mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-28 09:21:13 -05:00
Move reverproxyauth before session so the header will not be ignored even if user has login (#27821) (#30948)
Backport #27821 by @lunny When a user logout and then login another user, the reverseproxy auth should be checked before session otherwise the old user is still login. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> (cherry picked from commit 14dc00ae01c35ad51a3982a5725777bbeabe2b78)
This commit is contained in:
parent
10a9b6b806
commit
56642554d1
1 changed files with 6 additions and 6 deletions
|
@ -98,14 +98,14 @@ func optionsCorsHandler() func(next http.Handler) http.Handler {
|
||||||
// The Session plugin is expected to be executed second, in order to skip authentication
|
// The Session plugin is expected to be executed second, in order to skip authentication
|
||||||
// for users that have already signed in.
|
// for users that have already signed in.
|
||||||
func buildAuthGroup() *auth_service.Group {
|
func buildAuthGroup() *auth_service.Group {
|
||||||
group := auth_service.NewGroup(
|
group := auth_service.NewGroup()
|
||||||
&auth_service.OAuth2{}, // FIXME: this should be removed and only applied in download and oauth related routers
|
group.Add(&auth_service.OAuth2{}) // FIXME: this should be removed and only applied in download and oauth related routers
|
||||||
&auth_service.Basic{}, // FIXME: this should be removed and only applied in download and git/lfs routers
|
group.Add(&auth_service.Basic{}) // FIXME: this should be removed and only applied in download and git/lfs routers
|
||||||
&auth_service.Session{},
|
|
||||||
)
|
|
||||||
if setting.Service.EnableReverseProxyAuth {
|
if setting.Service.EnableReverseProxyAuth {
|
||||||
group.Add(&auth_service.ReverseProxy{})
|
group.Add(&auth_service.ReverseProxy{}) // reverseproxy should before Session, otherwise the header will be ignored if user has login
|
||||||
}
|
}
|
||||||
|
group.Add(&auth_service.Session{})
|
||||||
|
|
||||||
if setting.IsWindows && auth_model.IsSSPIEnabled(db.DefaultContext) {
|
if setting.IsWindows && auth_model.IsSSPIEnabled(db.DefaultContext) {
|
||||||
group.Add(&auth_service.SSPI{}) // it MUST be the last, see the comment of SSPI
|
group.Add(&auth_service.SSPI{}) // it MUST be the last, see the comment of SSPI
|
||||||
|
|
Loading…
Reference in a new issue