Allow get release download files and lfs files with oauth2 token format (#26430)
Fix #26165 Fix #25257
This commit is contained in:
parent
6b65c41ebf
commit
6e87a44034
@ -140,3 +140,16 @@
|
|||||||
download_count: 0
|
download_count: 0
|
||||||
size: 0
|
size: 0
|
||||||
created_unix: 946684800
|
created_unix: 946684800
|
||||||
|
|
||||||
|
-
|
||||||
|
id: 12
|
||||||
|
uuid: a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a22
|
||||||
|
repo_id: 2
|
||||||
|
issue_id: 0
|
||||||
|
release_id: 11
|
||||||
|
uploader_id: 2
|
||||||
|
comment_id: 0
|
||||||
|
name: README.md
|
||||||
|
download_count: 0
|
||||||
|
size: 0
|
||||||
|
created_unix: 946684800
|
||||||
|
@ -136,3 +136,17 @@
|
|||||||
is_prerelease: false
|
is_prerelease: false
|
||||||
is_tag: false
|
is_tag: false
|
||||||
created_unix: 946684803
|
created_unix: 946684803
|
||||||
|
|
||||||
|
- id: 11
|
||||||
|
repo_id: 2
|
||||||
|
publisher_id: 2
|
||||||
|
tag_name: "v1.1"
|
||||||
|
lower_tag_name: "v1.1"
|
||||||
|
target: ""
|
||||||
|
title: "v1.1"
|
||||||
|
sha1: "205ac761f3326a7ebe416e8673760016450b5cec"
|
||||||
|
num_commits: 2
|
||||||
|
is_draft: false
|
||||||
|
is_prerelease: false
|
||||||
|
is_tag: false
|
||||||
|
created_unix: 946684803
|
||||||
|
@ -978,9 +978,6 @@ func registerRoutes(m *web.Route) {
|
|||||||
}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead, false))
|
}, reqUnitAccess(unit.TypeCode, perm.AccessModeRead, false))
|
||||||
}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)
|
}, ignSignIn, context_service.UserAssignmentWeb(), context.OrgAssignment()) // for "/{username}/-" (packages, projects, code)
|
||||||
|
|
||||||
// ***** Release Attachment Download without Signin
|
|
||||||
m.Get("/{username}/{reponame}/releases/download/{vTag}/{fileName}", ignSignIn, context.RepoAssignment, repo.MustBeNotEmpty, repo.RedirectDownload)
|
|
||||||
|
|
||||||
m.Group("/{username}/{reponame}", func() {
|
m.Group("/{username}/{reponame}", func() {
|
||||||
m.Group("/settings", func() {
|
m.Group("/settings", func() {
|
||||||
m.Group("", func() {
|
m.Group("", func() {
|
||||||
@ -1240,8 +1237,9 @@ func registerRoutes(m *web.Route) {
|
|||||||
m.Get(".rss", feedEnabled, repo.ReleasesFeedRSS)
|
m.Get(".rss", feedEnabled, repo.ReleasesFeedRSS)
|
||||||
m.Get(".atom", feedEnabled, repo.ReleasesFeedAtom)
|
m.Get(".atom", feedEnabled, repo.ReleasesFeedAtom)
|
||||||
}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
|
}, ctxDataSet("EnableFeed", setting.Other.EnableFeed),
|
||||||
repo.MustBeNotEmpty, reqRepoReleaseReader, context.RepoRefByType(context.RepoRefTag, true))
|
repo.MustBeNotEmpty, context.RepoRefByType(context.RepoRefTag, true))
|
||||||
m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, reqRepoReleaseReader, repo.GetAttachment)
|
m.Get("/releases/attachments/{uuid}", repo.MustBeNotEmpty, repo.GetAttachment)
|
||||||
|
m.Get("/releases/download/{vTag}/{fileName}", repo.MustBeNotEmpty, repo.RedirectDownload)
|
||||||
m.Group("/releases", func() {
|
m.Group("/releases", func() {
|
||||||
m.Get("/new", repo.NewRelease)
|
m.Get("/new", repo.NewRelease)
|
||||||
m.Post("/new", web.Bind(forms.NewReleaseForm{}), repo.NewReleasePost)
|
m.Post("/new", web.Bind(forms.NewReleaseForm{}), repo.NewReleasePost)
|
||||||
|
@ -125,7 +125,9 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
|
|||||||
// If verification is successful returns an existing user object.
|
// If verification is successful returns an existing user object.
|
||||||
// Returns nil if verification fails.
|
// Returns nil if verification fails.
|
||||||
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
|
||||||
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
|
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
|
||||||
|
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
|
||||||
|
!gitRawReleasePathRe.MatchString(req.URL.Path) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
1032bbf17fbc0d9c95bb5418dabe8f8c99278700
|
@ -239,3 +239,20 @@ func TestViewTagsList(t *testing.T) {
|
|||||||
|
|
||||||
assert.EqualValues(t, []string{"v1.0", "delete-tag", "v1.1"}, tagNames)
|
assert.EqualValues(t, []string{"v1.0", "delete-tag", "v1.1"}, tagNames)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDownloadReleaseAttachment(t *testing.T) {
|
||||||
|
defer tests.PrepareTestEnv(t)()
|
||||||
|
|
||||||
|
tests.PrepareAttachmentsStorage(t)
|
||||||
|
|
||||||
|
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
|
||||||
|
|
||||||
|
url := repo.Link() + "/releases/download/v1.1/README.md"
|
||||||
|
|
||||||
|
req := NewRequest(t, "GET", url)
|
||||||
|
MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
|
||||||
|
req = NewRequest(t, "GET", url)
|
||||||
|
session := loginUser(t, "user2")
|
||||||
|
session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
}
|
||||||
|
@ -179,6 +179,20 @@ func InitTest(requireGitea bool) {
|
|||||||
routers.InitWebInstalled(graceful.GetManager().HammerContext())
|
routers.InitWebInstalled(graceful.GetManager().HammerContext())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func PrepareAttachmentsStorage(t testing.TB) {
|
||||||
|
// prepare attachments directory and files
|
||||||
|
assert.NoError(t, storage.Clean(storage.Attachments))
|
||||||
|
|
||||||
|
s, err := storage.NewStorage(setting.LocalStorageType, &setting.Storage{
|
||||||
|
Path: filepath.Join(filepath.Dir(setting.AppPath), "tests", "testdata", "data", "attachments"),
|
||||||
|
})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NoError(t, s.IterateObjects("", func(p string, obj storage.Object) error {
|
||||||
|
_, err = storage.Copy(storage.Attachments, p, s, p)
|
||||||
|
return err
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
|
||||||
func PrepareTestEnv(t testing.TB, skip ...int) func() {
|
func PrepareTestEnv(t testing.TB, skip ...int) func() {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
ourSkip := 1
|
ourSkip := 1
|
||||||
|
1
tests/testdata/data/attachments/a/0/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a22
vendored
Normal file
1
tests/testdata/data/attachments/a/0/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a22
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
# This is a release README
|
Loading…
Reference in New Issue
Block a user