-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent git operations for inactive users #13527
Conversation
dcac3e9
to
461ef8b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this is going to break some people's misuse of inactive accounts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Servcommand also needs this check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At line 235 of serv should check if deploy key owner is inactive and at 259 user of user key
Good catch. All repositories of an inactive user's should not be displayed, that's a main difference between isactive and prohibit_login of user. |
@zeripath done. |
Codecov Report
@@ Coverage Diff @@
## master #13527 +/- ##
==========================================
+ Coverage 42.09% 42.15% +0.06%
==========================================
Files 695 695
Lines 76370 76395 +25
==========================================
+ Hits 32145 32208 +63
+ Misses 38966 38903 -63
- Partials 5259 5284 +25
Continue to review full report at Codecov.
|
do we need to handle prohibit login keys too? |
done. |
Didn't prohibid login was actually meant so that user can't login in UI but can pull/push to repo? |
pull or push may also prompt username/password, it is still another login. prohibid user cannot login, but all his repositories could be accessed by others. All inactive user's repositories cannot be visited from others. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this might be a considered a breaking change for by some users.
@lunny i think there was discussion quite some time ago about option to prevent user form using UI while still be allowed to pull/push and prohibit login was an option for that. But I don't need that so I don't care 🤣 |
Please send backports |
* prevent git operations for inactive users * Some fixes * Deny push to the repositories which's owner is inactive * deny operations also when user is ProhibitLogin Co-authored-by: zeripath <[email protected]>
* prevent git operations for inactive users * Some fixes * Deny push to the repositories which's owner is inactive * deny operations also when user is ProhibitLogin Co-authored-by: zeripath <[email protected]>
@lafriks done. |
* prevent git operations for inactive users * Some fixes * Deny push to the repositories which's owner is inactive * deny operations also when user is ProhibitLogin Co-authored-by: zeripath <[email protected]> Co-authored-by: zeripath <[email protected]>
* prevent git operations for inactive users * Some fixes * Deny push to the repositories which's owner is inactive * deny operations also when user is ProhibitLogin Co-authored-by: zeripath <[email protected]> Co-authored-by: zeripath <[email protected]>
SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ‘_’ (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer MFH: 2020Q4 Security: go-gitea/gitea#13527 go-gitea/gitea#13521 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
Approved by: portmgr (with hat) www/gitea: Update to 1.12.5 Changes: https://github.com/go-gitea/gitea/releases/tag/v1.12.5 PR: 250372 Approved by: maintainer www/gitea: Update to 1.12.6 SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ‘_’ (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer Security: go-gitea/gitea#13527 go-gitea/gitea#13521
SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ‘_’ (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer MFH: 2020Q4 Security: go-gitea/gitea#13527 go-gitea/gitea#13521
SECURITY Prevent git operations for inactive users (#13527) (#13537) Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525) BUGFIXES API should only return Json (#13511) (#13564) Fix before and since query arguments at API (#13559) (#13560) Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492) Fix link detection in repository description with tailing ‘_’ (#13407) (#13408) Remove obsolete change of email on profile page (#13341) (#13348) Fix permission check on get Reactions API endpoints (#13344) (#13346) Add migrated pulls to pull request task queue (#13331) (#13335) API deny wrong pull creation options (#13308) (#13327) Fix initial commit page & binary munching problem (#13249) (#13259) Fix diff parsing (#13157) (#13136) (#13139) Return error 404 not 500 from API if team does not exist (#13118) (#13119) Prohibit automatic downgrades (#13108) (#13111) Fix GitLab Migration Option AuthToken (#13101) GitLab Label Color Normalizer (#12793) (#13100) Log the underlying panic in runMigrateTask (#13096) (#13098) Fix attachments list in edit comment (#13036) (#13097) Fix deadlock when deleting team user (#13093) Fix error create comment on outdated file (#13041) (#13042) Fix repository create/delete event webhooks (#13008) (#13027) Fix internal server error on README in submodule (#13006) (#13016) PR: 251296 Submitted by: maintainer MFH: 2020Q4 Security: go-gitea/gitea#13527 go-gitea/gitea#13521 git-svn-id: svn+ssh://svn.freebsd.org/ports/head@556058 35697150-7ecd-e111-bb59-0022644237b5
As title.