Affected by GO-2022-0369 and 23 other vulnerabilities

GO-2022-0369: Gogs vulnerable to improper PAM authorization handling in gogs.io/gogs

GO-2022-0377: SSRF in repository migration in gogs.io/gogs

GO-2022-0471: OS Command Injection in gogs in gogs.io/gogs

GO-2022-0473: Cross site scripting via cookies in gogs in gogs.io/gogs

GO-2022-0483: Cross-site Scripting vulnerability in repository issue list in Gogs in gogs.io/gogs

GO-2022-0554: Unrestricted Upload of File with Dangerous Type in Gogs in gogs.io/gogs

GO-2022-0556: OS Command Injection in file editor in Gogs in gogs.io/gogs

GO-2022-0562: Path Traversal in Git HTTP endpoints in Gogs in gogs.io/gogs

GO-2022-0566: SSRF in repository migration in gogs.io/gogs

GO-2022-0570: Path Traversal in file editor on Windows in Gogs in gogs.io/gogs

GO-2022-0583: Server-Side Request Forgery in gogs webhook in gogs.io/gogs

GO-2022-0597: Cross-site Scripting in Gogs in gogs.io/gogs

GO-2022-0749: OS Command Injection in gogs in gogs.io/gogs

GO-2022-0788: Insecure Permissions in Gogs in gogs.io/gogs

GO-2022-0822: Open Redirect in gogs.io/gogs

GO-2022-1060: Gogs vulnerable to Cross-site Scripting in gogs.io/gogs

GO-2023-1596: Gogs OS Command Injection vulnerability in gogs.io/gogs

GO-2023-1971: Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea

GO-2023-1972: Gogs XSS Vulnerability in gogs.io/gogs

GO-2024-3275: Unpatched Remote Code Execution in Gogs in gogs.io/gogs

GO-2024-3355: Remote Command Execution in file editing in gogs in gogs.io/gogs

GO-2024-3356: Path Traversal in file update API in gogs in gogs.io/gogs

GO-2025-3776: Gogs allows deletion of internal files which leads to remote command execution in gogs.io/gogs

GO-2025-3778: Gogs XSS allowed by stored call in PDF renderer in gogs.io/gogs

auth

package

v0.11.91 Latest Latest Go to latest Published: Aug 12, 2019 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gogs/gogs

Documentation ¶

Index ¶

func IsAPIPath(url string) bool
func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bool)
func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isBasicAuth bool, isTokenAuth bool)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsAPIPath ¶

func IsAPIPath(url string) bool

func SignedInID ¶

func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bool)

SignedInID returns the id of signed in user, along with one bool value which indicates whether user uses token authentication.

func SignedInUser ¶

func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isBasicAuth bool, isTokenAuth bool)

SignedInUser returns the user object of signed in user, along with two bool values, which indicate whether user uses HTTP Basic Authentication or token authentication respectively.

Types ¶

This section is empty.

Source Files ¶

View all Source files

auth.go

Directories ¶

Path	Synopsis
github
ldap Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information	Package ldap provide functions & structure to query a LDAP ldap directory For now, it's mainly tested again an MS Active Directory service, see README.md for more information
pam

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL