mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-24 13:09:23 -05:00
17c5c654a5
* Prevent double-login for Git HTTP and LFS and simplify login There are a number of inconsistencies with our current methods for logging in for git and lfs. The first is that there is a double login process. This is particularly evident in 1.13 where there are no less than 4 hash checks for basic authentication due to the previous IsPasswordSet behaviour. This duplicated code had individual inconsistencies that were not helpful and caused confusion. This PR does the following: * Remove the specific login code from the git and lfs handlers except for the lfs special bearer token * Simplify the meaning of DisableBasicAuthentication to allow Token and Oauth2 sign-in. * The removal of the specific code from git and lfs means that these both now have the same login semantics and can - if not DisableBasicAuthentication - login from external services. Further it allows Oauth2 token authentication as per our standard mechanisms. * The change in the recovery handler prevents the service from re-attempting to login - primarily because this could easily cause a further panic and it is wasteful. * add test Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
124 lines
2.7 KiB
Go
124 lines
2.7 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package sso
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
func Test_isGitOrLFSPath(t *testing.T) {
|
|
|
|
tests := []struct {
|
|
path string
|
|
|
|
want bool
|
|
}{
|
|
{
|
|
"/owner/repo/git-upload-pack",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/git-receive-pack",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/info/refs",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/HEAD",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/info/alternates",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/info/http-alternates",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/info/packs",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/info/blahahsdhsdkla",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/01/23456789abcdef0123456789abcdef01234567",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/pack/pack-123456789012345678921234567893124567894.pack",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/objects/pack/pack-0123456789abcdef0123456789abcdef0123456.idx",
|
|
true,
|
|
},
|
|
{
|
|
"/owner/repo/stars",
|
|
false,
|
|
},
|
|
{
|
|
"/notowner",
|
|
false,
|
|
},
|
|
{
|
|
"/owner/repo",
|
|
false,
|
|
},
|
|
{
|
|
"/owner/repo/commit/123456789012345678921234567893124567894",
|
|
false,
|
|
},
|
|
}
|
|
lfsTests := []string{
|
|
"/owner/repo/info/lfs/",
|
|
"/owner/repo/info/lfs/objects/batch",
|
|
"/owner/repo/info/lfs/objects/oid/filename",
|
|
"/owner/repo/info/lfs/objects/oid",
|
|
"/owner/repo/info/lfs/objects",
|
|
"/owner/repo/info/lfs/verify",
|
|
"/owner/repo/info/lfs/locks",
|
|
"/owner/repo/info/lfs/locks/verify",
|
|
"/owner/repo/info/lfs/locks/123/unlock",
|
|
}
|
|
|
|
origLFSStartServer := setting.LFS.StartServer
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.path, func(t *testing.T) {
|
|
req, _ := http.NewRequest("POST", "http://localhost"+tt.path, nil)
|
|
setting.LFS.StartServer = false
|
|
if got := isGitOrLFSPath(req); got != tt.want {
|
|
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
|
}
|
|
setting.LFS.StartServer = true
|
|
if got := isGitOrLFSPath(req); got != tt.want {
|
|
t.Errorf("isGitOrLFSPath() = %v, want %v", got, tt.want)
|
|
}
|
|
})
|
|
}
|
|
for _, tt := range lfsTests {
|
|
t.Run(tt, func(t *testing.T) {
|
|
req, _ := http.NewRequest("POST", tt, nil)
|
|
setting.LFS.StartServer = false
|
|
if got := isGitOrLFSPath(req); got != setting.LFS.StartServer {
|
|
t.Errorf("isGitOrLFSPath(%q) = %v, want %v, %v", tt, got, setting.LFS.StartServer, gitPathRe.MatchString(tt))
|
|
}
|
|
setting.LFS.StartServer = true
|
|
if got := isGitOrLFSPath(req); got != setting.LFS.StartServer {
|
|
t.Errorf("isGitOrLFSPath(%q) = %v, want %v", tt, got, setting.LFS.StartServer)
|
|
}
|
|
})
|
|
}
|
|
setting.LFS.StartServer = origLFSStartServer
|
|
}
|