-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure deploy key with write access can push #19010
Conversation
1b04680
to
60ac321
Compare
@6543 Hmm, checked,
|
There are a lot of code using
|
Backport necessary? |
* giteaofficial/main: Fix the bug: deploy key with write access can not push (go-gitea#19010) Renamed ctx.User to ctx.Doer. (go-gitea#19161) [docs] Enhance container selection in docker dump (go-gitea#14292) Cleanup protected branches when deleting users & teams (go-gitea#19158) Reorder issue templates and automatically add labels (go-gitea#18875) Use IterateBufferSize whilst querying repositories during adoption check (go-gitea#19140)
I'm confused as to how this was failing because our testsuite should have picked this up... It would be helpful if you could add a test to our integrations suite that replicates the bug or give us a run down of the steps necessary to reproduce the original issue. |
I have read the test cases before, if I understand correctly it seems that this case is not covered. I had the thought to write some tests at the same time however it's more complex than I thought, and I need this to be fixed in my server, so I just submitted the fix first. (although not fully covered by tests, but not too bad either) I have a plan to do some further refactoring about the ssh/serv/internal system, and I will add more tests then. About backport: this PR changes some env vars, it not as simple as a bug fix, so I think we can just keep it in 1.17. If anyone in 1.16 are affected, we can suggest them to use 1.17-dev or have further discussion then. Well ..... it seems that no one besides me need this feature 😂 |
About "the steps necessary to reproduce the original issue.": that's quite straight, add a deploy key with write access, then you can not use the key to push. Because there was no code to check the key's permission to allow write. |
Backport go-gitea#19010 Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission. Fix go-gitea#19009 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/1.16.5) - 2022-03-23 * BREAKING * Bump to build with go1.18 (go-gitea#19120 et al) (go-gitea#19127) * SECURITY * Prevent redirect to Host (2) (go-gitea#19175) (go-gitea#19186) * Try to prevent autolinking of displaynames by email readers (go-gitea#19169) (go-gitea#19183) * Clean paths when looking in Storage (go-gitea#19124) (go-gitea#19179) * Do not send notification emails to inactive users (go-gitea#19131) (go-gitea#19139) * Do not send activation email if manual confirm is set (go-gitea#19119) (go-gitea#19122) * ENHANCEMENTS * Use the new/choose link for New Issue on project page (go-gitea#19172) (go-gitea#19176) * BUGFIXES * Fix compare link in active feeds for new branch (go-gitea#19149) (go-gitea#19185) * Redirect .wiki/* ui link to /wiki (go-gitea#18831) (go-gitea#19184) * Ensure deploy keys with write access can push (go-gitea#19010) (go-gitea#19182) * Ensure that setting.LocalURL always has a trailing slash (go-gitea#19171) (go-gitea#19177) * Cleanup protected branches when deleting users & teams (go-gitea#19158) (go-gitea#19174) * Use IterateBufferSize whilst querying repositories during adoption check (go-gitea#19140) (go-gitea#19160) * Fix NPE /repos/issues/search when not signed in (go-gitea#19154) (go-gitea#19155) * Use custom favicon when viewing static files if it exists (go-gitea#19130) (go-gitea#19152) * Fix the editor height in review box (go-gitea#19003) (go-gitea#19147) * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (go-gitea#19028) (go-gitea#19146) * Fix wrong scopes caused by empty scope input (go-gitea#19029) (go-gitea#19145) * Make migrations SKIP_TLS_VERIFY apply to git too (go-gitea#19132) (go-gitea#19141) * Handle email address not exist (go-gitea#19089) (go-gitea#19121) * MISC * Update json-iterator to allow compilation with go1.18 (go-gitea#18644) (go-gitea#19100) * Update golang.org/x/crypto (go-gitea#19097) (go-gitea#19098) Signed-off-by: Andrew Thornton <art27@cantab.net>
Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.
Fix:
In this PR, I use
DeployKeyID
to replace theIsDeployKey
, thenCanWriteCode
can use the DeployKeyID to check the permission.