]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f57aa0) | patch
Require repo scope for PATs for private repos and basic authentication (#24362)
authorJohn Olheiser <john.olheiser@gmail.com>
Thu, 27 Apr 2023 00:24:03 +0000 (19:24 -0500)
committerGitHub <noreply@github.com>
Thu, 27 Apr 2023 00:24:03 +0000 (19:24 -0500)
commit5e360241053f6fcfb7f8b89373cba431adaf44ce
tree8253e76b296a437b3e288e5cc0b70070e9578946tree | snapshot
parent8f57aa014b5642bcd33a6b22492df3c63f03d808commit | diff
Require repo scope for PATs for private repos and basic authentication (#24362)

> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
modules/context/permission.go diff | blob | history
routers/api/packages/api.go diff | blob | history
routers/web/repo/attachment.go diff | blob | history
routers/web/repo/http.go diff | blob | history
services/auth/basic.go diff | blob | history
services/lfs/locks.go diff | blob | history
services/lfs/server.go diff | blob | history
tests/integration/api_packages_npm_test.go diff | blob | history
tests/integration/api_packages_nuget_test.go diff | blob | history
tests/integration/api_packages_pub_test.go diff | blob | history
tests/integration/api_packages_vagrant_test.go diff | blob | history
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea