Skip to content

modules/context/auth.go: fix redirect loop #5965

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 17, 2019
Merged

modules/context/auth.go: fix redirect loop #5965

merged 2 commits into from
Feb 17, 2019

Conversation

@xdch47
Copy link
Contributor

@xdch47 xdch47 commented Feb 4, 2019

Closes #5815

Heatmap loop still persists.

@techknowlogick techknowlogick added this to the 1.8.0 milestone Feb 4, 2019
zeripath
zeripath suggested changes Feb 4, 2019
View reviewed changes
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 4, 2019
lafriks
lafriks reviewed Feb 4, 2019
View reviewed changes
@zeripath
Copy link
Contributor

zeripath commented Feb 5, 2019

Heya! I've actually just tested this on my own server and noticed the bug. It's not good that this was missed - I'm sorry about that.

We should probably change our integration tests to ensure we hit these potential bugs - always query Gitea without the suburl but always expect the suburl back etc.

In terms of fixing the other redirects - perhaps we should add a redirected from Param to the query and if we end up attempting to redirect back to the same place we should return forbidden.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 5, 2019
@xdch47 xdch47 mentioned this pull request Feb 8, 2019
Closed
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 16, 2019
@codecov-io
Copy link

codecov-io commented Feb 17, 2019

Codecov Report

Merging #5965 into master will increase coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #5965      +/-   ##
==========================================
+ Coverage   38.86%   38.86%   +<.01%     
==========================================
  Files         345      345              
  Lines       49508    49508              
==========================================
+ Hits        19241    19243       +2     
+ Misses      27485    27482       -3     
- Partials     2782     2783       +1
Impacted Files Coverage Δ
modules/context/auth.go 21.87% <0%> (ø) ⬆️
models/unit.go 14.28% <0%> (+14.28%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0b72c00...eba5b05. Read the comment docs.

@lunny lunny merged commit 5e7dee0 into go-gitea:master Feb 17, 2019
@lunny
Copy link
Member

lunny commented Feb 17, 2019

Please send back port to release/v1.7

xdch47 added a commit to xdch47/gitea that referenced this pull request Feb 17, 2019
@xdch47
modules/context/auth.go: fix redirect loop (go-gitea#5965)
01bb3ad 
Closes go-gitea#5815
@xdch47 xdch47 mentioned this pull request Feb 17, 2019
Merged
zeripath pushed a commit that referenced this pull request Feb 17, 2019
@xdch47 @zeripath
modules/context/auth.go: fix redirect loop (#5965) (#6101)
f4c7e87 
Closes #5815
@lafriks lafriks added the backport/done All backports for this PR have been created label Feb 17, 2019
mckaygerhard
mckaygerhard reviewed Mar 6, 2019
View reviewed changes
modules/context/auth.go
// also make sure that the form cannot be accessed by
// users who don't need this
if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" {
if ctx.Req.URL.Path == "/user/settings/change_password" {
Copy link

@mckaygerhard mckaygerhard Mar 6, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this change makes works the problem in #5482

@erpadmin
Copy link

erpadmin commented Mar 18, 2019

how can i determine if when this will hit binary release? i'm having this issue on httpd although working w/colleague to determine our current version

@apricote
Copy link
Contributor

apricote commented Mar 18, 2019

This was included as a backport in v1.7.3 and will be included in the next minor version v1.8.0.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lafriks lafriks lafriks approved these changes

+2 more reviewers

@mckaygerhard mckaygerhard mckaygerhard left review comments

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug

Projects

None yet

Milestone

1.8.0

Development

Successfully merging this pull request may close these issues.

Redirect loop for initial password change, behind nginx SSL reverse-proxy

10 participants

@xdch47 @zeripath @codecov-io @lunny @erpadmin @apricote @lafriks @mckaygerhard @techknowlogick @GiteaBot