Auth: Fix POST request failures with anonymous access (#26049)

Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"

Auth: Fix POST request failures with anonymous access (#26049)
Macaron context.QueryBool() seems to modify the request context that causes the POST and PUT requests to fail with: "http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
44dff6fd · Sofia Papagiannaki · GitHub · 632c54f9 · 44dff6fd
Commit 44dff6fd authored Jul 06, 2020 by Sofia Papagiannaki Committed by GitHub Jul 06, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletions

pkg/middleware/auth.go
+8 -1

No files found.
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@@ -2,6 +2,7 @@ package middleware

 import (
 	"net/url"
+	"strconv"
 	"strings"

 	macaron "gopkg.in/macaron.v1"
@@ -87,7 +88,13 @@ func RoleAuth(roles ...models.RoleType) macaron.Handler {

 func Auth(options *AuthOptions) macaron.Handler {
 	return func(c *models.ReqContext) {
-		forceLogin := c.AllowAnonymous && c.QueryBool("forceLogin")
+		forceLogin := false
+		if c.AllowAnonymous {
+			forceLoginParam, err := strconv.ParseBool(c.Req.URL.Query().Get("forceLogin"))
+			if err == nil {
+				forceLogin = forceLoginParam
+			}
+		}
 		requireLogin := !c.AllowAnonymous || forceLogin
 		if !c.IsSignedIn && options.ReqSignedIn && requireLogin {
 			notAuthorized(c)