a fresh gitea install with one user `mhl` and email `m.hasnain.lakhani@gmail.com`. I then created a private repo, and configured gitea to allow reverse proxy authentication. Via curl I confirmed that these two requests now work and return 200s: curl http://localhost:3000/mhl/private -I --header "X-Webauth-User: mhl" curl http://localhost:3000/mhl/private -I --header "X-Webauth-Email: m.hasnain.lakhani@gmail.com" Before this commit, the second request did not work. I also verified that if I provide an invalid email or user, a 404 is correctly returned as before Closes #19948 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Share HTML template renderers and create a watcher framework (#20218)zeripath2022-08-283-12/+7
| | | | | | | | | | | | | | | | | | | | | | | | | The recovery, API, Web and package frameworks all create their own HTML Renderers. This increases the memory requirements of Gitea unnecessarily with duplicate templates being kept in memory. Further the reloading framework in dev mode for these involves locking and recompiling all of the templates on each load. This will potentially hide concurrency issues and it is inefficient. This PR stores the templates renderer in the context and stores this context in the NormalRoutes, it then creates a fsnotify.Watcher framework to watch files. The watching framework is then extended to the mailer templates which were previously not being reloaded in dev. Then the locales are simplified to a similar structure. Fix #20210 Fix #20211 Fix #20217 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move some files into models' sub packages (#20262)Lunny Xiao2022-08-252-11/+10
| | | | | | | | | | | | | | | | | | | | | | | | | * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* auth/reverseproxy: Add support for full name (#20776)Will Norris2022-08-161-2/+8
| | | | | | | | | | | | This adds support for getting the user's full name from the reverse proxy in addition to username and email. Tested locally with caddy serving as reverse proxy with Tailscale authentication. Signed-off-by: Will Norris <will@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix typo in source (#20723)luzpaz2022-08-091-2/+2
| | | | | | Algorightm -> Algorithm Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Rework mailer settings (#18982)Clar Fon2022-08-023-5/+5
| | | | | | | | | | | * `PROTOCOL`: can be smtp, smtps, smtp+startls, smtp+unix, sendmail, dummy * `SMTP_ADDR`: domain for SMTP, or path to unix socket * `SMTP_PORT`: port for SMTP; defaults to 25 for `smtp`, 465 for `smtps`, and 587 for `smtp+startls` * `ENABLE_HELO`, `HELO_HOSTNAME`: reverse `DISABLE_HELO` to `ENABLE_HELO`; default to false + system hostname * `FORCE_TRUST_SERVER_CERT`: replace the unclear `SKIP_VERIFY` * `CLIENT_CERT_FILE`, `CLIENT_KEY_FILE`, `USE_CLIENT_CERT`: clarify client certificates here Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix various typos (#20338)luzpaz2022-07-121-1/+1
| | | | | | | * Fix various typos Found via `codespell -q 3 -S ./options/locale,./options/license,./public/vendor -L actived,allways,attachements,ba,befores,commiter,pullrequest,pullrequests,readby,splitted,te,unknwon` Co-authored-by: zeripath <art27@cantab.net>
* EscapeFilter the group dn membership (#20200)zeripath2022-07-051-1/+1
| | | | | | | | | The uid provided to the group filter must be properly escaped using the provided ldap.EscapeFilter function. Fix #20181 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add more linters to improve code readability (#19989)Wim2022-06-202-94/+94
| | | | | | | | | | Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability - nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length. - unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions - wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements. - notlintlint - Reports ill-formed or insufficient nolint directives - stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent - excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005)
* Implement http signatures support for the API (#17565)Wim2022-06-051-0/+217
| | | | | | | | | | | | | | | | Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-205-7/+6
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Move user password verification after checking his groups on ldap auth (#19587)Gwilherm Folliot2022-05-031-8/+8
| | | | | | | In case the binded user can not access its own attributes. Signed-off-by: Gwilherm Folliot <gwilherm55fo@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Respect DefaultUserIsRestricted system default when creating new user (#19310)Jimmy Praet2022-04-296-41/+61
| | | | | | | | | | | | | | | | | | | * Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
* Remove dependent on session auth for api/v1 routers (#19321)Lunny Xiao2022-04-081-10/+0
| | | | | | | | | | | * Remove dependent on session auth for api/v1 routers * Remove unnecessary session on API context * remove missed header * fix test * fix missed api/v1
* Restore user autoregistration with email addresses (#19261)zeripath2022-03-311-29/+39
| | | | | | | | | | | Unfortunately #18789 disabled autoregistration using email addresses as they would be shortcut to email address does not exist. This PR attempts to restore autoregistration by allowing an unknown email address to percolate through to the autoregistration path of UserSignin. Fix #19256 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Package Registry (#16510)KN4CK3R2022-03-302-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Added package store settings. * Added models. * Added generic package registry. * Added tests. * Added NuGet package registry. * Moved service index to api file. * Added NPM package registry. * Added Maven package registry. * Added PyPI package registry. * Summary is deprecated. * Changed npm name. * Sanitize project url. * Allow only scoped packages. * Added user interface. * Changed method name. * Added missing migration file. * Set page info. * Added documentation. * Added documentation links. * Fixed wrong error message. * Lint template files. * Fixed merge errors. * Fixed unit test storage path. * Switch to json module. * Added suggestions. * Added package webhook. * Add package api. * Fixed swagger file. * Fixed enum and comments. * Fixed NuGet pagination. * Print test names. * Added api tests. * Fixed access level. * Fix User unmarshal. * Added RubyGems package registry. * Fix lint. * Implemented io.Writer. * Added support for sha256/sha512 checksum files. * Improved maven-metadata.xml support. * Added support for symbol package uploads. * Added tests. * Added overview docs. * Added npm dependencies and keywords. * Added no-packages information. * Display file size. * Display asset count. * Fixed filter alignment. * Added package icons. * Formatted instructions. * Allow anonymous package downloads. * Fixed comments. * Fixed postgres test. * Moved file. * Moved models to models/packages. * Use correct error response format per client. * Use simpler search form. * Fixed IsProd. * Restructured data model. * Prevent empty filename. * Fix swagger. * Implemented user/org registry. * Implemented UI. * Use GetUserByIDCtx. * Use table for dependencies. * make svg * Added support for unscoped npm packages. * Add support for npm dist tags. * Added tests for npm tags. * Unlink packages if repository gets deleted. * Prevent user/org delete if a packages exist. * Use package unlink in repository service. * Added support for composer packages. * Restructured package docs. * Added missing tests. * Fixed generic content page. * Fixed docs. * Fixed swagger. * Added missing type. * Fixed ambiguous column. * Organize content store by sha256 hash. * Added admin package management. * Added support for sorting. * Add support for multiple identical versions/files. * Added missing repository unlink. * Added file properties. * make fmt * lint * Added Conan package registry. * Updated docs. * Unify package names. * Added swagger enum. * Use longer TEXT column type. * Removed version composite key. * Merged package and container registry. * Removed index. * Use dedicated package router. * Moved files to new location. * Updated docs. * Fixed JOIN order. * Fixed GROUP BY statement. * Fixed GROUP BY #2. * Added symbol server support. * Added more tests. * Set NOT NULL. * Added setting to disable package registries. * Moved auth into service. * refactor * Use ctx everywhere. * Added package cleanup task. * Changed packages path. * Added container registry. * Refactoring * Updated comparison. * Fix swagger. * Fixed table order. * Use token auth for npm routes. * Enabled ReverseProxy auth. * Added packages link for orgs. * Fixed anonymous org access. * Enable copy button for setup instructions. * Merge error * Added suggestions. * Fixed merge. * Handle "generic". * Added link for TODO. * Added suggestions. * Changed temporary buffer filename. * Added suggestions. * Apply suggestions from code review Co-authored-by: Thomas Boerger <thomas@webhippie.de> * Update docs/content/doc/packages/nuget.en-us.md Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Thomas Boerger <thomas@webhippie.de>
* Move organization related structs into sub package (#18518)Lunny Xiao2022-03-293-24/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move organization related structs into sub package * Fix test * Fix lint * Move more functions into sub packages * Fix bug * Fix test * Update models/organization/team_repo.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Apply suggestions from code review Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Fix fmt * Follow suggestion from @Gusted * Fix test * Fix test * Fix bug * Use ctx but db.DefaultContext on routers * Fix bug * Fix bug * fix bug * Update models/organization/team_user.go * Fix bug Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Let web and API routes have different auth methods group (#19168)Lunny Xiao2022-03-284-78/+24
| | | | | | | | | | | | | * remove the global methods but create dynamiclly * Fix lint * Fix windows lint * Fix windows lint * some improvements Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update HTTP status codes to modern codes (#18063)KN4CK3R2022-03-231-1/+1
| | | | | | * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-221-1/+1
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Fix login with email panic when email is not exist (#18941)Lunny Xiao2022-02-281-1/+1
|
* Fix ldap user sync missed email in email_address table (#18786)Lunny Xiao2022-02-241-1/+2
| | | | | * Fix ldap user sync missed email in email_address table * Fix test
* Fix login with email for ldap users (#18800)Lunny Xiao2022-02-201-1/+1
| | | `authenticator.Authenticate` has assume the login name is not an email, but `username` maybe an email. So when we find the user via email address, we should use `user.LoginName` instead of `username` which is an email address.
* Fix ldap loginname (#18789)Johan Van de Wauw2022-02-182-6/+11
| | | | | | | | | | | | | | | | | | | | * Use email_address table to check user's email when login with email adress * Update services/auth/signin.go * Fix test * Fix test * Fix logging in with ldap username != loginname * Fix if user does not exist yet * Make more clear this is loginName * Fix formatting Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Add LDAP group sync to Teams, fixes #1395 (#16299)Sven Seeberg2022-02-116-27/+244
| | | | | | | | | | * Add setting for a JSON that maps LDAP groups to Org Teams. * Add log when removing or adding team members. * Sync is being run on login and periodically. * Existing group filter settings are reused. * Adding and removing team members. * Sync not existing LDAP group. * Login with broken group map JSON.
* Use `ImagedProvider` for gplus oauth2 provider (#18504)Gusted2022-02-011-2/+2
| | | | | Use `ImagedProvider` for gplus' oauthv2 provider, as the image isn't "gplus.png" but "google.png". Resolves #18494
* Refactor jwt.StandardClaims to RegisteredClaims (#18344)zeripath2022-01-202-7/+5
| | | | | | | | | | | | | | | * Refactor jwt.StandardClaims to RegisteredClaims go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims instead. This PR migrates to use this new format. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Gusted <williamzijl7@hotmail.com>
* format with gofumpt (#18184)65432022-01-2013-25/+15
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Support webauthn (#17957)Lunny Xiao2022-01-143-3/+8
| | | | | | | Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Increase Salt randomness (#18179)Gusted2022-01-041-1/+3
| | | | | | | | | | | - The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit. - The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness. - Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16). - When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt. Thanks to @zeripath for working out the rouge edges from my first commit 😄. Co-authored-by: lafriks <lauris@nix.lv> Co-authored-by: zeripath <art27@cantab.net>
* Refactor auth package (#17962)Lunny Xiao2022-01-0225-129/+129
|
* Reset Session ID on login (#18018)zeripath2021-12-202-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Reset Session ID on login When logging in the SessionID should be reset and the session cleaned up. Signed-off-by: Andrew Thornton <art27@cantab.net> * with new session.RegenerateID function Signed-off-by: Andrew Thornton <art27@cantab.net> * update go-chi/session Signed-off-by: Andrew Thornton <art27@cantab.net> * Ensure that session id is changed after oauth data is set and between account linking pages too Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-144-16/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-102-10/+10
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move repository model into models/repo (#17933)Lunny Xiao2021-12-105-10/+5
| | | | | | | | | | | | | | | * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
* Move more model into models/user (#17826)Lunny Xiao2021-11-281-2/+1
| | | | | | | | * Move more model into models/user * Remove unnecessary comment Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix code formating (#17830)mscherer2021-11-271-3/+3
| | | * fix formatter, format imports first, then go fmt
* Move user related model into models/user (#17781)Lunny Xiao2021-11-2419-96/+108
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-224-8/+13
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Extract constant names out for the ReverseProxy and Basic authentication ↵zeripath2021-11-202-2/+8
| | | | | | | | | methods (#17735) In order to reduce load on the GC extract out the constant names of the Basic and ReverseProxy methods. As mentioned in https://github.com/go-gitea/gitea/pull/15119#discussion_r730352176 Signed-off-by: Andrew Thornton <art27@cantab.net>
* A better go code formatter, and now `make fmt` can run in Windows (#17684)wxiaoguang2021-11-173-2/+3
| | | | * go build / format tools * re-format imports
* Minor readability patch. (#17627)Michael Grigoryan2021-11-121-1/+1
|
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-112-3/+5
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Move oauth2 error to oauth2 service package (#17603)Lunny Xiao2021-11-111-2/+19
|
* Move webhook into models/webhook/ (#17579)Lunny Xiao2021-11-102-5/+6
|
* Simplify Gothic to use our session store instead of creating a different ↵zeripath2021-11-032-18/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | store (#17507) * Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle MaxTokenLength Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-02 16:02:18 +0000