mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-10-23 18:42:26 +00:00
17c5c654a5* Prevent double-login for Git HTTP and LFS and simplify login There are a number of inconsistencies with our current methods for logging in for git and lfs. The first is that there is a double login process. This is particularly evident in 1.13 where there are no less than 4 hash checks for basic authentication due to the previous IsPasswordSet behaviour. This duplicated code had individual inconsistencies that were not helpful and caused confusion. This PR does the following: * Remove the specific login code from the git and lfs handlers except for the lfs special bearer token * Simplify the meaning of DisableBasicAuthentication to allow Token and Oauth2 sign-in. * The removal of the specific code from git and lfs means that these both now have the same login semantics and can - if not DisableBasicAuthentication - login from external services. Further it allows Oauth2 token authentication as per our standard mechanisms. * The change in the recovery handler prevents the service from re-attempting to login - primarily because this could easily cause a further panic and it is wasteful. * add test Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> |
||
|---|---|---|
| .. | ||
| access_log.go | ||
| api.go | ||
| api_org.go | ||
| api_test.go | ||
| auth.go | ||
| captcha.go | ||
| context.go | ||
| csrf.go | ||
| form.go | ||
| org.go | ||
| pagination.go | ||
| permission.go | ||
| private.go | ||
| repo.go | ||
| response.go | ||
| xsrf.go | ||
| xsrf_test.go | ||