diff --git a/modules/context/api.go b/modules/context/api.go index 619d6594a5..f94708d6a3 100644 --- a/modules/context/api.go +++ b/modules/context/api.go @@ -197,20 +197,13 @@ func (ctx *APIContext) SetLinkHeader(total, pageSize int) { } } -func getOtpHeader(header http.Header) string { - otpHeader := header.Get("X-Gitea-OTP") - if forgejoHeader := header.Get("X-Forgejo-OTP"); forgejoHeader != "" { - otpHeader = forgejoHeader - } - return otpHeader -} - // CheckForOTP validates OTP func (ctx *APIContext) CheckForOTP() { if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) { return // Skip 2FA } + otpHeader := ctx.Req.Header.Get("X-Gitea-OTP") twofa, err := auth.GetTwoFactorByUID(ctx.Doer.ID) if err != nil { if auth.IsErrTwoFactorNotEnrolled(err) { @@ -219,7 +212,7 @@ func (ctx *APIContext) CheckForOTP() { ctx.Error(http.StatusInternalServerError, "GetTwoFactorByUID", err) return } - ok, err := twofa.ValidateTOTP(getOtpHeader(ctx.Req.Header)) + ok, err := twofa.ValidateTOTP(otpHeader) if err != nil { ctx.Error(http.StatusInternalServerError, "ValidateTOTP", err) return diff --git a/modules/context/api_forgejo_test.go b/modules/context/api_forgejo_test.go deleted file mode 100644 index b85de55904..0000000000 --- a/modules/context/api_forgejo_test.go +++ /dev/null @@ -1,23 +0,0 @@ -// SPDX-License-Identifier: MIT - -package context - -import ( - "net/http" - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestGetOtpHeader(t *testing.T) { - header := http.Header{} - assert.EqualValues(t, "", getOtpHeader(header)) - // Gitea - giteaOtp := "123456" - header.Set("X-Gitea-OTP", giteaOtp) - assert.EqualValues(t, giteaOtp, getOtpHeader(header)) - // Forgejo has precedence - forgejoOtp := "abcdef" - header.Set("X-Forgejo-OTP", forgejoOtp) - assert.EqualValues(t, forgejoOtp, getOtpHeader(header)) -} diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 9d06ce524d..ee8578d361 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -56,7 +56,7 @@ // description: Sudo API request as the user provided as the key. Admin privileges are required. // TOTPHeader: // type: apiKey -// name: X-FORGEJO-OTP +// name: X-GITEA-OTP // in: header // description: Must be used in combination with BasicAuth if two-factor authentication is enabled. // diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 39f73398ab..8ef6d09b16 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -23138,7 +23138,7 @@ "TOTPHeader": { "description": "Must be used in combination with BasicAuth if two-factor authentication is enabled.", "type": "apiKey", - "name": "X-FORGEJO-OTP", + "name": "X-GITEA-OTP", "in": "header" }, "Token": {