Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packages are visible when REQUIRE_SIGNIN_VIEW = true #20100

Closed
jackv24 opened this issue Jun 23, 2022 · 0 comments · Fixed by #20101
Closed

Packages are visible when REQUIRE_SIGNIN_VIEW = true #20100

jackv24 opened this issue Jun 23, 2022 · 0 comments · Fixed by #20101
Labels
type/bug
Milestone
1.17.0

Comments

@jackv24
Copy link
Contributor

jackv24 commented Jun 23, 2022
edited
Loading

Description

No pages should be accessible without signing in when REQUIRE_SIGNIN_VIEW = true, but the Packages page can be accessed via URL: https://<server_url>/<org>/-/packages. Packages can also be downloaded this way.

I would also expect that if the linked repository is not viewable, then the package should not be accessible either (via not being signed in or being signed in but not having permissions to view that repo).

When accessing that URL while not signed in the router log shows:

2022/06/23 17:08:02 [62b4185a] router: completed GET /core/-/packages for 203.220.100.202:0, 200 OK in 45.4ms @ user/package.go:33(user.ListPackages)
2022/06/23 17:08:02 [62b4185a-2] router: completed GET /assets/css/index.css?v=29fca9d70ab517836c961cc4b3be8719 for 203.220.100.202:0, 200 OK in 0.4ms @ public/public.go:42(AssetsHandler)
2022/06/23 17:08:02 [62b4185a-3] router: completed GET /avatar/b7de109bda740fec89d58bb5fe3d9a00?size=72 for 203.220.100.202:0, 303 See Other in 1.5ms @ user/avatar.go:45(user.AvatarByEmailHash)
2022/06/23 17:08:02 [62b4185a-4] router: completed GET /assets/img/favicon.svg for 203.220.100.202:0, 200 OK in 0.2ms @ public/public.go:42(AssetsHandler)

Gitea Version

1.17.0+rc1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 20.04.4 Server

How are you running Gitea?

Docker, gitea/gitea:latest, 1.17.0+rc1

Database

SQLite
@lunny lunny mentioned this issue Jun 23, 2022
Merged
@6543 6543 added this to the 1.17.0 milestone Jun 23, 2022
@eeyrjmr eeyrjmr mentioned this issue Aug 19, 2022
Closed
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
1.17.0
Development

Successfully merging a pull request may close this issue.

Fix wrong login requirement routers lunny/gitea
2 participants
@jackv24 @6543