Allow Token/Basic auth on raw paths (#15987)

It appears that people have been using token authentication to navigate to raw paths and recent changes have broken this. Whilst ideally these paths would not be being used like this - it was not the intention to be a breaking change. This PR restores access to these paths. Fix #13772 Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2021-05-27 19:46:11 +0100
committer: GitHub <noreply@github.com> 2021-05-27 19:46:11 +0100
commit: 6d6a65cf5cc13deddd96bb76b773667d068823d4 (patch)
tree: f01a4e49ac2850b4b7ca6a46dcb2ecf1eee53dbc /modules/auth/sso/basic.go
parent: b27a9d43a5c0b473c30b6137e0309d103793dcad (diff)
download: gitea-6d6a65cf5cc13deddd96bb76b773667d068823d4.tar.gz
gitea-6d6a65cf5cc13deddd96bb76b773667d068823d4.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/auth/sso/basic.go b/modules/auth/sso/basic.go
index a18e127ff9..5551288128 100644
--- a/modules/auth/sso/basic.go
+++ b/modules/auth/sso/basic.go
@@ -51,7 +51,7 @@ func (b *Basic) IsEnabled() bool {
 func (b *Basic) VerifyAuthData(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *models.User {
 
 	// Basic authentication should only fire on API, Download or on Git or LFSPaths
-	if middleware.IsInternalPath(req) || !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitOrLFSPath(req) {
+	if middleware.IsInternalPath(req) || !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isGitRawOrLFSPath(req) {
 		return nil
 	}
author	zeripath <art27@cantab.net>	2021-05-27 19:46:11 +0100
committer	GitHub <noreply@github.com>	2021-05-27 19:46:11 +0100
commit	6d6a65cf5cc13deddd96bb76b773667d068823d4 (patch)
tree	f01a4e49ac2850b4b7ca6a46dcb2ecf1eee53dbc /modules/auth/sso/basic.go
parent	b27a9d43a5c0b473c30b6137e0309d103793dcad (diff)
download	gitea-6d6a65cf5cc13deddd96bb76b773667d068823d4.tar.gz gitea-6d6a65cf5cc13deddd96bb76b773667d068823d4.zip