Skip to content

Commit d4e281b

Browse files
pboguslawskipboguslawski
authored
Allow Token API calls be authorized using the reverse-proxy header (#15119)
* API calls authorized with HTTP header This mod allows API calls to be authorized with HTTP header when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled. Without it user authenticated by reverse proxy is able to access gitea UI but not API which is inconsistent. Author-Change-Id: IB#1107572 * Fixed API calls authorized with HTTP header Only reqBasicAuth is modified to allow reverse proxy auth as alternative and reqToken is left untouched. Fixes: dc952c0 Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: #15119 (comment) Author-Change-Id: IB#1107572 * Reverse proxy API auth separated in docs Related: #15119 (comment) Author-Change-Id: IB#1107572 * Reverse proxy API auth separated Related: #15119 (comment) Author-Change-Id: IB#1107572 * ReverseProxyAuth removed from swagger ReverseProxyAuth removed from swagger as in upstream's suggestion. Related: #15119 (review) Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: #15119 (comment) Author-Change-Id: IB#1107572 * ReverseProxyAuth API authorization fixed Related: #15119 (comment) Author-Change-Id: IB#1107572
1 parent fc3d082 commit d4e281b

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

routers/api/v1/api.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -215,10 +215,13 @@ func reqExploreSignIn() func(ctx *context.APIContext) {
215215
}
216216
}
217217

218-
func reqBasicAuth() func(ctx *context.APIContext) {
218+
func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
219219
return func(ctx *context.APIContext) {
220+
if ctx.IsSigned && setting.Service.EnableReverseProxyAuth && ctx.Data["AuthedMethod"].(string) == new(auth.ReverseProxy).Name() {
221+
return
222+
}
220223
if !ctx.Context.IsBasicAuth {
221-
ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "basic auth required")
224+
ctx.Error(http.StatusUnauthorized, "reqBasicOrRevProxyAuth", "auth required")
222225
return
223226
}
224227
ctx.CheckForOTP()
@@ -630,7 +633,7 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route {
630633
m.Combo("").Get(user.ListAccessTokens).
631634
Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
632635
m.Combo("/{id}").Delete(user.DeleteAccessToken)
633-
}, reqBasicAuth())
636+
}, reqBasicOrRevProxyAuth())
634637
})
635638
})
636639

0 commit comments

Comments
 (0)