Página Principal Explorar Ajuda
Iniciar Sessão
jds
/
gogs
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

cookie: enhance cookie security (#3525)

Unknwon há 8 anos atrás
pai
279e475b89
commit
4c5255f5ad
4 ficheiros alterados com 5 adições e 2 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 1 0
      conf/app.ini
  2. 0 0
      modules/bindata/bindata.go
  3. 2 0
      modules/setting/setting.go
  4. 2 2
      routers/user/auth.go

+ 1 - 0
conf/app.ini
Ver Ficheiro 

@@ -154,6 +154,7 @@ SECRET_KEY = !#@FDEWREWR&*(
 
 LOGIN_REMEMBER_DAYS = 7
 
 LOGIN_REMEMBER_DAYS = 7
 
 COOKIE_USERNAME = gogs_awesome
 
 COOKIE_USERNAME = gogs_awesome
 
 COOKIE_REMEMBER_NAME = gogs_incredible
 
 COOKIE_REMEMBER_NAME = gogs_incredible
 
+COOKIE_SECURE = false
 
 ; Reverse proxy authentication header name of user name
 
 ; Reverse proxy authentication header name of user name
 
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER

Diff do ficheiro suprimidas por serem muito extensas
+ 0 - 0
modules/bindata/bindata.go


+ 2 - 0
modules/setting/setting.go
Ver Ficheiro 

@@ -98,6 +98,7 @@ var (
 
 	LogInRememberDays    int
 
 	LogInRememberDays    int
 
 	CookieUserName       string
 
 	CookieUserName       string
 
 	CookieRememberName   string
 
 	CookieRememberName   string
 
+	CookieSecure         bool
 
 	ReverseProxyAuthUser string
 
 	ReverseProxyAuthUser string
 
 
 
 	// Database settings
 
 	// Database settings
 
@@ -466,6 +467,7 @@ func NewContext() {
 
 	LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
 
 	LogInRememberDays = sec.Key("LOGIN_REMEMBER_DAYS").MustInt()
 
 	CookieUserName = sec.Key("COOKIE_USERNAME").String()
 
 	CookieUserName = sec.Key("COOKIE_USERNAME").String()
 
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
 
 	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String()
 
+	CookieSecure = sec.Key("COOKIE_SECURE").MustBool(false)
 
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
 
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
 
 
 
 	sec = Cfg.Section("attachment")
 
 	sec = Cfg.Section("attachment")

+ 2 - 2
routers/user/auth.go
Ver Ficheiro 

@@ -123,8 +123,8 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 
 
 
 	if form.Remember {
 
 	if form.Remember {
 
 		days := 86400 * setting.LogInRememberDays
 
 		days := 86400 * setting.LogInRememberDays
 
-		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)
 
-		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl)
 
+		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 
+		ctx.SetSuperSecureCookie(u.Rands+u.Passwd, setting.CookieRememberName, u.Name, days, setting.AppSubUrl, "", setting.CookieSecure, true)
 
 	}
 
 	}
 
 
 
 	ctx.Session.Set("uid", u.ID)
 
 	ctx.Session.Set("uid", u.ID)

Alguns ficheiros não foram mostrados porque muitos ficheiros mudaram neste diff