Browse Source

cookie: enhance cookie security (#3525)

pull/4122/head
Unknwon 8 years ago
parent
commit
4c5255f5ad
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
  1. 1
      conf/app.ini
  2. 4
      modules/bindata/bindata.go
  3. 2
      modules/setting/setting.go
  4. 4
      routers/user/auth.go

1
conf/app.ini

@ -154,6 +154,7 @@ SECRET_KEY = !#@FDEWREWR&*(
LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gogs_awesome
COOKIE_REMEMBER_NAME = gogs_incredible
COOKIE_SECURE = false
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER

4
modules/bindata/bindata.go

File diff suppressed because one or more lines are too long

2
modules/setting/setting.go

@ -98,6 +98,7 @@ var (
LogInRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
// Database settings
@ -466,6 +467,7 @@ func NewContext() {
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
CookieUserName = sec.Key("COOKIE_USERNAME").String()
CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
sec = Cfg.Section("attachment")

4
routers/user/auth.go

@ -123,8 +123,8 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
if form.Remember {
days := 86400 * setting.LogInRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
}
ctx.Session.Set("uid", u.ID)

Loading…
Cancel
Save