Whenever the ctx.Session is updated, release it to save it before sending the redirect (#11456)

Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
2025-07-22 18:28:37 +00:00 · 2020-05-17 13:43:29 +01:00
parent 50932ce8af
commit 76053ac31a
6 changed files with 168 additions and 100 deletions
--- a/routers/user/setting/security_u2f.go
+++ b/routers/user/setting/security_u2f.go
@@ -10,6 +10,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/tstranex/u2f"
@@ -26,9 +27,8 @@ func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {
 		ctx.ServerError("NewChallenge", err)
 		return
 	}
-	err = ctx.Session.Set("u2fChallenge", challenge)
-	if err != nil {
-		ctx.ServerError("Session.Set", err)
+	if err := ctx.Session.Set("u2fChallenge", challenge); err != nil {
+		ctx.ServerError("Unable to set session key for u2fChallenge", err)
 		return
 	}
 	regs, err := models.GetU2FRegistrationsByUID(ctx.User.ID)
@@ -42,11 +42,15 @@ func U2FRegister(ctx *context.Context, form auth.U2FRegistrationForm) {
 			return
 		}
 	}
-	err = ctx.Session.Set("u2fName", form.Name)
-	if err != nil {
-		ctx.ServerError("", err)
+	if err := ctx.Session.Set("u2fName", form.Name); err != nil {
+		ctx.ServerError("Unable to set session key for u2fName", err)
 		return
 	}
+	// Here we're just going to try to release the session early
+	if err := ctx.Session.Release(); err != nil {
+		// we'll tolerate errors here as they *should* get saved elsewhere
+		log.Error("Unable to save changes to the session: %v", err)
+	}
 	ctx.JSON(200, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))
 }