17c5c654a5
* Prevent double-login for Git HTTP and LFS and simplify login There are a number of inconsistencies with our current methods for logging in for git and lfs. The first is that there is a double login process. This is particularly evident in 1.13 where there are no less than 4 hash checks for basic authentication due to the previous IsPasswordSet behaviour. This duplicated code had individual inconsistencies that were not helpful and caused confusion. This PR does the following: * Remove the specific login code from the git and lfs handlers except for the lfs special bearer token * Simplify the meaning of DisableBasicAuthentication to allow Token and Oauth2 sign-in. * The removal of the specific code from git and lfs means that these both now have the same login semantics and can - if not DisableBasicAuthentication - login from external services. Further it allows Oauth2 token authentication as per our standard mechanisms. * The change in the recovery handler prevents the service from re-attempting to login - primarily because this could easily cause a further panic and it is wasteful. * add test Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net> |
||
---|---|---|
.. | ||
activity.go | ||
attachment.go | ||
blame.go | ||
branch.go | ||
commit.go | ||
compare.go | ||
download.go | ||
editor_test.go | ||
editor.go | ||
http.go | ||
issue_dependency.go | ||
issue_label_test.go | ||
issue_label.go | ||
issue_lock.go | ||
issue_stopwatch.go | ||
issue_test.go | ||
issue_timetrack.go | ||
issue_watch.go | ||
issue.go | ||
lfs.go | ||
main_test.go | ||
middlewares.go | ||
migrate.go | ||
milestone.go | ||
projects_test.go | ||
projects.go | ||
pull_review.go | ||
pull.go | ||
release_test.go | ||
release.go | ||
repo.go | ||
search.go | ||
setting_protected_branch.go | ||
setting.go | ||
settings_test.go | ||
topic.go | ||
view.go | ||
webhook.go | ||
wiki_test.go | ||
wiki.go |