Browse Source

setting: add login status cookie (#2885)

Added config options EnableLoginStatusCookie and LoginStatusCookieName under section '[security]'.
pull/4301/head
Unknwon 8 years ago
parent
commit
becaec19a7
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
  1. 3
      conf/app.ini
  2. 4
      modules/bindata/bindata.go
  3. 20
      modules/setting/setting.go
  4. 9
      routers/user/auth.go

3
conf/app.ini

@ -182,6 +182,9 @@ COOKIE_REMEMBER_NAME = gogs_incredible
COOKIE_SECURE = false
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
; Enable to set cookie to indicate user login status
ENABLE_LOGIN_STATUS_COOKIE = false
LOGIN_STATUS_COOKIE_NAME = login_status
[service]
ACTIVE_CODE_LIVE_MINUTES = 180

4
modules/bindata/bindata.go

File diff suppressed because one or more lines are too long

20
modules/setting/setting.go

@ -93,13 +93,15 @@ var (
}
// Security settings
InstallLock bool
SecretKey string
LogInRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
InstallLock bool
SecretKey string
LoginRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
EnableLoginStatusCookie bool
LoginStatusCookieName string
// Database settings
UseSQLite3 bool
@ -492,11 +494,13 @@ func NewContext() {
sec = Cfg.Section("security")
InstallLock = sec.Key("INSTALL_LOCK").MustBool()
SecretKey = sec.Key("SECRET_KEY").String()
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
LoginRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
CookieUserName = sec.Key("COOKIE_USERNAME").String()
CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
EnableLoginStatusCookie = sec.Key("ENABLE_LOGIN_STATUS_COOKIE").MustBool(false)
LoginStatusCookieName = sec.Key("LOGIN_STATUS_COOKIE_NAME").MustString("login_status")
sec = Cfg.Section("attachment")
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))

9
routers/user/auth.go

@ -45,6 +45,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
log.Trace("auto-login cookie cleared: %s", uname)
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.LoginStatusCookieName, "", -1, setting.AppSubUrl)
}
}()
@ -64,6 +65,9 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
ctx.Session.Set("uid", u.ID)
ctx.Session.Set("uname", u.Name)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
if setting.EnableLoginStatusCookie {
ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
}
return true, nil
}
@ -123,7 +127,7 @@ func SignInPost(ctx *context.Context, f form.SignIn) {
}
if f.Remember {
days := 86400 * setting.LogInRememberDays
days := 86400 * setting.LoginRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
}
@ -133,6 +137,9 @@ func SignInPost(ctx *context.Context, f form.SignIn) {
// Clear whatever CSRF has right now, force to generate a new one
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
if setting.EnableLoginStatusCookie {
ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
}
redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to"))
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)

Loading…
Cancel
Save