github/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-09-09 15:46:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix basic auth with webauthn (#32531) (#32536)

Browse Source 
Backport #32531 by @lunny

WebAuthn should behave the same way as TOTP. When enabled, basic auth
with username/password should need to WebAuthn auth, otherwise returned
401.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Giteabot
2024-11-17 02:21:00 +08:00
committed by GitHub
parent b6eef34874
commit 6555cfcac3
2 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/auth/basic.go
View File

@@ -5,6 +5,7 @@
package auth
import (
"errors"
"net/http"
"strings"
@@ -141,6 +142,15 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
}
if skipper, ok := source.Cfg.(LocalTwoFASkipper); !ok || !skipper.IsSkipLocalTwoFA() {
// Check if the user has webAuthn registration
hasWebAuthn, err := auth_model.HasWebAuthnRegistrationsByUID(req.Context(), u.ID)
if err != nil {
return nil, err
}
if hasWebAuthn {
return nil, errors.New("Basic authorization is not allowed while webAuthn enrolled")
}
if err := validateTOTP(req, u); err != nil {
return nil, err
}