[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP
(cherry picked from commit 7b0549cd70aa7cafec853e15b25270847c59850b) (cherry picked from commit 13e10a65d974c7b594681bfa36402a6144862116) (cherry picked from commit 89982e6c4a7f9cf7024b2db3ed14b2b79db29064) (cherry picked from commit a4acf6343d9f5c6dedeb261c524cd7ac5ae1b3c1) (cherry picked from commit 9886aec9f8b09b58c73c55598a2017417a51843d) (cherry picked from commit 1ee9bd7549eaa094f5cfa9636a89d8f13766ccc8) (cherry picked from commit f343cf5597d666f937c582677f4d62ac2137dc4e) (cherry picked from commit eaca81faf4c0fcde024e23ae0eedac6cb091378b)
This commit is contained in:
parent
a83a971cdf
commit
480f8528f3
|
@ -188,13 +188,20 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
|||
}
|
||||
}
|
||||
|
||||
func getOtpHeader(header http.Header) string {
|
||||
otpHeader := header.Get("X-Gitea-OTP")
|
||||
if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
|
||||
otpHeader = forgejoHeader
|
||||
}
|
||||
return otpHeader
|
||||
}
|
||||
|
||||
// CheckForOTP validates OTP
|
||||
func (ctx *APIContext) CheckForOTP() {
|
||||
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
|
||||
return // Skip 2FA
|
||||
}
|
||||
|
||||
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
|
||||
twofa, err := auth.GetTwoFactorByUID(ctx.Context.Doer.ID)
|
||||
if err != nil {
|
||||
if auth.IsErrTwoFactorNotEnrolled(err) {
|
||||
|
@ -203,7 +210,7 @@ func (ctx *APIContext) CheckForOTP() {
|
|||
ctx.Context.Error(http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
ok, err := twofa.ValidateTOTP(otpHeader)
|
||||
ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header))
|
||||
if err != nil {
|
||||
ctx.Context.Error(http.StatusInternalServerError)
|
||||
return
|
||||
|
|
23
modules/context/api_forgejo_test.go
Normal file
23
modules/context/api_forgejo_test.go
Normal file
|
@ -0,0 +1,23 @@
|
|||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package context
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestGetOtpHeader(t *testing.T) {
|
||||
header := http.Header{}
|
||||
assert.EqualValues(t, "", getOtpHeader(header))
|
||||
// Gitea
|
||||
giteaOtp := "123456"
|
||||
header.Set("X-Gitea-OTP", giteaOtp)
|
||||
assert.EqualValues(t, giteaOtp, getOtpHeader(header))
|
||||
// Forgejo has precedence
|
||||
forgejoOtp := "abcdef"
|
||||
header.Set("X-Forgejo-OTP", forgejoOtp)
|
||||
assert.EqualValues(t, forgejoOtp, getOtpHeader(header))
|
||||
}
|
|
@ -56,7 +56,7 @@
|
|||
// description: Sudo API request as the user provided as the key. Admin privileges are required.
|
||||
// TOTPHeader:
|
||||
// type: apiKey
|
||||
// name: X-GITEA-OTP
|
||||
// name: X-FORGEJO-OTP
|
||||
// in: header
|
||||
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
|
||||
//
|
||||
|
|
|
@ -21018,7 +21018,7 @@
|
|||
"TOTPHeader": {
|
||||
"description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.",
|
||||
"type": "apiKey",
|
||||
"name": "X-GITEA-OTP",
|
||||
"name": "X-FORGEJO-OTP",
|
||||
"in": "header"
|
||||
},
|
||||
"Token": {
|
||||
|
|
Loading…
Reference in a new issue