vitalif
/
gogs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cookie: enhance cookie security (#3525)

master
Unknwon 2017-02-14 03:52:20 -05:00
parent 279e475b89
commit 4c5255f5ad
No known key found for this signature in database
GPG Key ID: 25B575AE3213B2B3
4 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
conf/app.ini
View File

@ -154,6 +154,7 @@ SECRET_KEY = !#@FDEWREWR&*(
LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gogs_awesome
COOKIE_REMEMBER_NAME = gogs_incredible
COOKIE_SECURE = false
; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER

4
modules/bindata/bindata.go
View File

File diff suppressed because one or more lines are too long

2
modules/setting/setting.go
View File

@ -98,6 +98,7 @@ var (
LogInRememberDays int
CookieUserName string
CookieRememberName string
CookieSecure bool
ReverseProxyAuthUser string
// Database settings
@ -466,6 +467,7 @@ func NewContext() {
LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
CookieUserName = sec.Key("COOKIE_USERNAME").String()
CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
sec = Cfg.Section("attachment")

4
routers/user/auth.go
View File

@ -123,8 +123,8 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
if form.Remember {
days := 86400 * setting.LogInRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
}
ctx.Session.Set("uid", u.ID)