If the user-agent starts with git and user must change password but
hasn't return a 401 with the message.
It must be a 401, git doesn't seem to show the contents of the error message
when we return a 403
Fixes #19090
import (
"net/http"
+ "strings"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/log"
if ctx.Doer.MustChangePassword {
if ctx.Req.URL.Path != "/user/settings/change_password" {
+ if strings.HasPrefix(ctx.Req.UserAgent(), "git") {
+ ctx.Error(http.StatusUnauthorized, ctx.Tr("auth.must_change_password"))
+ return
+ }
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
if ctx.Req.URL.Path != "/user/events" {