summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorWim <wim@42.be>2022-06-19 21:23:00 +0200
committerGitHub <noreply@github.com>2022-06-19 20:23:00 +0100
commite91229eefbd09fecaebd0e058c3bfe7612a0bc61 (patch)
tree8b301a4cb0538d7a85ab01eb3194ac9eef12f8f7 /modules
parent62104b4896f2f443da13b834d0111e1378134ac3 (diff)
downloadgitea-e91229eefbd09fecaebd0e058c3bfe7612a0bc61.tar.gz
gitea-e91229eefbd09fecaebd0e058c3bfe7612a0bc61.zip
Respond with a 401 on git push when password isn't changed yet (#20026)
If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 Fixes #19090
Diffstat (limited to 'modules')
-rw-r--r--modules/context/auth.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go
index 09c2295455..e6d882eb5b 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -7,6 +7,7 @@ package context
import (
"net/http"
+ "strings"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/log"
@@ -41,6 +42,10 @@ func Toggle(options *ToggleOptions) func(ctx *Context) {
if ctx.Doer.MustChangePassword {
if ctx.Req.URL.Path != "/user/settings/change_password" {
+ if strings.HasPrefix(ctx.Req.UserAgent(), "git") {
+ ctx.Error(http.StatusUnauthorized, ctx.Tr("auth.must_change_password"))
+ return
+ }
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
if ctx.Req.URL.Path != "/user/events" {