Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow BASIC authentication access to /:owner/:repo/releases/download/* #16916

Conversation

zeripath
Copy link
Contributor

@zeripath zeripath commented Sep 1, 2021

Duplicate #15987 to allow access to releases download through BASIC authentication.

Fix #16914

Signed-off-by: Andrew Thornton [email protected]

Duplicate go-gitea#15987 to allow access to releases download through BASIC authentication.

Fix go-gitea#16914

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath
Copy link
Contributor Author

zeripath commented Sep 1, 2021

Should not hold up 1.15.1

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 1, 2021
@codecov-commenter
Copy link

codecov-commenter commented Sep 1, 2021

Codecov Report

Merging #16916 (2ae23ae) into main (268b2d0) will not change coverage.
The diff coverage is 75.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main   #16916   +/-   ##
=======================================
  Coverage   45.50%   45.50%           
=======================================
  Files         762      762           
  Lines       86173    86173           
=======================================
  Hits        39212    39212           
+ Misses      40649    40645    -4     
- Partials     6312     6316    +4     
Impacted Files Coverage Δ
services/auth/reverseproxy.go 0.00% <0.00%> (ø)
services/auth/auth.go 29.62% <100.00%> (ø)
services/auth/basic.go 44.23% <100.00%> (ø)
modules/indexer/stats/db.go 42.85% <0.00%> (-10.72%) ⬇️
modules/queue/queue_channel.go 91.66% <0.00%> (-5.00%) ⬇️
modules/git/tree_nogogit.go 33.33% <0.00%> (-3.71%) ⬇️
modules/queue/workerpool.go 48.47% <0.00%> (-3.44%) ⬇️
modules/git/repo_language_stats_nogogit.go 47.56% <0.00%> (-2.44%) ⬇️
modules/queue/queue_disk_channel.go 69.23% <0.00%> (-1.78%) ⬇️
services/pull/pull.go 41.78% <0.00%> (ø)
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 268b2d0...2ae23ae. Read the comment docs.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 2, 2021
@zeripath
Copy link
Contributor Author

zeripath commented Sep 2, 2021

make lgtm work

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 2, 2021
@zeripath zeripath merged commit a75b2f2 into go-gitea:main Sep 2, 2021
@zeripath zeripath deleted the fix-16914-allow-basic-authentication-to-releases-download branch September 2, 2021 15:48
zeripath added a commit to zeripath/gitea that referenced this pull request Sep 2, 2021
go-gitea#16916)

Backport go-gitea#16916

Duplicate go-gitea#15987 to allow access to releases download through BASIC authentication.

Fix go-gitea#16914

Signed-off-by: Andrew Thornton <[email protected]>
zeripath added a commit to zeripath/gitea that referenced this pull request Sep 2, 2021
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02

* BUGFIXES
  * Allow BASIC authentication access to /:owner/:repo/releases/download/* (go-gitea#16916) (go-gitea#16923)
  * Prevent leave changes dialogs due to autofill fields (go-gitea#16912) (go-gitea#16920)
  * Ignore review comment when ref commit is missed (go-gitea#16905) (go-gitea#16919)
  * Fix wrong attachment removal (go-gitea#16915) (go-gitea#16917)
  * Gitlab Migrator: dont ignore reactions of last request (go-gitea#16903) (go-gitea#16913)
  * Correctly return the number of Repositories for Organizations (go-gitea#16807) (go-gitea#16911)
  * Test if LFS object is accessible (go-gitea#16865) (go-gitea#16904)
  * Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (go-gitea#16899) (go-gitea#16900)
  * Fix dump and restore respository (go-gitea#16698) (go-gitea#16898)
  * Repare and Improve GetDiffRangeWithWhitespaceBehavior (go-gitea#16894) (go-gitea#16895)
  * Fix wiki raw commit diff/patch view (go-gitea#16891) (go-gitea#16892)
  * Ensure wiki repos are all closed (go-gitea#16886) (go-gitea#16888)
  * List limited and private orgs if authenticated on API (go-gitea#16866) (go-gitea#16879)
  * Simplify split diff view generation and remove JS dependency (go-gitea#16775) (go-gitea#16863)
  * Ensure that the default visibility is set on the user create page (go-gitea#16845) (go-gitea#16862)
  * In Render tolerate not being passed a context (go-gitea#16842) (go-gitea#16858)
  * Upgrade xorm to v1.2.2 (go-gitea#16663) & Add test to ensure that dumping of login sources remains correct (go-gitea#16847) (go-gitea#16848)
  * Report the correct number of pushes on the feeds (go-gitea#16811) (go-gitea#16822)
  * Add primary_key to issue_index (go-gitea#16813) (go-gitea#16820)
  * Prevent NPE on empty commit (go-gitea#16812) (go-gitea#16819)
  * Fix branch pagination error (go-gitea#16805) (go-gitea#16816)
  * Add missing return to handleSettingRemoteAddrError (go-gitea#16794) (go-gitea#16795)
  * Remove spurious / from issues.opened_by (go-gitea#16793)
  * Ensure that template compilation panics are sent to the logs (go-gitea#16788) (go-gitea#16792)
  * Update caddyserver/certmagic (go-gitea#16789) (go-gitea#16790)

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this pull request Sep 2, 2021
techknowlogick pushed a commit that referenced this pull request Sep 2, 2021
#16916) (#16923)

Backport #16916

Duplicate #15987 to allow access to releases download through BASIC authentication.

Fix #16914

Signed-off-by: Andrew Thornton <[email protected]>
zeripath added a commit that referenced this pull request Sep 2, 2021
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02

* BUGFIXES
  * Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
  * Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
  * Ignore review comment when ref commit is missed (#16905) (#16919)
  * Fix wrong attachment removal (#16915) (#16917)
  * Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
  * Correctly return the number of Repositories for Organizations (#16807) (#16911)
  * Test if LFS object is accessible (#16865) (#16904)
  * Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
  * Fix dump and restore respository (#16698) (#16898)
  * Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
  * Fix wiki raw commit diff/patch view (#16891) (#16892)
  * Ensure wiki repos are all closed (#16886) (#16888)
  * List limited and private orgs if authenticated on API (#16866) (#16879)
  * Simplify split diff view generation and remove JS dependency (#16775) (#16863)
  * Ensure that the default visibility is set on the user create page (#16845) (#16862)
  * In Render tolerate not being passed a context (#16842) (#16858)
  * Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
  * Report the correct number of pushes on the feeds (#16811) (#16822)
  * Add primary_key to issue_index (#16813) (#16820)
  * Prevent NPE on empty commit (#16812) (#16819)
  * Fix branch pagination error (#16805) (#16816)
  * Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
  * Remove spurious / from issues.opened_by (#16793)
  * Ensure that template compilation panics are sent to the logs (#16788) (#16792)
  * Update caddyserver/certmagic (#16789) (#16790)

Signed-off-by: Andrew Thornton <[email protected]>
zeripath added a commit to zeripath/gitea that referenced this pull request Sep 2, 2021
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02

* BUGFIXES
  * Allow BASIC authentication access to /:owner/:repo/releases/download/* (go-gitea#16916) (go-gitea#16923)
  * Prevent leave changes dialogs due to autofill fields (go-gitea#16912) (go-gitea#16920)
  * Ignore review comment when ref commit is missed (go-gitea#16905) (go-gitea#16919)
  * Fix wrong attachment removal (go-gitea#16915) (go-gitea#16917)
  * Gitlab Migrator: dont ignore reactions of last request (go-gitea#16903) (go-gitea#16913)
  * Correctly return the number of Repositories for Organizations (go-gitea#16807) (go-gitea#16911)
  * Test if LFS object is accessible (go-gitea#16865) (go-gitea#16904)
  * Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (go-gitea#16899) (go-gitea#16900)
  * Fix dump and restore respository (go-gitea#16698) (go-gitea#16898)
  * Repare and Improve GetDiffRangeWithWhitespaceBehavior (go-gitea#16894) (go-gitea#16895)
  * Fix wiki raw commit diff/patch view (go-gitea#16891) (go-gitea#16892)
  * Ensure wiki repos are all closed (go-gitea#16886) (go-gitea#16888)
  * List limited and private orgs if authenticated on API (go-gitea#16866) (go-gitea#16879)
  * Simplify split diff view generation and remove JS dependency (go-gitea#16775) (go-gitea#16863)
  * Ensure that the default visibility is set on the user create page (go-gitea#16845) (go-gitea#16862)
  * In Render tolerate not being passed a context (go-gitea#16842) (go-gitea#16858)
  * Upgrade xorm to v1.2.2 (go-gitea#16663) & Add test to ensure that dumping of login sources remains correct (go-gitea#16847) (go-gitea#16848)
  * Report the correct number of pushes on the feeds (go-gitea#16811) (go-gitea#16822)
  * Add primary_key to issue_index (go-gitea#16813) (go-gitea#16820)
  * Prevent NPE on empty commit (go-gitea#16812) (go-gitea#16819)
  * Fix branch pagination error (go-gitea#16805) (go-gitea#16816)
  * Add missing return to handleSettingRemoteAddrError (go-gitea#16794) (go-gitea#16795)
  * Remove spurious / from issues.opened_by (go-gitea#16793)
  * Ensure that template compilation panics are sent to the logs (go-gitea#16788) (go-gitea#16792)
  * Update caddyserver/certmagic (go-gitea#16789) (go-gitea#16790)

Signed-off-by: Andrew Thornton <[email protected]>
techknowlogick pushed a commit that referenced this pull request Sep 2, 2021
## [1.15.1](https://github.com/go-gitea/gitea/releases/tag/v1.15.1) - 2021-09-02

* BUGFIXES
  * Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
  * Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
  * Ignore review comment when ref commit is missed (#16905) (#16919)
  * Fix wrong attachment removal (#16915) (#16917)
  * Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
  * Correctly return the number of Repositories for Organizations (#16807) (#16911)
  * Test if LFS object is accessible (#16865) (#16904)
  * Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
  * Fix dump and restore respository (#16698) (#16898)
  * Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
  * Fix wiki raw commit diff/patch view (#16891) (#16892)
  * Ensure wiki repos are all closed (#16886) (#16888)
  * List limited and private orgs if authenticated on API (#16866) (#16879)
  * Simplify split diff view generation and remove JS dependency (#16775) (#16863)
  * Ensure that the default visibility is set on the user create page (#16845) (#16862)
  * In Render tolerate not being passed a context (#16842) (#16858)
  * Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
  * Report the correct number of pushes on the feeds (#16811) (#16822)
  * Add primary_key to issue_index (#16813) (#16820)
  * Prevent NPE on empty commit (#16812) (#16819)
  * Fix branch pagination error (#16805) (#16816)
  * Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
  * Remove spurious / from issues.opened_by (#16793)
  * Ensure that template compilation panics are sent to the logs (#16788) (#16792)
  * Update caddyserver/certmagic (#16789) (#16790)

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath added the backport/done All backports for this PR have been created label Sep 14, 2021
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Since 1.15.0, downloading a release attachment using Basic auth redirect to login
5 participants