From cda44750cbdc7a8460666a4f0ac7f652d84a3964 Mon Sep 17 00:00:00 2001 From: silverwind Date: Mon, 5 Oct 2020 07:49:33 +0200 Subject: Attachments: Add extension support, allow all types for releases (#12465) * Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH --- models/twofactor.go | 51 +++++---------------------------------------------- 1 file changed, 5 insertions(+), 46 deletions(-) (limited to 'models') diff --git a/models/twofactor.go b/models/twofactor.go index 888c910b94..a84da8cdb5 100644 --- a/models/twofactor.go +++ b/models/twofactor.go @@ -5,18 +5,14 @@ package models import ( - "crypto/aes" - "crypto/cipher" "crypto/md5" - "crypto/rand" "crypto/sha256" "crypto/subtle" "encoding/base64" - "errors" "fmt" - "io" "code.gitea.io/gitea/modules/generate" + "code.gitea.io/gitea/modules/secret" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/timeutil" @@ -67,8 +63,8 @@ func (t *TwoFactor) getEncryptionKey() []byte { } // SetSecret sets the 2FA secret. -func (t *TwoFactor) SetSecret(secret string) error { - secretBytes, err := aesEncrypt(t.getEncryptionKey(), []byte(secret)) +func (t *TwoFactor) SetSecret(secretString string) error { + secretBytes, err := secret.AesEncrypt(t.getEncryptionKey(), []byte(secretString)) if err != nil { return err } @@ -82,51 +78,14 @@ func (t *TwoFactor) ValidateTOTP(passcode string) (bool, error) { if err != nil { return false, err } - secret, err := aesDecrypt(t.getEncryptionKey(), decodedStoredSecret) + secretBytes, err := secret.AesDecrypt(t.getEncryptionKey(), decodedStoredSecret) if err != nil { return false, err } - secretStr := string(secret) + secretStr := string(secretBytes) return totp.Validate(passcode, secretStr), nil } -// aesEncrypt encrypts text and given key with AES. -func aesEncrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - b := base64.StdEncoding.EncodeToString(text) - ciphertext := make([]byte, aes.BlockSize+len(b)) - iv := ciphertext[:aes.BlockSize] - if _, err := io.ReadFull(rand.Reader, iv); err != nil { - return nil, err - } - cfb := cipher.NewCFBEncrypter(block, iv) - cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b)) - return ciphertext, nil -} - -// aesDecrypt decrypts text and given key with AES. -func aesDecrypt(key, text []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - if len(text) < aes.BlockSize { - return nil, errors.New("ciphertext too short") - } - iv := text[:aes.BlockSize] - text = text[aes.BlockSize:] - cfb := cipher.NewCFBDecrypter(block, iv) - cfb.XORKeyStream(text, text) - data, err := base64.StdEncoding.DecodeString(string(text)) - if err != nil { - return nil, err - } - return data, nil -} - // NewTwoFactor creates a new two-factor authentication token. func NewTwoFactor(t *TwoFactor) error { _, err := x.Insert(t) -- cgit v1.2.3