@ -24,6 +24,7 @@ import (
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
"code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/modules/web/middleware"
"code.gitea.io/gitea/routers/utils"
"code.gitea.io/gitea/services/externalaccount"
"code.gitea.io/gitea/services/mailer"
@ -64,8 +65,8 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
defer func ( ) {
if ! isSucceed {
log . Trace ( "auto-login cookie cleared: %s" , uname )
ctx . Set Cookie( setting . CookieUserName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , tru e )
ctx . Set Cookie( setting . CookieRememberName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , tru e )
ctx . Delete Cookie( setting . CookieUserName )
ctx . Delete Cookie( setting . CookieRememberName )
}
} ( )
@ -95,7 +96,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
return false , err
}
ctx . SetCookie ( setting . CSRFCookieName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
middleware . DeleteCSRFCookie ( ctx . Resp )
return true , nil
}
@ -109,13 +110,13 @@ func checkAutoLogin(ctx *context.Context) bool {
redirectTo := ctx . Query ( "redirect_to" )
if len ( redirectTo ) > 0 {
ctx . SetCookie ( "redirect_to" , redirectTo , 0 , setting . AppSubURL , "" , setting . SessionConfig . Secure , true )
middleware . SetRedirectToCookie ( ctx . Resp , redirectTo )
} else {
redirectTo = ctx . GetCookie ( "redirect_to" )
}
if isSucceed {
ctx . SetCookie ( "redirect_to" , "" , - 1 , setting . AppSubURL , "" , setting . SessionConfig . Secure , true )
middleware . DeleteRedirectToCookie ( ctx . Resp )
ctx . RedirectToFirst ( redirectTo , setting . AppSubURL + string ( setting . LandingPageURL ) )
return true
}
@ -497,9 +498,9 @@ func handleSignIn(ctx *context.Context, u *models.User, remember bool) {
func handleSignInFull ( ctx * context . Context , u * models . User , remember bool , obeyRedirect bool ) string {
if remember {
days := 86400 * setting . LogInRememberDays
ctx . SetCookie ( setting . CookieUserName , u . Name , days , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
ctx . SetCookie ( setting . CookieUserName , u . Name , days )
ctx . SetSuperSecureCookie ( base . EncodeMD5 ( u . Rands + u . Passwd ) ,
setting . CookieRememberName , u . Name , days , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
setting . CookieRememberName , u . Name , days )
}
_ = ctx . Session . Delete ( "openid_verified_uri" )
@ -530,10 +531,10 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR
}
}
ctx . SetCookie ( "lang" , u . Language , nil , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
middleware . SetLocale Cookie ( ctx . Resp , u . Language , 0 )
// Clear whatever CSRF has right now, force to generate a new one
ctx . SetCookie ( setting . CSRFCookieName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
middleware . DeleteCSRFCookie ( ctx . Resp )
// Register last login
u . SetLastLogin ( )
@ -543,7 +544,7 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR
}
if redirectTo := ctx . GetCookie ( "redirect_to" ) ; len ( redirectTo ) > 0 && ! utils . IsExternalURL ( redirectTo ) {
ctx . SetCookie ( "redirect_to" , "" , - 1 , setting . AppSubURL , "" , setting . SessionConfig . Secure , true )
middleware . DeleteRedirectToCookie ( ctx . Resp )
if obeyRedirect {
ctx . RedirectToFirst ( redirectTo )
}
@ -649,7 +650,7 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context
}
// Clear whatever CSRF has right now, force to generate a new one
ctx . SetCookie ( setting . CSRFCookieName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
middleware . DeleteCSRFCookie ( ctx . Resp )
// Register last login
u . SetLastLogin ( )
@ -664,7 +665,7 @@ func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context
}
if redirectTo := ctx . GetCookie ( "redirect_to" ) ; len ( redirectTo ) > 0 {
ctx . SetCookie ( "redirect_to" , "" , - 1 , setting . AppSubURL , "" , setting . SessionConfig . Secure , true )
middleware . DeleteRedirectToCookie ( ctx . Resp )
ctx . RedirectToFirst ( redirectTo )
return
}
@ -1042,11 +1043,11 @@ func LinkAccountPostRegister(ctx *context.Context) {
func HandleSignOut ( ctx * context . Context ) {
_ = ctx . Session . Flush ( )
_ = ctx . Session . Destroy ( ctx . Resp , ctx . Req )
ctx . Set Cookie( setting . CookieUserName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , tru e )
ctx . Set Cookie( setting . CookieRememberName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , tru e )
ctx . SetCookie ( setting . CSRFCookieName , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true )
ctx . SetCookie ( "lang" , "" , - 1 , setting . AppSubURL , setting . SessionConfig . Domain , setting . SessionConfig . Secure , true ) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
ctx . SetCookie ( "redirect_to" , "" , - 1 , setting . AppSubURL ) // logout default should set redirect to to default
ctx . Delete Cookie( setting . CookieUserName )
ctx . Delete Cookie( setting . CookieRememberName )
middleware . DeleteCSRFCookie ( ctx . Resp )
middleware . DeleteLocaleCookie ( ctx . Resp )
middleware . DeleteRedirectToCookie ( ctx . Resp )
}
// SignOut sign out from login status
@ -1623,7 +1624,7 @@ func MustChangePasswordPost(ctx *context.Context) {
log . Trace ( "User updated password: %s" , u . Name )
if redirectTo := ctx . GetCookie ( "redirect_to" ) ; len ( redirectTo ) > 0 && ! utils . IsExternalURL ( redirectTo ) {
ctx . SetCookie ( "redirect_to" , "" , - 1 , setting . AppSubURL )
middleware . DeleteRedirectToCookie ( ctx . Resp )
ctx . RedirectToFirst ( redirectTo )
return
}