Commit 44dff6fd by Sofia Papagiannaki Committed by GitHub

Auth: Fix POST request failures with anonymous access (#26049)

Macaron context.QueryBool() seems to modify the request context
that causes the POST and PUT requests to fail with:
"http: proxy error: net/http: HTTP/1.x transport connection broken: http: ContentLength=333 with Body length 0"
parent 632c54f9
...@@ -2,6 +2,7 @@ package middleware ...@@ -2,6 +2,7 @@ package middleware
import ( import (
"net/url" "net/url"
"strconv"
"strings" "strings"
macaron "gopkg.in/macaron.v1" macaron "gopkg.in/macaron.v1"
...@@ -87,7 +88,13 @@ func RoleAuth(roles ...models.RoleType) macaron.Handler { ...@@ -87,7 +88,13 @@ func RoleAuth(roles ...models.RoleType) macaron.Handler {
func Auth(options *AuthOptions) macaron.Handler { func Auth(options *AuthOptions) macaron.Handler {
return func(c *models.ReqContext) { return func(c *models.ReqContext) {
forceLogin := c.AllowAnonymous && c.QueryBool("forceLogin") forceLogin := false
if c.AllowAnonymous {
forceLoginParam, err := strconv.ParseBool(c.Req.URL.Query().Get("forceLogin"))
if err == nil {
forceLogin = forceLoginParam
}
}
requireLogin := !c.AllowAnonymous || forceLogin requireLogin := !c.AllowAnonymous || forceLogin
if !c.IsSignedIn && options.ReqSignedIn && requireLogin { if !c.IsSignedIn && options.ReqSignedIn && requireLogin {
notAuthorized(c) notAuthorized(c)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment