mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-09-20 17:55:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

fix: require password login for creation of new token (#9070)

Browse source 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9070
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
This commit is contained in:
Earl Warren 2025-08-30 13:12:54 +02:00
commit c064ce4ad0
3 changed files with 87 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
routers/api/v1/api.go
View file

@ -414,8 +414,11 @@ func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
if ctx.IsSigned && setting.Service.EnableReverseProxyAuthAPI && ctx.Data["AuthedMethod"].(string) == auth.ReverseProxyMethodName {
return
}
if !ctx.IsBasicAuth {
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth required")
// Require basic authorization method to be used and that basic
// authorization used password login to verify the user.
if passwordLogin, ok := ctx.Data["IsPasswordLogin"].(bool); !ok || !passwordLogin {
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth method not allowed")
return
}
}