Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

switch jwt lib to maintained one #16532

Merged
merged 3 commits into from
Jul 24, 2021
Merged

Conversation

techknowlogick
Copy link
Member

as title

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jul 24, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 24, 2021
@6543 6543 changed the title switch to maintained lib switch jwt lib to maintained one Jul 24, 2021
@zeripath
Copy link
Contributor

make lgtm work

@codecov-commenter
Copy link

Codecov Report

Merging #16532 (82ee03f) into main (f135a81) will decrease coverage by 0.00%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #16532      +/-   ##
==========================================
- Coverage   45.43%   45.42%   -0.01%     
==========================================
  Files         719      719              
  Lines       84467    84467              
==========================================
- Hits        38374    38373       -1     
- Misses      39931    39932       +1     
  Partials     6162     6162              
Impacted Files Coverage Δ
cmd/serv.go 2.51% <ø> (ø)
models/oauth2_application.go 69.39% <ø> (ø)
modules/auth/oauth2/jwtsigningkey.go 32.50% <ø> (ø)
modules/generate/generate.go 0.00% <ø> (ø)
routers/web/user/oauth.go 36.53% <ø> (ø)
services/lfs/server.go 70.43% <ø> (ø)
models/gpg_key_common.go 59.67% <0.00%> (-4.84%) ⬇️
models/unit.go 41.09% <0.00%> (-2.74%) ⬇️
modules/process/manager.go 72.83% <0.00%> (-2.47%) ⬇️
models/repo_list.go 77.04% <0.00%> (-0.78%) ⬇️
... and 5 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f135a81...82ee03f. Read the comment docs.

zeripath pushed a commit to zeripath/gitea that referenced this pull request Jul 24, 2021
@zeripath
Copy link
Contributor

oops. I just conflicted this!

@6543 6543 merged commit 29a22ad into go-gitea:main Jul 24, 2021
@techknowlogick techknowlogick deleted the update-jwt-lib branch July 24, 2021 15:10
techknowlogick added a commit that referenced this pull request Jul 24, 2021
Backport #16532

Co-authored-by: Matti R <matti@mdranta.net>
@techknowlogick techknowlogick added the backport/done All backports for this PR have been created label Jul 24, 2021
zeripath added a commit to zeripath/gitea that referenced this pull request Aug 4, 2021
[1.14.6](https://github.com/go-gitea/gitea/releases/tag/v1.14.6) - 2021-08-04

* SECURITY
  * Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (go-gitea#16538) (go-gitea#16540)
  * Switch to maintained JWT lib (go-gitea#16532) (go-gitea#16535)
  * Upgrade to latest version of golang-jwt (as forked for 1.14) (go-gitea#16590) (go-gitea#16607)
* BUGFIXES
  * Add basic edit ldap auth test & actually fix go-gitea#16252 (go-gitea#16465) (go-gitea#16495)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16481)

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Aug 4, 2021
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Aug 4, 2021
zeripath added a commit to zeripath/gitea that referenced this pull request Aug 4, 2021
 ## [1.15.0-rc3](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc3) - 2021-08-04

* BREAKING
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (go-gitea#16590) (go-gitea#16606)
* SECURITY
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (go-gitea#16590) (go-gitea#16606)
  * Switch to maintained jwt lib (go-gitea#16532) (go-gitea#16533)
  * Correctly create of git-daemon-export-ok files (go-gitea#16508) (go-gitea#16514)
  * Don't show private user's repo in explore view (go-gitea#16550) (go-gitea#16554)
* API
  * Swagger AccessToken fixes (go-gitea#16574) (go-gitea#16597)
  * Set AllowedHeaders on API CORS handler (go-gitea#16524) (go-gitea#16618)
* BUGFIXES
  * Restore Accessibility for Dropdown (go-gitea#16576) (go-gitea#16617)
  * Pass down SignedUserName down to AccessLogger context (go-gitea#16605) (go-gitea#16616)
  * Fix table alignment in markdown (go-gitea#16596) (go-gitea#16602)
  * Fix 500 on first wiki page (go-gitea#16586) (go-gitea#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (go-gitea#16564) (go-gitea#16570)
  * Upgrade levelqueue to v0.4.0 (go-gitea#16560) (go-gitea#16561)
  * Handle too long PR titles correctly (go-gitea#16517) (go-gitea#16549)
  * Fix data race in bleve indexer (go-gitea#16474) (go-gitea#16509)
  * Restore CORS on git smart http protocol (go-gitea#16496) (go-gitea#16506)
  * Fix race in log (go-gitea#16490) (go-gitea#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (go-gitea#16487) (go-gitea#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (go-gitea#16479) (go-gitea#16480)
  * Update notification table with only latest data (go-gitea#16445) (go-gitea#16469)
  * Revert to use alpine 3.13 (go-gitea#16451) (go-gitea#16452)
  * Fix crash following ldap authentication update (go-gitea#16447) (go-gitea#16448)
  * Fix direct creation of external users on admin page (partial go-gitea#16612) (go-gitea#16613)

Signed-off-by: Andrew Thornton <art27@cantab.net>
zeripath added a commit that referenced this pull request Aug 5, 2021
## [1.14.6](https://github.com/go-gitea/gitea/releases/tag/v1.14.6) - 2021-08-04

* SECURITY
  * Bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538) (#16540)
  * Switch to maintained JWT lib (#16532) (#16535)
  * Upgrade to latest version of golang-jwt (as forked for 1.14) (#16590) (#16607)
* BUGFIXES
  * Add basic edit ldap auth test & actually fix #16252 (#16465) (#16495)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16481)

Signed-off-by: Andrew Thornton <art27@cantab.net>
techknowlogick added a commit that referenced this pull request Aug 6, 2021
* Changelog for 1.15.0-rc3

 ## [1.15.0-rc3](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc3) - 2021-08-04

* BREAKING
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* SECURITY
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
  * Switch to maintained jwt lib (#16532) (#16533)
  * Correctly create of git-daemon-export-ok files (#16508) (#16514)
  * Don't show private user's repo in explore view (#16550) (#16554)
* API
  * Swagger AccessToken fixes (#16574) (#16597)
  * Set AllowedHeaders on API CORS handler (#16524) (#16618)
* BUGFIXES
  * Restore Accessibility for Dropdown (#16576) (#16617)
  * Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
  * Fix table alignment in markdown (#16596) (#16602)
  * Fix 500 on first wiki page (#16586) (#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
  * Upgrade levelqueue to v0.4.0 (#16560) (#16561)
  * Handle too long PR titles correctly (#16517) (#16549)
  * Fix data race in bleve indexer (#16474) (#16509)
  * Restore CORS on git smart http protocol (#16496) (#16506)
  * Fix race in log (#16490) (#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
  * Update notification table with only latest data (#16445) (#16469)
  * Revert to use alpine 3.13 (#16451) (#16452)
  * Fix crash following ldap authentication update (#16447) (#16448)
  * Fix direct creation of external users on admin page (partial #16612) (#16613)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* Update CHANGELOG.md

Co-authored-by: zeripath <art27@cantab.net>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants