tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

#1891 attempt to fix invalid csrf token

Browse Source
This commit is contained in:
Unknwon
2016-03-12 20:56:03 -05:00
parent af8eccc02e
commit b4f47a7623
7 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
routers/user/auth.go
View File

@@ -63,6 +63,7 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
isSucceed = true
ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
return true, nil
}
@@ -116,6 +117,10 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
ctx.Session.Set("uid", u.Id)
ctx.Session.Set("uname", u.Name)
// Clear whatever CSRF has right now, force to generate a new one
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)
ctx.Redirect(redirectTo)
@@ -133,6 +138,7 @@ func SignOut(ctx *context.Context) {
ctx.Session.Delete("socialEmail")
ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)
ctx.Redirect(setting.AppSubUrl + "/")
}