download_count: 0
size: 0
created_unix: 946684800
+
+-
+ id: 12
+ uuid: a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a22
+ repo_id: 2
+ issue_id: 0
+ release_id: 11
+ uploader_id: 2
+ comment_id: 0
+ name: README.md
+ download_count: 0
+ size: 0
+ created_unix: 946684800
is_prerelease: false
is_tag: false
created_unix: 946684803
+
+- id: 11
+ repo_id: 2
+ publisher_id: 2
+ tag_name: "v1.1"
+ lower_tag_name: "v1.1"
+ target: ""
+ title: "v1.1"
+ sha1: "205ac761f3326a7ebe416e8673760016450b5cec"
+ num_commits: 2
+ is_draft: false
+ is_prerelease: false
+ is_tag: false
+ created_unix: 946684803
}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead, false))
}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)
- // ***** Release Attachment Download without Signin
- m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)
-
m.Group("/{username}/{reponame}", func() {
m.Group("/settings", func() {
m.Group("", func() {
m.Get(".rss", feedEnabled, repo.ReleasesFeedRSS)
m.Get(".atom", feedEnabled, repo.ReleasesFeedAtom)
}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
- repo.MustBeNotEmpty, reqRepoReleaseReader, context.RepoRefByType(context.RepoRefTag, true))
- m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, reqRepoReleaseReader, repo.GetAttachment)
+ repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefTag, true))
+ m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, repo.GetAttachment)
+ m.Get("/releases/download/{vTag}/{fileName}", repo.MustBeNotEmpty, repo.RedirectDownload)
m.Group("/releases", func() {
m.Get("/new", repo.NewRelease)
m.Post("/new", web.Bind(forms.NewReleaseForm{}), repo.NewReleasePost)
// If verification is successful returns an existing user object.
// Returns nil if verification fails.
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
- if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
+ // These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
+ if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
+ !gitRawReleasePathRe.MatchString(req.URL.Path) {
return nil, nil
}
--- /dev/null
+1032bbf17fbc0d9c95bb5418dabe8f8c99278700
assert.EqualValues(t, []string{"v1.0", "delete-tag", "v1.1"}, tagNames)
}
+
+func TestDownloadReleaseAttachment(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+
+ tests.PrepareAttachmentsStorage(t)
+
+ repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
+
+ url := repo.Link() + "/releases/download/v1.1/README.md"
+
+ req := NewRequest(t, "GET", url)
+ MakeRequest(t, req, http.StatusNotFound)
+
+ req = NewRequest(t, "GET", url)
+ session := loginUser(t, "user2")
+ session.MakeRequest(t, req, http.StatusOK)
+}
routers.InitWebInstalled(graceful.GetManager().HammerContext())
}
+func PrepareAttachmentsStorage(t testing.TB) {
+ // prepare attachments directory and files
+ assert.NoError(t, storage.Clean(storage.Attachments))
+
+ s, err := storage.NewStorage(setting.LocalStorageType, &setting.Storage{
+ Path: filepath.Join(filepath.Dir(setting.AppPath), "tests", "testdata", "data", "attachments"),
+ })
+ assert.NoError(t, err)
+ assert.NoError(t, s.IterateObjects("", func(p string, obj storage.Object) error {
+ _, err = storage.Copy(storage.Attachments, p, s, p)
+ return err
+ }))
+}
+
func PrepareTestEnv(t testing.TB, skip ...int) func() {
t.Helper()
ourSkip := 2
--- /dev/null
+# This is a release README
projects / gitea.git / commitdiff