aboutsummaryrefslogtreecommitdiff
path: root/modules/middleware/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/middleware/auth.go')
-rw-r--r--modules/middleware/auth.go15
1 files changed, 9 insertions, 6 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index 214dda23..37e3aec4 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -8,7 +8,8 @@ import (
"net/url"
"strings"
- "github.com/go-martini/martini"
+ "github.com/Unknwon/macaron"
+ "github.com/macaron-contrib/csrf"
"github.com/gogits/gogs/modules/setting"
)
@@ -20,7 +21,7 @@ type ToggleOptions struct {
DisableCsrf bool
}
-func Toggle(options *ToggleOptions) martini.Handler {
+func Toggle(options *ToggleOptions) macaron.Handler {
return func(ctx *Context) {
// Cannot view any page before installation.
if !setting.InstallLock {
@@ -34,9 +35,11 @@ func Toggle(options *ToggleOptions) martini.Handler {
return
}
- if !options.DisableCsrf && ctx.Req.Method == "POST" && !ctx.CsrfTokenValid() {
- ctx.Error(403, "CSRF token does not match")
- return
+ if !options.SignOutRequire && !options.DisableCsrf && ctx.Req.Method == "POST" {
+ csrf.Validate(ctx.Context, ctx.csrf)
+ if ctx.Written() {
+ return
+ }
}
if options.SignInRequire {
@@ -49,7 +52,7 @@ func Toggle(options *ToggleOptions) martini.Handler {
ctx.Redirect("/user/login")
return
} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
- ctx.Data["Title"] = "Activate Your Account"
+ ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(200, "user/activate")
return
}
Powered by cgit, Themed by Ted Yin.