Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)

Backport #28877 by @KN4CK3R Fixes #28875 If `RequireSignInView` is enabled, the ghost user has no access rights. Co-authored-by: KN4CK3R <admin@oldschoolhack.me> (cherry picked from commit b7c944b9e4)
2024-01-22 01:44:38 +08:00 · 2024-01-22 01:44:38 +08:00 · e2620642bd
commit e2620642bd
parent 80dfa56d2f
3 changed files with 24 additions and 6 deletions
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@ -22,6 +22,7 @@ import (
 	container_module "code.gitea.io/gitea/modules/packages/container"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/tests"

 	oci "github.com/opencontainers/image-spec/specs-go/v1"
@ -106,6 +107,14 @@ func TestPackageContainer(t *testing.T) {
 			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
 			addTokenAuthHeader(req, anonymousToken)
 			MakeRequest(t, req, http.StatusOK)
+
+			defer test.MockVariableValue(&setting.Service.RequireSignInView, true)()
+
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
+			MakeRequest(t, req, http.StatusUnauthorized)
+
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			MakeRequest(t, req, http.StatusUnauthorized)
 		})

 		t.Run("User", func(t *testing.T) {