playground
/
gogs
mirror of https://github.com/gogits/gogs.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

setting: add login status cookie (#2885) 

Added config options EnableLoginStatusCookie and LoginStatusCookieName under section '[security]'.
pull/4301/head
Unknwon 8 years ago
parent
bc630cc52b
commit
becaec19a7
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
4 changed files with 25 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      conf/app.ini
  2. 4
      modules/bindata/bindata.go
  3. 20
      modules/setting/setting.go
  4. 9
      routers/user/auth.go

3
conf/app.ini
Unescape View File

@ -182,6 +182,9 @@ COOKIE_REMEMBER_NAME = gogs_incredible
COOKIE_SECURE = false
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
; Enable to set cookie to indicate user login status
ENABLE_LOGIN_STATUS_COOKIE = false
LOGIN_STATUS_COOKIE_NAME = login_status
[service]
ACTIVE_CODE_LIVE_MINUTES = 180

4
modules/bindata/bindata.go
View File

File diff suppressed because one or more lines are too long

20
modules/setting/setting.go
Unescape View File

@ -93,13 +93,15 @@ var (
}
// Security settings
InstallLock bool
SecretKey string
LogInRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
InstallLock bool
SecretKey string
LoginRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
EnableLoginStatusCookie bool
LoginStatusCookieName string
// Database settings
UseSQLite3 bool
@ -492,11 +494,13 @@ func NewContext() {
sec = Cfg.Section("security")
InstallLock = sec.Key("INSTALL_LOCK").MustBool()
SecretKey = sec.Key("SECRET_KEY").String()
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
LoginRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
CookieUserName = sec.Key("COOKIE_USERNAME").String()
CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
EnableLoginStatusCookie = sec.Key("ENABLE_LOGIN_STATUS_COOKIE").MustBool(false)
LoginStatusCookieName = sec.Key("LOGIN_STATUS_COOKIE_NAME").MustString("login_status")
sec = Cfg.Section("attachment")
AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))

9
routers/user/auth.go
Unescape View File

@ -45,6 +45,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
log.Trace("auto-login cookie cleared: %s", uname)
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.LoginStatusCookieName, "", -1, setting.AppSubUrl)
}
}()
@ -64,6 +65,9 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
ctx.Session.Set("uid", u.ID)
ctx.Session.Set("uname", u.Name)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
if setting.EnableLoginStatusCookie {
ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
}
return true, nil
}
@ -123,7 +127,7 @@ func SignInPost(ctx *context.Context, f form.SignIn) {
}
if f.Remember {
days := 86400 * setting.LogInRememberDays
days := 86400 * setting.LoginRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
}
@ -133,6 +137,9 @@ func SignInPost(ctx *context.Context, f form.SignIn) {
// Clear whatever CSRF has right now, force to generate a new one
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
if setting.EnableLoginStatusCookie {
ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
}
redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to"))
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)

Write Preview
Loading…
Cancel
Save