Getting raw files for private repos via token #13772
Comments
|
@pat-s I've successfully used the token method you described until the beginning of april on dev branch releases. Now at curl -u ${username}:${token} https://git.domain.tld/${username}/${repo}/raw/branch/${branch}/${file}I get a <a href="/user/login">Found</a>. |
|
Ugh... So it wasn't really expected that people would be using tokens with non-api or non-git routes. That's why you're finding that there has been a change. |
It appears that people have been using token authentication to navigate to raw paths and recent changes have broken this. Whilst ideally these paths would not be being used like this - it was not the intention to be a breaking change. This PR restores access to these paths. Fix go-gitea#13772 Signed-off-by: Andrew Thornton <art27@cantab.net>
|
Github allows to use tokens in the same way Gitea did until some commits ago; Gitlab on the other hand had this functionality until a couple of years ago, but like (probably) Gitea, it wasn't intentional and has been restricted to only API and git routes due to security concerns. I personally fail to see the security concerns the Gitlab maintainers are referring to since basically the same things can be achieved on the API side... using the API generally should be the way to go, but there are some specific use cases for specific routes (like retrieving raw files via a simple shell script) where can be less ideal. On this use case, the Github way helps on the dev/user side to keep the same simple and intuitive (and rather platform-agnostic) retrieval flow of files for both public and private repos. @zeripath wow! Ty for the prompt response and merge request, I didn't expect that! 😄❤️ |
It appears that people have been using token authentication to navigate to raw paths and recent changes have broken this. Whilst ideally these paths would not be being used like this - it was not the intention to be a breaking change. This PR restores access to these paths. Fix #13772 Signed-off-by: Andrew Thornton <art27@cantab.net>
It appears that people have been using token authentication to navigate to raw paths and recent changes have broken this. Whilst ideally these paths would not be being used like this - it was not the intention to be a breaking change. This PR restores access to these paths. Fix go-gitea#13772 Signed-off-by: Andrew Thornton <art27@cantab.net>
[x]):Description
When fetchting raw files of private repos, one needs to pass some form of authentication.
Usually
?token=<token>is appended or the token is passed via-u <username>:<token>in the request, e.g. incurl <URL>.Works in GitHub when providing a token, returns a 404 without a token.
In Gitea however I see the following:
Without a token
curl https://try.gitea.io/pat-s/test/raw/branch/master/README.md-> HTML response (expecting a 404)
With token
curl -u <username>:<token> https://try.gitea.io/pat-s/test/raw/branch/master/README.md-> HTML response (expecting raw response)
With password
curl -u <username>:<password> https://try.gitea.io/pat-s/test/raw/branch/master/README.md-> raw response
The text was updated successfully, but these errors were encountered: