third_party
/
gitea
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)

Browse Source 
Backport #21669

Fix https://github.com/go-gitea/gitea/issues/21666
Caused by https://github.com/go-gitea/gitea/pull/19663

Before: when install, the INTERNAL_TOKEN was always generated and saved.
But the internal token may be already there by INTERNAL_TOKEN_URI

After: INTERNAL_TOKEN_URI file must be non-empty. When install, skip
internal token generation if the token exists.
tokarchuk/v1.18
wxiaoguang 2 years ago committed by GitHub
parent 3a0d000b94
commit 89d52922d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      modules/setting/setting.go
  2. 14
      routers/install/install.go

12
modules/setting/setting.go
Unescape View File

@ -1156,6 +1156,8 @@ func parseAuthorizedPrincipalsAllow(values []string) ([]string, bool) {
return authorizedPrincipalsAllow, true return authorizedPrincipalsAllow, true
} }
// loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
// If the secret is loaded from uriKey (file), the file should be non-empty, to guarantee the behavior stable and clear.
func loadSecret(sec *ini.Section, uriKey, verbatimKey string) string { func loadSecret(sec *ini.Section, uriKey, verbatimKey string) string {
// don't allow setting both URI and verbatim string // don't allow setting both URI and verbatim string
uri := sec.Key(uriKey).String() uri := sec.Key(uriKey).String()
@ -1179,7 +1181,15 @@ func loadSecret(sec *ini.Section, uriKey, verbatimKey string) string {
if err != nil { if err != nil {
log.Fatal("Failed to read %s (%s): %v", uriKey, tempURI.RequestURI(), err) log.Fatal("Failed to read %s (%s): %v", uriKey, tempURI.RequestURI(), err)
} }
return strings.TrimSpace(string(buf)) val := strings.TrimSpace(string(buf))
if val == "" {
// The file shouldn't be empty, otherwise we can not know whether the user has ever set the KEY or KEY_URI
// For example: if INTERNAL_TOKEN_URI=file:///empty-file,
// Then if the token is re-generated during installation and saved to INTERNAL_TOKEN
// Then INTERNAL_TOKEN and INTERNAL_TOKEN_URI both exist, that's a fatal error (they shouldn't)
log.Fatal("Failed to read %s (%s): the file is empty", uriKey, tempURI.RequestURI())
}
return val
// only file URIs are allowed // only file URIs are allowed
default: default:

14
routers/install/install.go
Unescape View File

@ -473,12 +473,16 @@ func SubmitInstall(ctx *context.Context) {
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true") cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
var internalToken string // the internal token could be read from INTERNAL_TOKEN or INTERNAL_TOKEN_URI (the file is guaranteed to be non-empty)
if internalToken, err = generate.NewInternalToken(); err != nil { // if there is no InternalToken, generate one and save to security.INTERNAL_TOKEN
ctx.RenderWithErr(ctx.Tr("install.internal_token_failed", err), tplInstall, &form) if setting.InternalToken == "" {
return var internalToken string
if internalToken, err = generate.NewInternalToken(); err != nil {
ctx.RenderWithErr(ctx.Tr("install.internal_token_failed", err), tplInstall, &form)
return
}
cfg.Section("security").Key("INTERNAL_TOKEN").SetValue(internalToken)
} }
cfg.Section("security").Key("INTERNAL_TOKEN").SetValue(internalToken)
// if there is already a SECRET_KEY, we should not overwrite it, otherwise the encrypted data will not be able to be decrypted // if there is already a SECRET_KEY, we should not overwrite it, otherwise the encrypted data will not be able to be decrypted
if setting.SecretKey == "" { if setting.SecretKey == "" {

Write Preview
Loading…
Cancel
Save