domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)

Browse source 
Backport #26430 by @lunny

Fix #26165
Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 23139aa27b)
This commit is contained in:
Giteabot 2023-10-01 19:54:15 +08:00 committed by Earl Warren
parent 5e2d16de0e
commit 3e8c3b7c09
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
8 changed files with 66 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
services/auth/oauth2.go
View file

@ -126,7 +126,9 @@ func (o *OAuth2) userIDFromToken(tokenSHA string, store DataStore) int64 {
// If verification is successful returns an existing user object.
// Returns nil if verification fails.
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
!gitRawReleasePathRe.MatchString(req.URL.Path) {
return nil, nil
}