Fixed user session initialization on login with reverse proxy header

pboguslawski · pboguslawski · commit 45ea55dd71a5 · 2020-10-20T14:55:29.000+02:00
Gitea does not initialize user session after login using reverse proxy header. This fixes it. Fixes: 27dc5a1 Author-Change-Id: IB#1104925
diff --git a/modules/auth/sso/reverseproxy.go b/modules/auth/sso/reverseproxy.go
@@ -98,6 +98,17 @@ func (r *ReverseProxy) VerifyAuthData(ctx *macaron.Context, sess session.Store)
 		}
 	}
 
+	ctx.SetCookie("lang", user.Language, nil, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+
+	// Clear whatever CSRF has right now, force to generate a new one.
+	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
+
+	// Register last login.
+	user.SetLastLogin()
+	if err = models.UpdateUserCols(user, false, "last_login_unix"); err != nil {
+		log.Error(fmt.Sprintf("VerifyAuthData: error updating user last login time [user: %d]", user.ID))
+	}
+
 	return user
 }
 

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,17 @@ func (r ReverseProxy) VerifyAuthData(ctx macaron.Context, sess session.Store)`
`98`	`98`	`}`
`99`	`99`	`}`
`100`	`100`
	`101`	`+ ctx.SetCookie("lang", user.Language, nil, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)`
	`102`	`+`
	`103`	`+ // Clear whatever CSRF has right now, force to generate a new one.`
	`104`	`+ ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)`
	`105`	`+`
	`106`	`+ // Register last login.`
	`107`	`+ user.SetLastLogin()`
	`108`	`+ if err = models.UpdateUserCols(user, false, "last_login_unix"); err != nil {`
	`109`	`+ log.Error(fmt.Sprintf("VerifyAuthData: error updating user last login time [user: %d]", user.ID))`
	`110`	`+ }`
	`111`	`+`
`101`	`112`	`return user`
`102`	`113`	`}`
`103`	`114`