WIP: Rationalise Disable Basic Authentication and SSO #15186
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Need to make the basic authentication only get checked once on git and lfs endpoints |
GiteaBot
added
the
lgtm/need 2
zeripath
force-pushed
the
disable-basic-authentication
branch
3 times, most recently
from
6c987fa to
5a2624a
Compare
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Fix go-gitea#2407 Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
The recovery handler should not attempt to reauthenticate the user - as this could have been the site of the panic!
mounting Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…rocess Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…ction Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
…that reverseproxy creates a session Signed-off-by: Andrew Thornton <[email protected]>
zeripath
force-pushed
the
disable-basic-authentication
branch
from
5a2624a to
08d5087
Compare
Signed-off-by: Andrew Thornton <[email protected]>
Signed-off-by: Andrew Thornton <[email protected]>
Care to explain? This does not disable basic auth on git endpoints, right? |
This was referenced Apr 6, 2021
Actually if DisableBasicAuthentication is set, it would. There is an extremely good reason as to why we should do that but we should move this discussion to #15303. |
zeripath
changed the title
|
Ah, I see as long as token auth is still supported on HTTPS, I'm fine. Basic auth with username/password should be something that is discouraged. |
|
Closing as all of these changes have been split out into other PRs. (Which aren't being reviewed...) |
zeripath
added a commit
that referenced
this pull request
May 4, 2021
…15301) Since the move to Chi the number of stack frames has proliferated somewhat catastrophically and we're up to 96 frames with multiple tests of the url outside of a trie which is inefficient. This PR reduces the number of stack frames by 6 through careful use of Route, moves Captcha into its own router so that it only fires on Captcha routes, similarly for avatars and repo-avatars. The robots.txt, / and apple-touch-icon.png are moved out of requiring Contexter. It moves access logger higher in the stack frame because there is no reason why it can't be higher. Extract from #15186 Contains #15292
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a few changes: