opensource/gitea
1
0
Fork 0
mirror of https://gitcode.com/gitea/gitea.git synced 2025-05-31 23:33:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow get release download files and lfs files with oauth2 token format (#26430)

Browse Source 
Fix #26165
Fix #25257
This commit is contained in:
Lunny Xiao
2023-10-01 18:41:52 +08:00
committed by GitHub
parent 6b65c41ebf
commit 6e87a44034
8 changed files with 66 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
services/auth/oauth2.go
View File

@ -125,7 +125,9 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
// If verification is successful returns an existing user object.
// Returns nil if verification fails.
func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) {
// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
!gitRawReleasePathRe.MatchString(req.URL.Path) {
return nil, nil
}