domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Refactor cookie (#24107)

Browse source 
Close #24062

At the beginning, I just wanted to fix the warning mentioned by #24062

But, the cookie code really doesn't look good to me, so clean up them.

Complete the TODO on `SetCookie`: 

> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
This commit is contained in:
wxiaoguang 2023-04-14 03:45:33 +08:00 committed by GitHub
parent b7221bec34
commit 5b9557aef5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 141 additions and 328 deletions
Download patch file Download diff file Expand all files Collapse all files

5
services/auth/auth.go
View file

@ -13,6 +13,7 @@ import (
"code.gitea.io/gitea/models/db"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/auth/webauthn"
gitea_context "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/session"
"code.gitea.io/gitea/modules/setting"
@ -91,5 +92,7 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
middleware.SetLocaleCookie(resp, user.Language, 0)
// Clear whatever CSRF has right now, force to generate a new one
middleware.DeleteCSRFCookie(resp)
if ctx := gitea_context.GetContext(req); ctx != nil {
ctx.Csrf.DeleteCookie(ctx)
}
}

16
services/auth/sspi_windows.go
View file

@ -13,9 +13,9 @@ import (
"code.gitea.io/gitea/models/avatars"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
gitea_context "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/templates"
"code.gitea.io/gitea/modules/util"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/services/auth/source/sspi"
@ -46,9 +46,7 @@ var (
// via the built-in SSPI module in Windows for SPNEGO authentication.
// On successful authentication returns a valid user object.
// Returns nil if authentication fails.
type SSPI struct {
rnd *templates.HTMLRender
}
type SSPI struct{}
// Init creates a new global websspi.Authenticator object
func (s *SSPI) Init(ctx context.Context) error {
@ -58,7 +56,6 @@ func (s *SSPI) Init(ctx context.Context) error {
if err != nil {
return err
}
_, s.rnd = templates.HTMLRenderer(ctx)
return nil
}
@ -101,12 +98,9 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore,
}
store.GetData()["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn
store.GetData()["EnableSSPI"] = true
err := s.rnd.HTML(w, http.StatusUnauthorized, string(tplSignIn), templates.BaseVars().Merge(store.GetData()))
if err != nil {
log.Error("%v", err)
}
// in this case, the store is Gitea's web Context
// FIXME: it doesn't look good to render the page here, why not redirect?
store.(*gitea_context.Context).HTML(http.StatusUnauthorized, tplSignIn)
return nil, err
}
if outToken != "" {