domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Fix package access for admins and inactive users (#21580)

Browse source 
I noticed an admin is not allowed to upload packages for other users
because `ctx.IsSigned` was not set.
I added a check for `user.IsActive` and `user.ProhibitLogin` too because
both was not checked. Tests enforce this now.

Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
KN4CK3R 2022-10-24 21:23:25 +02:00 committed by GitHub
parent 49a4464160
commit 7c11a73833
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/integration/api_packages_container_test.go
View file

@ -471,6 +471,10 @@ func TestPackageContainer(t *testing.T) {
assert.Equal(t, fmt.Sprintf("%d", len(blobContent)), resp.Header().Get("Content-Length"))
assert.Equal(t, blobDigest, resp.Header().Get("Docker-Content-Digest"))
req = NewRequest(t, "HEAD", fmt.Sprintf("%s/blobs/%s", url, blobDigest))
addTokenAuthHeader(req, anonymousToken)
MakeRequest(t, req, http.StatusOK)
})
t.Run("GetBlob", func(t *testing.T) {