web/forgejo
10
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP

Browse source
This commit is contained in:
Loïc Dachary 2023-02-24 14:24:29 +01:00
parent 5fd513daf8
commit 7b0549cd70
No known key found for this signature in database
GPG key ID: 992D23B392F9E4F2
4 changed files with 34 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/context/api.go
View file

@ -188,13 +188,20 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
}
}
func getOtpHeader(header http.Header) string {
otpHeader := header.Get("X-Gitea-OTP")
if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
otpHeader = forgejoHeader
}
return otpHeader
}
// CheckForOTP validates OTP
func (ctx *APIContext) CheckForOTP() {
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
return // Skip 2FA
}
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
twofa, err := auth.GetTwoFactorByUID(ctx.Context.Doer.ID)
if err != nil {
if auth.IsErrTwoFactorNotEnrolled(err) {
@ -203,7 +210,7 @@ func (ctx *APIContext) CheckForOTP() {
ctx.Context.Error(http.StatusInternalServerError)
return
}
ok, err := twofa.ValidateTOTP(otpHeader)
ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header))
if err != nil {
ctx.Context.Error(http.StatusInternalServerError)
return