Skip SSPI authentication attempts for /api/internal (#12556)

* Skip SSPI authentication attempts for /api/internal

SSPI fails badly on authentication attempts to /api/internal which
it can never succesfully authenticate.

Fix #11260

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update oauth2.go

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
tokarchuk/v1.17
zeripath 4 years ago committed by GitHub
parent d4e35b9dc6
commit b78448e94e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      modules/auth/sso/oauth2.go
  2. 5
      modules/auth/sso/sso.go
  3. 2
      modules/auth/sso/sspi_windows.go

@ -121,7 +121,7 @@ func (o *OAuth2) VerifyAuthData(ctx *macaron.Context, sess session.Store) *model
return nil return nil
} }
if !isAPIPath(ctx) && !isAttachmentDownload(ctx) { if isInternalPath(ctx) || !isAPIPath(ctx) && !isAttachmentDownload(ctx) {
return nil return nil
} }

@ -100,6 +100,11 @@ func isAPIPath(ctx *macaron.Context) bool {
return strings.HasPrefix(ctx.Req.URL.Path, "/api/") return strings.HasPrefix(ctx.Req.URL.Path, "/api/")
} }
// isInternalPath returns true if the specified URL is an internal API path
func isInternalPath(ctx *macaron.Context) bool {
return strings.HasPrefix(ctx.Req.URL.Path, "/api/internal/")
}
// isAttachmentDownload check if request is a file download (GET) with URL to an attachment // isAttachmentDownload check if request is a file download (GET) with URL to an attachment
func isAttachmentDownload(ctx *macaron.Context) bool { func isAttachmentDownload(ctx *macaron.Context) bool {
return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET" return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET"

@ -148,6 +148,8 @@ func (s *SSPI) shouldAuthenticate(ctx *macaron.Context) (shouldAuth bool) {
} else if ctx.Req.FormValue("auth_with_sspi") == "1" { } else if ctx.Req.FormValue("auth_with_sspi") == "1" {
shouldAuth = true shouldAuth = true
} }
} else if isInternalPath(ctx) {
shouldAuth = false
} else if isAPIPath(ctx) || isAttachmentDownload(ctx) { } else if isAPIPath(ctx) || isAttachmentDownload(ctx) {
shouldAuth = true shouldAuth = true
} }

Loading…
Cancel
Save