Skip to content

Correctly check http git access rights for reverse proxy authorized users #3721

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 29, 2018
Merged

Correctly check http git access rights for reverse proxy authorized users #3721

merged 2 commits into from
Mar 29, 2018

Conversation

lafriks
Copy link
Member

@lafriks lafriks commented Mar 25, 2018

Fixes reverse proxy authorized users for access rights to git repositories when accessing from git client.

Review changes with ?w=1 to easier see actual changes :)
@lafriks lafriks added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! backport/v1.4 labels Mar 25, 2018
@lafriks lafriks added this to the 1.5.0 milestone Mar 25, 2018
@codecov-io
Copy link

codecov-io commented Mar 25, 2018
edited
Loading

Codecov Report

Merging #3721 into master will not change coverage.
The diff coverage is 11.11%.

Impacted file tree graph

@@ Coverage Diff @@ ## master #3721 +/- ## ======================================= Coverage 35.76% 35.76% ======================================= Files 289 289 Lines 41604 41604 ======================================= Hits 14879 14879 - Misses 24527 24528 +1  + Partials 2198 2197 -1
Impacted Files Coverage Δ
routers/repo/http.go 38.01% <11.11%> (ø) ⬆️
models/repo_indexer.go 48.3% <0%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4c6e170...73037d7. Read the comment docs.
@tboerger tboerger added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 25, 2018
@mckaygerhard
Copy link

hi, this it's a fix or its only a compatibility feature? and when will going to be backported to 1.4 branch?
@lafriks
Copy link
Member Author

lafriks commented Mar 26, 2018

@mckaygerhard it is bugfix and will be backported to 1.4 branch as soon other maintainers review&approve this PR
@tboerger tboerger added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 26, 2018
@mckaygerhard
Copy link

only one more.. lgtm
@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 28, 2018
@lunny lunny merged commit ab5cc6f into go-gitea:master Mar 29, 2018
@lafriks lafriks deleted the fix/git_reverse_proxy_auth branch March 29, 2018 13:39
lafriks added a commit to lafriks-fork/gitea that referenced this pull request Mar 30, 2018
@lafriks
Correctly check http git access rights for reverse proxy authorized u…
ec63d78 
…sers (go-gitea#3721)
@lafriks lafriks added the backport/done All backports for this PR have been created label Mar 30, 2018
@lafriks lafriks mentioned this pull request Mar 30, 2018
Merged
lafriks added a commit that referenced this pull request Apr 4, 2018
@lafriks
Correctly check http git access rights for reverse proxy authorized u…
641d481 
…sers (#3721) (#3743)
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!

7 participants

@lafriks @codecov-io @mckaygerhard @jonasfranz @Bwko @lunny @tboerger