mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-10-02 14:58:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix http auth header parsing (#34936)

Browse Source 
Using `strings.EqualFold` is wrong in many cases.
This commit is contained in:
wxiaoguang
2025-07-03 11:02:38 +08:00
committed by GitHub
parent 8cbec63cc7
commit d6d643fe86
9 changed files with 136 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
services/auth/oauth2.go
View File

@@ -13,6 +13,7 @@ import (
actions_model "code.gitea.io/gitea/models/actions"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/auth/httpauth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/timeutil"
@@ -97,9 +98,9 @@ func parseToken(req *http.Request) (string, bool) {
// check header token
if auHead := req.Header.Get("Authorization"); auHead != "" {
auths := strings.Fields(auHead)
if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
return auths[1], true
parsed, ok := httpauth.ParseAuthorizationHeader(auHead)
if ok && parsed.BearerToken != nil {
return parsed.BearerToken.Token, true
}
}
return "", false