[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP
(cherry picked from commit7b0549cd70
) (cherry picked from commit13e10a65d9
) (cherry picked from commit65bdd73cf2
) (cherry picked from commit64eba8bb92
) (cherry picked from commit4c49b1a759
) (cherry picked from commit93b4d06406
) (cherry picked from commite2bc5f36d9
) (cherry picked from commit2bee76f9df
) (cherry picked from commit3d8a1b4a9f
) (cherry picked from commit99dd092cd0
) (cherry picked from commit0fdbd02204
) (cherry picked from commit70b277a183
) (cherry picked from commit3eece7fbb4
) (cherry picked from commit4838fc9e11
) (cherry picked from commitb76ed541cf
)
This commit is contained in:
parent
af606b8574
commit
dcdfb5b65c
4 changed files with 34 additions and 4 deletions
|
@ -205,13 +205,20 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) {
|
|||
}
|
||||
}
|
||||
|
||||
func getOtpHeader(header http.Header) string {
|
||||
otpHeader := header.Get("X-Gitea-OTP")
|
||||
if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
|
||||
otpHeader = forgejoHeader
|
||||
}
|
||||
return otpHeader
|
||||
}
|
||||
|
||||
// CheckForOTP validates OTP
|
||||
func (ctx *APIContext) CheckForOTP() {
|
||||
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
|
||||
return // Skip 2FA
|
||||
}
|
||||
|
||||
otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
|
||||
twofa, err := auth.GetTwoFactorByUID(ctx.Doer.ID)
|
||||
if err != nil {
|
||||
if auth.IsErrTwoFactorNotEnrolled(err) {
|
||||
|
@ -220,7 +227,7 @@ func (ctx *APIContext) CheckForOTP() {
|
|||
ctx.Error(http.StatusInternalServerError, "GetTwoFactorByUID", err)
|
||||
return
|
||||
}
|
||||
ok, err := twofa.ValidateTOTP(otpHeader)
|
||||
ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header))
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "ValidateTOTP", err)
|
||||
return
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue