diff --git a/modules/auth/sso/reverseproxy.go b/modules/auth/sso/reverseproxy.go index 62598a15cdc33..d4fae9d5f425b 100644 --- a/modules/auth/sso/reverseproxy.go +++ b/modules/auth/sso/reverseproxy.go @@ -12,6 +12,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/web/middleware" gouuid "github.com/google/uuid" ) @@ -69,13 +70,21 @@ func (r *ReverseProxy) VerifyAuthData(req *http.Request, w http.ResponseWriter, user, err := models.GetUserByName(username) if err != nil { - if models.IsErrUserNotExist(err) && r.isAutoRegisterAllowed() { - return r.newUser(req) + if !models.IsErrUserNotExist(err) || !r.isAutoRegisterAllowed() { + log.Error("GetUserByName: %v", err) + return nil } - log.Error("GetUserByName: %v", err) - return nil + user = r.newUser(req) } + // Make sure requests to API paths, attachment downloads, git and LFS do not create a new session + if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitOrLFSPath(req) { + if sess.Get("uid").(int64) != user.ID { + handleSignIn(w, req, sess, user) + } + } + store.GetData()["IsReverseProxy"] = true + log.Trace("ReverseProxy Authorization: Logged in user %-v", user) return user } @@ -104,7 +113,6 @@ func (r *ReverseProxy) newUser(req *http.Request) *models.User { user := &models.User{ Name: username, Email: email, - Passwd: username, IsActive: true, } if err := models.CreateUser(user); err != nil { @@ -112,5 +120,6 @@ func (r *ReverseProxy) newUser(req *http.Request) *models.User { log.Error("CreateUser: %v", err) return nil } + return user } diff --git a/templates/user/settings/profile.tmpl b/templates/user/settings/profile.tmpl index ee3cc589041a8..9f07226632fcd 100644 --- a/templates/user/settings/profile.tmpl +++ b/templates/user/settings/profile.tmpl @@ -15,8 +15,8 @@
- - {{if not .SignedUser.IsLocal}} + + {{if or (not .SignedUser.IsLocal) .IsReverseProxy}}{{$.i18n.Tr "settings.password_username_disabled"}}
{{end}}