Skip to content

Commit 6eb6583

Browse files
zeripathzeripath
committed
Shadow password correctly for session config (go-gitea#8984)
Fix go-gitea#8718 This PR shadows passwords in session config correctly by detecting the VirtualProvider, unmarshalling the original config and then shadowing config within that.
1 parent 1122230 commit 6eb6583

File tree

1 file changed

+17
-9
lines changed

1 file changed

+17
-9
lines changed

routers/admin/admin.go

+17-9
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
package admin
77

88
import (
9+
"encoding/json"
910
"fmt"
1011
"net/url"
1112
"os"
@@ -25,6 +26,7 @@ import (
2526
"code.gitea.io/gitea/services/mailer"
2627

2728
"gitea.com/macaron/macaron"
29+
"gitea.com/macaron/session"
2830
"github.com/unknwon/com"
2931
)
3032

@@ -207,7 +209,7 @@ func SendTestMail(ctx *context.Context) {
207209
ctx.Redirect(setting.AppSubURL + "/admin/config")
208210
}
209211

210-
func shadownPasswordKV(cfgItem, splitter string) string {
212+
func shadowPasswordKV(cfgItem, splitter string) string {
211213
fields := strings.Split(cfgItem, splitter)
212214
for i := 0; i < len(fields); i++ {
213215
if strings.HasPrefix(fields[i], "password=") {
@@ -218,10 +220,10 @@ func shadownPasswordKV(cfgItem, splitter string) string {
218220
return strings.Join(fields, splitter)
219221
}
220222

221-
func shadownURL(provider, cfgItem string) string {
223+
func shadowURL(provider, cfgItem string) string {
222224
u, err := url.Parse(cfgItem)
223225
if err != nil {
224-
log.Error("shodowPassword %v failed: %v", provider, err)
226+
log.Error("Shadowing Password for %v failed: %v", provider, err)
225227
return cfgItem
226228
}
227229
if u.User != nil {
@@ -239,7 +241,7 @@ func shadownURL(provider, cfgItem string) string {
239241
func shadowPassword(provider, cfgItem string) string {
240242
switch provider {
241243
case "redis":
242-
return shadownPasswordKV(cfgItem, ",")
244+
return shadowPasswordKV(cfgItem, ",")
243245
case "mysql":
244246
//root:@tcp(localhost:3306)/macaron?charset=utf8
245247
atIdx := strings.Index(cfgItem, "@")
@@ -253,15 +255,21 @@ func shadowPassword(provider, cfgItem string) string {
253255
case "postgres":
254256
// user=jiahuachen dbname=macaron port=5432 sslmode=disable
255257
if !strings.HasPrefix(cfgItem, "postgres://") {
256-
return shadownPasswordKV(cfgItem, " ")
258+
return shadowPasswordKV(cfgItem, " ")
257259
}
258-
260+
fallthrough
261+
case "couchbase":
262+
return shadowURL(provider, cfgItem)
259263
// postgres://pqgotest:password@localhost/pqgotest?sslmode=verify-full
260-
// Notice: use shadwonURL
264+
// Notice: use shadowURL
265+
case "VirtualSession":
266+
var realSession session.Options
267+
if err := json.Unmarshal([]byte(cfgItem), &realSession); err == nil {
268+
return shadowPassword(realSession.Provider, realSession.ProviderConfig)
269+
}
261270
}
262271

263-
// "couchbase"
264-
return shadownURL(provider, cfgItem)
272+
return cfgItem
265273
}
266274

267275
// Config show admin config page

0 commit comments

Comments
 (0)