setting: add login status cookie (#2885)

Added config options EnableLoginStatusCookie and LoginStatusCookieName under section '[security]'.
8 years ago · becaec19a7
4 changed files with 25 additions and 11 deletions
--- a/conf/app.ini
+++ b/conf/app.ini
@ -182,6 +182,9 @@ COOKIE_REMEMBER_NAME = gogs_incredible
 COOKIE_SECURE = false
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Enable to set cookie to indicate user login status
+ENABLE_LOGIN_STATUS_COOKIE = false
+LOGIN_STATUS_COOKIE_NAME = login_status

 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180
--- a/modules/bindata/bindata.go
+++ b/modules/bindata/bindata.go
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@ -95,11 +95,13 @@ var (
 	// Security settings
 	InstallLock             bool
 	SecretKey               string
-	LogInRememberDays    int
+	LoginRememberDays       int
 	CookieUserName          string
 	CookieRememberName      string
 	CookieSecure            bool
 	ReverseProxyAuthUser    string
+	EnableLoginStatusCookie bool
+	LoginStatusCookieName   string

 	// Database settings
 	UseSQLite3    bool
@ -492,11 +494,13 @@ func NewContext() {
 	sec = Cfg.Section("security")
 	InstallLock = sec.Key("INSTALL_LOCK").MustBool()
 	SecretKey = sec.Key("SECRET_KEY").String()
-	LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
+	LoginRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
 	CookieUserName = sec.Key("COOKIE_USERNAME").String()
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
 	CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
+	EnableLoginStatusCookie = sec.Key("ENABLE_LOGIN_STATUS_COOKIE").MustBool(false)
+	LoginStatusCookieName = sec.Key("LOGIN_STATUS_COOKIE_NAME").MustString("login_status")

 	sec = Cfg.Section("attachment")
 	AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@ -45,6 +45,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 			log.Trace("auto-login cookie cleared: %s", uname)
 			ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
 			ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
+			ctx.SetCookie(setting.LoginStatusCookieName, "", -1, setting.AppSubUrl)
 		}
 	}()

@ -64,6 +65,9 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
 	ctx.Session.Set("uid", u.ID)
 	ctx.Session.Set("uname", u.Name)
 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
+	if setting.EnableLoginStatusCookie {
+		ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
+	}
 	return true, nil
 }

@ -123,7 +127,7 @@ func SignInPost(ctx *context.Context, f form.SignIn) {
 	}

 	if f.Remember {
-		days := 86400 * setting.LogInRememberDays
+		days := 86400 * setting.LoginRememberDays
 		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 	}
@ -133,6 +137,9 @@ func SignInPost(ctx *context.Context, f form.SignIn) {

 	// Clear whatever CSRF has right now, force to generate a new one
 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
+	if setting.EnableLoginStatusCookie {
+		ctx.SetCookie(setting.LoginStatusCookieName, "true", 0, setting.AppSubUrl)
+	}

 	redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to"))
 	ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)