luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-02 04:42:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Allow Token/Basic auth on raw paths (#15987)

Browse source 
It appears that people have been using token authentication to navigate to raw paths
and recent changes have broken this. Whilst ideally these paths would not be being used
like this - it was not the intention to be a breaking change.

This PR restores access to these paths.

Fix #13772

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-05-27 19:46:11 +01:00 committed by GitHub
parent b27a9d43a5
commit 6d6a65cf5c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/auth/sso/sso.go
View file

@ -104,11 +104,11 @@ func isAttachmentDownload(req *http.Request) bool {
return strings.HasPrefix(req.URL.Path, "/attachments/") && req.Method == "GET"
}
var gitPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/))`)
var gitRawPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|raw/)`)
var lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`)
func isGitOrLFSPath(req *http.Request) bool {
if gitPathRe.MatchString(req.URL.Path) {
func isGitRawOrLFSPath(req *http.Request) bool {
if gitRawPathRe.MatchString(req.URL.Path) {
return true
}
if setting.LFS.StartServer {