[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP
(cherry picked from commit7b0549cd70
) (cherry picked from commit13e10a65d9
) (cherry picked from commit89982e6c4a
)
This commit is contained in:
parent
b2f37f092f
commit
a4acf6343d
|
@ -188,13 +188,20 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getOtpHeader(header http.Header) string {
|
||||||
|
otpHeader := header.Get("X-Gitea-OTP")
|
||||||
|
if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
|
||||||
|
otpHeader = forgejoHeader
|
||||||
|
}
|
||||||
|
return otpHeader
|
||||||
|
}
|
||||||
|
|
||||||
// CheckForOTP validates OTP
|
// CheckForOTP validates OTP
|
||||||
func (ctx *APIContext) CheckForOTP() {
|
func (ctx *APIContext) CheckForOTP() {
|
||||||
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
|
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
|
||||||
return // Skip 2FA
|
return // Skip 2FA
|
||||||
}
|
}
|
||||||
|
|
||||||
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
|
|
||||||
twofa, err := auth.GetTwoFactorByUID(ctx.Context.Doer.ID)
|
twofa, err := auth.GetTwoFactorByUID(ctx.Context.Doer.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if auth.IsErrTwoFactorNotEnrolled(err) {
|
if auth.IsErrTwoFactorNotEnrolled(err) {
|
||||||
|
@ -203,7 +210,7 @@ func (ctx *APIContext) CheckForOTP() {
|
||||||
ctx.Context.Error(http.StatusInternalServerError)
|
ctx.Context.Error(http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ok, err := twofa.ValidateTOTP(otpHeader)
|
ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ctx.Context.Error(http.StatusInternalServerError)
|
ctx.Context.Error(http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
// SPDX-License-Identifier: MIT
|
||||||
|
|
||||||
|
package context
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestGetOtpHeader(t *testing.T) {
|
||||||
|
header := http.Header{}
|
||||||
|
assert.EqualValues(t, "", getOtpHeader(header))
|
||||||
|
// Gitea
|
||||||
|
giteaOtp := "123456"
|
||||||
|
header.Set("X-Gitea-OTP", giteaOtp)
|
||||||
|
assert.EqualValues(t, giteaOtp, getOtpHeader(header))
|
||||||
|
// Forgejo has precedence
|
||||||
|
forgejoOtp := "abcdef"
|
||||||
|
header.Set("X-Forgejo-OTP", forgejoOtp)
|
||||||
|
assert.EqualValues(t, forgejoOtp, getOtpHeader(header))
|
||||||
|
}
|
|
@ -56,7 +56,7 @@
|
||||||
// description: Sudo API request as the user provided as the key. Admin privileges are required.
|
// description: Sudo API request as the user provided as the key. Admin privileges are required.
|
||||||
// TOTPHeader:
|
// TOTPHeader:
|
||||||
// type: apiKey
|
// type: apiKey
|
||||||
// name: X-GITEA-OTP
|
// name: X-FORGEJO-OTP
|
||||||
// in: header
|
// in: header
|
||||||
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
|
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
|
||||||
//
|
//
|
||||||
|
|
|
@ -21020,7 +21020,7 @@
|
||||||
"TOTPHeader": {
|
"TOTPHeader": {
|
||||||
"description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.",
|
"description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.",
|
||||||
"type": "apiKey",
|
"type": "apiKey",
|
||||||
"name": "X-GITEA-OTP",
|
"name": "X-FORGEJO-OTP",
|
||||||
"in": "header"
|
"in": "header"
|
||||||
},
|
},
|
||||||
"Token": {
|
"Token": {
|
||||||
|
|
Loading…
Reference in New Issue