diff --git a/modules/auth/sso/oauth2.go b/modules/auth/sso/oauth2.go index 6860c12e390..3f530f036f2 100644 --- a/modules/auth/sso/oauth2.go +++ b/modules/auth/sso/oauth2.go @@ -121,7 +121,7 @@ func (o *OAuth2) VerifyAuthData(ctx *macaron.Context, sess session.Store) *model return nil } - if !isAPIPath(ctx) && !isAttachmentDownload(ctx) { + if isInternalPath(ctx) || !isAPIPath(ctx) && !isAttachmentDownload(ctx) { return nil } diff --git a/modules/auth/sso/sso.go b/modules/auth/sso/sso.go index cf8148d89bc..c2e36f3f5eb 100644 --- a/modules/auth/sso/sso.go +++ b/modules/auth/sso/sso.go @@ -100,6 +100,11 @@ func isAPIPath(ctx *macaron.Context) bool { return strings.HasPrefix(ctx.Req.URL.Path, "/api/") } +// isInternalPath returns true if the specified URL is an internal API path +func isInternalPath(ctx *macaron.Context) bool { + return strings.HasPrefix(ctx.Req.URL.Path, "/api/internal/") +} + // isAttachmentDownload check if request is a file download (GET) with URL to an attachment func isAttachmentDownload(ctx *macaron.Context) bool { return strings.HasPrefix(ctx.Req.URL.Path, "/attachments/") && ctx.Req.Method == "GET" diff --git a/modules/auth/sso/sspi_windows.go b/modules/auth/sso/sspi_windows.go index 2bced4be28d..00f15d97be5 100644 --- a/modules/auth/sso/sspi_windows.go +++ b/modules/auth/sso/sspi_windows.go @@ -148,6 +148,8 @@ func (s *SSPI) shouldAuthenticate(ctx *macaron.Context) (shouldAuth bool) { } else if ctx.Req.FormValue("auth_with_sspi") == "1" { shouldAuth = true } + } else if isInternalPath(ctx) { + shouldAuth = false } else if isAPIPath(ctx) || isAttachmentDownload(ctx) { shouldAuth = true }