mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-25 08:59:31 -05:00
#1891 attempt to fix invalid csrf token
This commit is contained in:
parent
af8eccc02e
commit
b4f47a7623
7 changed files with 16 additions and 8 deletions
|
@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
|
||||||
|
|
||||||
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
|
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
|
||||||
|
|
||||||
##### Current version: 0.9.7
|
##### Current version: 0.9.8
|
||||||
|
|
||||||
| Web | UI | Preview |
|
| Web | UI | Preview |
|
||||||
|:-------------:|:-------:|:-------:|
|
|:-------------:|:-------:|:-------:|
|
||||||
|
|
|
@ -81,12 +81,12 @@ func checkVersion() {
|
||||||
{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.5.2.0304"},
|
{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.5.2.0304"},
|
||||||
{"github.com/go-macaron/binding", binding.Version, "0.2.1"},
|
{"github.com/go-macaron/binding", binding.Version, "0.2.1"},
|
||||||
{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
|
{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
|
||||||
{"github.com/go-macaron/csrf", csrf.Version, "0.0.5"},
|
{"github.com/go-macaron/csrf", csrf.Version, "0.1.0"},
|
||||||
{"github.com/go-macaron/i18n", i18n.Version, "0.2.0"},
|
{"github.com/go-macaron/i18n", i18n.Version, "0.2.0"},
|
||||||
{"github.com/go-macaron/session", session.Version, "0.1.6"},
|
{"github.com/go-macaron/session", session.Version, "0.1.6"},
|
||||||
{"github.com/go-macaron/toolbox", toolbox.Version, "0.1.0"},
|
{"github.com/go-macaron/toolbox", toolbox.Version, "0.1.0"},
|
||||||
{"gopkg.in/ini.v1", ini.Version, "1.8.4"},
|
{"gopkg.in/ini.v1", ini.Version, "1.8.4"},
|
||||||
{"gopkg.in/macaron.v1", macaron.Version, "1.1.1"},
|
{"gopkg.in/macaron.v1", macaron.Version, "1.1.2"},
|
||||||
{"github.com/gogits/git-module", git.Version, "0.2.9"},
|
{"github.com/gogits/git-module", git.Version, "0.2.9"},
|
||||||
{"github.com/gogits/go-gogs-client", gogs.Version, "0.7.3"},
|
{"github.com/gogits/go-gogs-client", gogs.Version, "0.7.3"},
|
||||||
}
|
}
|
||||||
|
@ -158,6 +158,7 @@ func newMacaron() *macaron.Macaron {
|
||||||
m.Use(session.Sessioner(setting.SessionConfig))
|
m.Use(session.Sessioner(setting.SessionConfig))
|
||||||
m.Use(csrf.Csrfer(csrf.Options{
|
m.Use(csrf.Csrfer(csrf.Options{
|
||||||
Secret: setting.SecretKey,
|
Secret: setting.SecretKey,
|
||||||
|
Cookie: setting.CSRFCookieName,
|
||||||
SetCookie: true,
|
SetCookie: true,
|
||||||
Header: "X-Csrf-Token",
|
Header: "X-Csrf-Token",
|
||||||
CookiePath: setting.AppSubUrl,
|
CookiePath: setting.AppSubUrl,
|
||||||
|
|
4
glide.lock
generated
4
glide.lock
generated
|
@ -17,7 +17,7 @@ imports:
|
||||||
- name: github.com/go-macaron/captcha
|
- name: github.com/go-macaron/captcha
|
||||||
version: 8aa5919789ab301e865595eb4b1114d6b9847deb
|
version: 8aa5919789ab301e865595eb4b1114d6b9847deb
|
||||||
- name: github.com/go-macaron/csrf
|
- name: github.com/go-macaron/csrf
|
||||||
version: 546646cf80d2feabea4e4098d2d824d5582f3416
|
version: 6a9a7df172cc1fcd81e4585f44b09200b6087cc0
|
||||||
- name: github.com/go-macaron/gzip
|
- name: github.com/go-macaron/gzip
|
||||||
version: cad1c6580a07c56f5f6bc52d66002a05985c5854
|
version: cad1c6580a07c56f5f6bc52d66002a05985c5854
|
||||||
- name: github.com/go-macaron/i18n
|
- name: github.com/go-macaron/i18n
|
||||||
|
@ -127,7 +127,7 @@ imports:
|
||||||
- name: gopkg.in/ldap.v2
|
- name: gopkg.in/ldap.v2
|
||||||
version: 07a7330929b9ee80495c88a4439657d89c7dbd87
|
version: 07a7330929b9ee80495c88a4439657d89c7dbd87
|
||||||
- name: gopkg.in/macaron.v1
|
- name: gopkg.in/macaron.v1
|
||||||
version: 7c9e5e5b8c1176ce95a6f41b4e1cd60a44f8839d
|
version: 53b60f3c7d9e575050852ada71ec2953e8d685ad
|
||||||
- name: gopkg.in/redis.v2
|
- name: gopkg.in/redis.v2
|
||||||
version: e6179049628164864e6e84e973cfb56335748dea
|
version: e6179049628164864e6e84e973cfb56335748dea
|
||||||
devImports: []
|
devImports: []
|
||||||
|
|
2
gogs.go
2
gogs.go
|
@ -17,7 +17,7 @@ import (
|
||||||
"github.com/gogits/gogs/modules/setting"
|
"github.com/gogits/gogs/modules/setting"
|
||||||
)
|
)
|
||||||
|
|
||||||
const APP_VER = "0.9.7.0312"
|
const APP_VER = "0.9.8.0312"
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
runtime.GOMAXPROCS(runtime.NumCPU())
|
runtime.GOMAXPROCS(runtime.NumCPU())
|
||||||
|
|
|
@ -157,6 +157,7 @@ var (
|
||||||
|
|
||||||
// Session settings
|
// Session settings
|
||||||
SessionConfig session.Options
|
SessionConfig session.Options
|
||||||
|
CSRFCookieName = "_csrf"
|
||||||
|
|
||||||
// Git settings
|
// Git settings
|
||||||
Git struct {
|
Git struct {
|
||||||
|
|
|
@ -63,6 +63,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
|
||||||
isSucceed = true
|
isSucceed = true
|
||||||
ctx.Session.Set("uid", u.Id)
|
ctx.Session.Set("uid", u.Id)
|
||||||
ctx.Session.Set("uname", u.Name)
|
ctx.Session.Set("uname", u.Name)
|
||||||
|
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -116,6 +117,10 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
|
||||||
|
|
||||||
ctx.Session.Set("uid", u.Id)
|
ctx.Session.Set("uid", u.Id)
|
||||||
ctx.Session.Set("uname", u.Name)
|
ctx.Session.Set("uname", u.Name)
|
||||||
|
|
||||||
|
// Clear whatever CSRF has right now, force to generate a new one
|
||||||
|
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
|
||||||
|
|
||||||
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
|
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
|
||||||
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
|
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
|
||||||
ctx.Redirect(redirectTo)
|
ctx.Redirect(redirectTo)
|
||||||
|
@ -133,6 +138,7 @@ func SignOut(ctx *context.Context) {
|
||||||
ctx.Session.Delete("socialEmail")
|
ctx.Session.Delete("socialEmail")
|
||||||
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
|
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
|
||||||
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
|
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
|
||||||
|
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
|
||||||
ctx.Redirect(setting.AppSubUrl + "/")
|
ctx.Redirect(setting.AppSubUrl + "/")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
0.9.7.0312
|
0.9.8.0312
|
Loading…
Reference in a new issue