Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auth check bug #24382

Merged
merged 4 commits into from
Apr 27, 2023
Merged

Fix auth check bug #24382

merged 4 commits into from
Apr 27, 2023

Conversation

lunny
Copy link
Member

@lunny lunny commented Apr 27, 2023
edited
Loading

Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324

getAuthenticatedMeta has checked them, these code are duplicated one. And the first invokation has a wrong permission check. DownloadHandle should require read permission but not write.

@lunny lunny added type/bug outdated/backport/v1.19 This PR should be backported to Gitea 1.19 labels Apr 27, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 27, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 27, 2023
@lunny lunny added the pr/wip This PR is not ready for review label Apr 27, 2023
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Apr 27, 2023
@lunny
Copy link
Member Author

lunny commented Apr 27, 2023

I will add some tests

@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 27, 2023
@lunny lunny added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed pr/wip This PR is not ready for review size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 27, 2023
@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 27, 2023
@jolheiser jolheiser mentioned this pull request Apr 27, 2023
Merged
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Apr 27, 2023
@6543 6543 added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 27, 2023
@6543 6543 added this to the 1.20.0 milestone Apr 27, 2023
@6543 6543 merged commit ecf1f2d into go-gitea:main Apr 27, 2023
@GiteaBot GiteaBot mentioned this pull request Apr 27, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request Apr 27, 2023
@lunny @GiteaBot
Fix auth check bug (go-gitea#24382)
98e570b 
Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324

`getAuthenticatedMeta` has checked them, these code are duplicated one.
And the first invokation has a wrong permission check. `DownloadHandle`
should require read permission but not write.
@GiteaBot GiteaBot added the backport/done All backports for this PR have been created label Apr 27, 2023
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Apr 27, 2023
jolheiser pushed a commit that referenced this pull request Apr 27, 2023
@GiteaBot @lunny
Fix auth check bug (#24382) (#24387)
5999349 
Backport #24382 by @lunny

Fix https://github.com/go-gitea/gitea/pull/24362/files#r1179095324

`getAuthenticatedMeta` has checked them, these code are duplicated one.
And the first invokation has a wrong permission check. `DownloadHandle`
should require read permission but not write.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@lunny lunny deleted the lunny/fix_wrong_check branch April 27, 2023 22:52
wxiaoguang
wxiaoguang reviewed Apr 28, 2023
View reviewed changes
tests/integration/lfs_getobject_test.go
@@ -89,6 +115,21 @@ func TestGetLFSSmall(t *testing.T) {
checkResponseTestContentEncoding(t, &content, resp, false)
}

func TestGetLFSSmallToken(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TestGetLFSSmallToken

What is a "small token"?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's "Get LFS small (file with) Token"

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, maybe it should be with token because there is a similar tests with username/password

zjjhot added a commit to zjjhot/gitea that referenced this pull request Apr 28, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
85e30e2 
* giteaofficial/main: (26 commits)
  Refactor docs (go-gitea#23752)
  Fix layouts of admin table / adapt repo / email test  (go-gitea#24370)
  Move secrets and runners settings to actions settings (go-gitea#24200)
  Gitea Actions add `base_ref`, `head_ref`, `api_url`, `ref_type` fields (go-gitea#24356)
  Fix auth check bug (go-gitea#24382)
  Display 'Unknown' when runner.version is empty (go-gitea#24378)
  Fix incorrect last online time in runner_edit.tmpl (go-gitea#24376)
  Refactor "route" related code, fix Safari cookie bug (go-gitea#24330)
  Add custom helm repo name generated from url (go-gitea#24363)
  Add API for gitignore templates (go-gitea#22783)
  Add eslint-plugin-regexp (go-gitea#24361)
  Support uploading file to empty repo by API (go-gitea#24357)
  [skip ci] Updated translations via Crowdin
  Require repo scope for PATs for private repos and basic authentication (go-gitea#24362)
  Alert error message if open dependencies are included in the issues that try to batch close (go-gitea#24329)
  Fix 404 error when leaving the last private org team (go-gitea#24322)
  Modify width of ui container, fine tune css for settings pages and org header (go-gitea#24315)
  Add .livemd as a markdown extension (go-gitea#22730)
  Display when a repo was archived (go-gitea#22664)
  Fix wrong error info in RepoRefForAPI (go-gitea#24344)
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jul 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jolheiser jolheiser jolheiser approved these changes

@wxiaoguang wxiaoguang wxiaoguang left review comments

@6543 6543 6543 approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. outdated/backport/v1.19 This PR should be backported to Gitea 1.19 size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
1.20.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lunny @wxiaoguang @6543 @jolheiser @GiteaBot