Respond with a 401 on git push when password isn't changed yet (#20027)

Fixes #19090

If the user-agent starts with git and user must change password but
hasn't return a 401 with the message.

It must be a 401, git doesn't seem to show the contents of the error message
when we return a 403

Co-authored-by: 6543 <6543@obermui.de>
This commit is contained in:
Wim 2022-06-19 19:02:18 +02:00 committed by GitHub
parent a4b1967ea3
commit 2a48833f93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -7,6 +7,7 @@ package context
import ( import (
"net/http" "net/http"
"strings"
"code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/log"
@ -41,6 +42,10 @@ func Toggle(options *ToggleOptions) func(ctx *Context) {
if ctx.Doer.MustChangePassword { if ctx.Doer.MustChangePassword {
if ctx.Req.URL.Path != "/user/settings/change_password" { if ctx.Req.URL.Path != "/user/settings/change_password" {
if strings.HasPrefix(ctx.Req.UserAgent(), "git") {
ctx.Error(http.StatusUnauthorized, ctx.Tr("auth.must_change_password"))
return
}
ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
if ctx.Req.URL.Path != "/user/events" { if ctx.Req.URL.Path != "/user/events" {