Skip to content

Fix various permission & login related bugs (#36002) #36004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 22, 2025
Merged

Fix various permission & login related bugs (#36002) #36004

merged 2 commits into from
Nov 22, 2025
+389 −61

Conversation

@lunny
Copy link
Member

@lunny lunny commented Nov 22, 2025
edited
Loading

Backport #36002

Permission & protection check:

  • Fix Delete Release permission check
  • Fix Update Pull Request with rebase branch protection check
  • Fix Issue Dependency permission check
  • Fix Delete Comment History ID check

Information leaking:

Auth & Login:

@lunny @wxiaoguang
Fix various permission & login related bugs (go-gitea#36002)
11f774a 
Permission & protection check:

- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check

Information leaking:

- Show unified message for non-existing user and invalid password
    - Fix go-gitea#35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.

Auth & Login:

- Avoid GCM OAuth2 attempt when OAuth2 is disabled
    - Fix go-gitea#35510

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@GiteaBot GiteaBot added this to the 1.25.2 milestone Nov 22, 2025
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 22, 2025
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels Nov 22, 2025
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 22, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 22, 2025
@wxiaoguang wxiaoguang enabled auto-merge (squash) November 22, 2025 12:08
@wxiaoguang wxiaoguang merged commit 20cf4b7 into go-gitea:release/v1.25 Nov 22, 2025
26 checks passed
@lunny lunny deleted the lunny/backport_36002 branch November 22, 2025 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@silverwind silverwind silverwind approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/internal

Projects

None yet

Milestone

1.25.2

Development

Successfully merging this pull request may close these issues.

4 participants

@lunny @silverwind @wxiaoguang @GiteaBot