[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP

(cherry picked from commit 7b0549cd70)
(cherry picked from commit 13e10a65d9)
(cherry picked from commit 65bdd73cf2)
(cherry picked from commit 64eba8bb92)
(cherry picked from commit 4c49b1a759)
(cherry picked from commit 93b4d06406)
(cherry picked from commit e2bc5f36d9)
(cherry picked from commit 2bee76f9df)
(cherry picked from commit 3d8a1b4a9f)
(cherry picked from commit 99dd092cd0)
(cherry picked from commit 0fdbd02204)
(cherry picked from commit 70b277a183)
(cherry picked from commit 3eece7fbb4)
(cherry picked from commit 4838fc9e11)
(cherry picked from commit b76ed541cf)
(cherry picked from commit dcdfb5b65c)
(cherry picked from commit 377dc48cdc)
(cherry picked from commit acc862f411)
(cherry picked from commit ac75ef101f)
(cherry picked from commit 08f2d9f7c5)
(cherry picked from commit e4096f0b64)
(cherry picked from commit bf5876f062)
(cherry picked from commit 7dc60637e5)
(cherry picked from commit ef3101774b)
(cherry picked from commit ecb9e8867c)
(cherry picked from commit 64f0ae72fe)
(cherry picked from commit 8dd6ec7862)
(cherry picked from commit b36723e52b)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1466
(cherry picked from commit 5c378e0cb8)
(cherry picked from commit 1d87602819)
(cherry picked from commit 0f72002d66)
(cherry picked from commit da2556eb13)
(cherry picked from commit c01688cd90)
(cherry picked from commit af4bba8329)
(cherry picked from commit 33ca322c2e)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1739
(cherry picked from commit c18e374d44)
(cherry picked from commit 27c4797c9f)
This commit is contained in:
Loïc Dachary 2023-02-24 14:24:29 +01:00 committed by Earl Warren
parent 76388e2c38
commit dd7f17c279
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
4 changed files with 16 additions and 3 deletions

View file

@ -56,7 +56,7 @@
// description: Sudo API request as the user provided as the key. Admin privileges are required. // description: Sudo API request as the user provided as the key. Admin privileges are required.
// TOTPHeader: // TOTPHeader:
// type: apiKey // type: apiKey
// name: X-GITEA-OTP // name: X-FORGEJO-OTP
// in: header // in: header
// description: Must be used in combination with BasicAuth if two-factor authentication is enabled. // description: Must be used in combination with BasicAuth if two-factor authentication is enabled.
// //

View file

@ -143,6 +143,14 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
return u, nil return u, nil
} }
func getOtpHeader(header http.Header) string {
otpHeader := header.Get("X-Gitea-OTP")
if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" {
otpHeader = forgejoHeader
}
return otpHeader
}
func validateTOTP(req *http.Request, u *user_model.User) error { func validateTOTP(req *http.Request, u *user_model.User) error {
twofa, err := auth_model.GetTwoFactorByUID(req.Context(), u.ID) twofa, err := auth_model.GetTwoFactorByUID(req.Context(), u.ID)
if err != nil { if err != nil {
@ -152,7 +160,7 @@ func validateTOTP(req *http.Request, u *user_model.User) error {
} }
return err return err
} }
if ok, err := twofa.ValidateTOTP(req.Header.Get("X-Gitea-OTP")); err != nil { if ok, err := twofa.ValidateTOTP(getOtpHeader(req.Header)); err != nil {
return err return err
} else if !ok { } else if !ok {
return util.NewInvalidArgumentErrorf("invalid provided OTP") return util.NewInvalidArgumentErrorf("invalid provided OTP")

View file

@ -24044,7 +24044,7 @@
"TOTPHeader": { "TOTPHeader": {
"description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.", "description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.",
"type": "apiKey", "type": "apiKey",
"name": "X-GITEA-OTP", "name": "X-FORGEJO-OTP",
"in": "header" "in": "header"
}, },
"Token": { "Token": {

View file

@ -52,4 +52,9 @@ func TestAPITwoFactor(t *testing.T) {
req = AddBasicAuthHeader(req, user.Name) req = AddBasicAuthHeader(req, user.Name)
req.Header.Set("X-Gitea-OTP", passcode) req.Header.Set("X-Gitea-OTP", passcode)
MakeRequest(t, req, http.StatusOK) MakeRequest(t, req, http.StatusOK)
req = NewRequestf(t, "GET", "/api/v1/user")
req = AddBasicAuthHeader(req, user.Name)
req.Header.Set("X-Forgejo-OTP", passcode)
MakeRequest(t, req, http.StatusOK)
} }