Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow get release download files and lfs files with oauth2 token format (#26430) #27378

Merged
merged 1 commit into from
Oct 1, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions models/fixtures/attachment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -140,3 +140,16 @@
download_count: 0
size: 0
created_unix: 946684800

-
id: 12
uuid: a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a22
repo_id: 2
issue_id: 0
release_id: 11
uploader_id: 2
comment_id: 0
name: README.md
download_count: 0
size: 0
created_unix: 946684800
14 changes: 14 additions & 0 deletions models/fixtures/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,3 +136,17 @@
is_prerelease: false
is_tag: false
created_unix: 946684803

- id: 11
repo_id: 2
publisher_id: 2
tag_name: "v1.1"
lower_tag_name: "v1.1"
target: ""
title: "v1.1"
sha1: "205ac761f3326a7ebe416e8673760016450b5cec"
num_commits: 2
is_draft: false
is_prerelease: false
is_tag: false
created_unix: 946684803
8 changes: 3 additions & 5 deletions routers/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -863,9 +863,6 @@ func registerRoutes(m *web.Route) {
}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead, false))
}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)

// ***** Release Attachment Download without Signin
m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)

m.Group("/{username}/{reponame}", func() {
m.Group("/settings", func() {
m.Group("", func() {
Expand Down Expand Up @@ -1118,8 +1115,9 @@ func registerRoutes(m *web.Route) {
m.Get(".rss", feedEnabled, repo.ReleasesFeedRSS)
m.Get(".atom", feedEnabled, repo.ReleasesFeedAtom)
}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
repo.MustBeNotEmpty, reqRepoReleaseReader, context.RepoRefByType(context.RepoRefTag, true))
m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, reqRepoReleaseReader, repo.GetAttachment)
repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefTag, true))
m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, repo.GetAttachment)
m.Get("/releases/download/{vTag}/{fileName}", repo.MustBeNotEmpty, repo.RedirectDownload)
m.Group("/releases", func() {
m.Get("/new", repo.NewRelease)
m.Post("/new", web.Bind(forms.NewReleaseForm{}), repo.NewReleasePost)
Expand Down
4 changes: 3 additions & 1 deletion services/auth/oauth2.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,9 @@ func (o *OAuth2) userIDFromToken(tokenSHA string, store DataStore) int64 {
// If verification is successful returns an existing user object.
// Returns nil if verification fails.
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
!gitRawReleasePathRe.MatchString(req.URL.Path) {
return nil, nil
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1032bbf17fbc0d9c95bb5418dabe8f8c99278700
17 changes: 17 additions & 0 deletions tests/integration/release_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -239,3 +239,20 @@ func TestViewTagsList(t *testing.T) {

assert.EqualValues(t, []string{"v1.0", "delete-tag", "v1.1"}, tagNames)
}

func TestDownloadReleaseAttachment(t *testing.T) {
defer tests.PrepareTestEnv(t)()

tests.PrepareAttachmentsStorage(t)

repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})

url := repo.Link() + "/releases/download/v1.1/README.md"

req := NewRequest(t, "GET", url)
MakeRequest(t, req, http.StatusNotFound)

req = NewRequest(t, "GET", url)
session := loginUser(t, "user2")
session.MakeRequest(t, req, http.StatusOK)
}
14 changes: 14 additions & 0 deletions tests/test_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,20 @@ func InitTest(requireGitea bool) {
routers.InitWebInstalled(graceful.GetManager().HammerContext())
}

func PrepareAttachmentsStorage(t testing.TB) {
// prepare attachments directory and files
assert.NoError(t, storage.Clean(storage.Attachments))

s, err := storage.NewStorage(setting.LocalStorageType, &setting.Storage{
Path: filepath.Join(filepath.Dir(setting.AppPath), "tests", "testdata", "data", "attachments"),
})
assert.NoError(t, err)
assert.NoError(t, s.IterateObjects("", func(p string, obj storage.Object) error {
_, err = storage.Copy(storage.Attachments, p, s, p)
return err
}))
}

func PrepareTestEnv(t testing.TB, skip ...int) func() {
t.Helper()
ourSkip := 2
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# This is a release README