-
-
Notifications
You must be signed in to change notification settings - Fork 5.8k
WIP: Rationalise Disable Basic Authentication and SSO #15186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Need to make the basic authentication only get checked once on git and lfs endpoints |
6c987fa
to
5a2624a
Compare
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Fix go-gitea#2407 Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
The recovery handler should not attempt to reauthenticate the user - as this could have been the site of the panic!
mounting Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…rocess Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…ction Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…that reverseproxy creates a session Signed-off-by: Andrew Thornton <[email protected]>
5a2624a
to
08d5087
Compare
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Care to explain? This does not disable basic auth on git endpoints, right? |
Actually if DisableBasicAuthentication is set, it would. There is an extremely good reason as to why we should do that but we should move this discussion to #15303. |
Ah, I see as long as token auth is still supported on HTTPS, I'm fine. Basic auth with username/password should be something that is discouraged. |
Closing as all of these changes have been split out into other PRs. (Which aren't being reviewed...) |
…15301) Since the move to Chi the number of stack frames has proliferated somewhat catastrophically and we're up to 96 frames with multiple tests of the url outside of a trie which is inefficient. This PR reduces the number of stack frames by 6 through careful use of Route, moves Captcha into its own router so that it only fires on Captcha routes, similarly for avatars and repo-avatars. The robots.txt, / and apple-touch-icon.png are moved out of requiring Contexter. It moves access logger higher in the stack frame because there is no reason why it can't be higher. Extract from #15186 Contains #15292
This PR adds a few changes: