Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Due date format issue #5226

Closed
1 of 3 tasks
mmarif4u opened this issue Oct 30, 2018 · 17 comments · Fixed by #5250
Closed
1 of 3 tasks

[BUG] Due date format issue #5226

mmarif4u opened this issue Oct 30, 2018 · 17 comments · Fixed by #5250
Labels
type/bug

Comments

@mmarif4u
Copy link

I guess the following image would explain the issue better.

capture
@lunny lunny added the type/bug label Oct 30, 2018
@eloyekunle
Copy link
Contributor

On which page do you currently experience this issue?

@lafriks
Copy link
Member

lafriks commented Oct 31, 2018

It is on issue page

@kolaente
Copy link
Member

We already have multiple issues regarding this, should we use some library to handle date formatting?

@kanozec
Copy link

kanozec commented Oct 31, 2018

But I saw the response of "https://try.gitea.io/api/v1/repos/{userName}/{repoName}/issues/1/deadline" in the chrome console is 401

And the request payload is {due_date: "2017-02-17T00:00:00.000Z"}

This issue seems not caused by error formating

@kolaente
Copy link
Member

@kanocz anything in the logs?

@kanozec
Copy link

kanozec commented Oct 31, 2018
edited
Loading

I only have the browser console log.

screen shot 2018-10-31 at 7 43 44 pm

Actually, I have some trouble to run gitea on my local.

@kolaente
Copy link
Member

@kanocz What was the response?

Also, if you have problems running Gitea locally, feel free to ask in our Discord server or the forum.

@kanozec
Copy link

kanozec commented Oct 31, 2018

[Macaron] 2018-10-31 21:10:17: Completed POST /api/v1/repos/Kee1234/gggg/issues/1/deadline 401 Unauthorized in 8.82763ms

I got this on my local environment.

The response was 401. Since the client ajax call got the 401 error, the js function setDeadline() handle the error in the same way. So it shows the "The due date is invalid or out of range. Please use the format 'yyyy-mm-dd' " on the page.

@jamesa
Copy link
Contributor

jamesa commented Oct 31, 2018

This also happens in the Swagger dashboard for the same request.

@kolaente
Copy link
Member

kolaente commented Nov 1, 2018
edited
Loading

Looks like this was broken by #4840 (among other things)

@kanozec
Copy link

kanozec commented Nov 1, 2018
edited
Loading

@kolaente Yes, I trace the code and make some experiments. I found that

ctx.Data["IsApiToken"] = true

does not be executed while checking user is signed.

So

func reqToken() macaron.Handler {
	return func(ctx *context.Context) {
		for  key := range ctx.Data{
			fmt.Printf("Key: %s |Value: %v\n", key, ctx.Data[key])
		}
		if true != ctx.Data["IsApiToken"] {
			ctx.Error(401)
			return
		}
	}
}

always gets 401 error.

#5249 shows the solution to fix this bug

@kolaente
Copy link
Member

kolaente commented Nov 1, 2018

I've opened #5249 to fix this and other issues.

@zeripath zeripath mentioned this issue Nov 1, 2018
Merged
zeripath added a commit to zeripath/gitea that referenced this issue Nov 2, 2018
@zeripath
Add CSRF checking to reqToken and place CSRF in the post for deadline…
6373b65 
… creation

Fixes go-gitea#5226, go-gitea#5249
techknowlogick pushed a commit that referenced this issue Nov 4, 2018
@zeripath @techknowlogick
Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the…
7096085 
… POST header for deadline (#5250)

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
zeripath added a commit to zeripath/gitea that referenced this issue Nov 4, 2018
@zeripath
Add CSRF checking to reqToken and place CSRF in the post for deadline…
f5b97f5 
… creation

Fixes go-gitea#5226, go-gitea#5249
techknowlogick pushed a commit that referenced this issue Nov 4, 2018
@zeripath @techknowlogick
Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin rout…
c0bbbdd 
…es with CSRF token (#5272)

* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
@nikitasius
Copy link

why this issue is closed?

Problem still here:

image

on https://try.gitea.io

@kolaente
Copy link
Member

It looks like it returns an error 500, so maybe some other thing is broken and the error message is just not good...

@nikitasius
Copy link

Yep, it send a payload:
image
and receive nothing
image

@saltymouse saltymouse mentioned this issue Jan 9, 2019
Closed
7 tasks
@lunny
Copy link
Member

lunny commented Jan 9, 2019

@nikitasius could you confirm that #5250 didn't resolve the issue?

@nikitasius
Copy link

@nikitasius could you confirm that #5250 didn't resolve the issue?

Hi, it was on your official demo. If you don't see on your official demo same error - guess it's fixed. Just check.

@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
8 participants
@lunny @lafriks @jamesa @mmarif4u @nikitasius @eloyekunle @kolaente @kanozec