tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-15 23:17:19 +00:00
Code Releases Activity

Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)

Browse Source 
Backport #28877 by @KN4CK3R

Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
This commit is contained in:
Giteabot
2024-01-22 01:44:38 +08:00
committed by GitHub
parent cf9a416d62
commit b7c944b9e4
3 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/integration/api_packages_container_test.go
View File

@@ -21,6 +21,7 @@ import (
container_module "code.gitea.io/gitea/modules/packages/container"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/test"
"code.gitea.io/gitea/tests"
"github.com/minio/sha256-simd"
@@ -106,6 +107,14 @@ func TestPackageContainer(t *testing.T) {
req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
addTokenAuthHeader(req, anonymousToken)
MakeRequest(t, req, http.StatusOK)
defer test.MockVariableValue(&setting.Service.RequireSignInView, true)()
req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
MakeRequest(t, req, http.StatusUnauthorized)
req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
MakeRequest(t, req, http.StatusUnauthorized)
})
t.Run("User", func(t *testing.T) {