Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: Allow unauthenticated access to user's SSH keys #30717

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

api: Allow unauthenticated access to user's SSH keys #30717

wants to merge 1 commit into from

Conversation

wiktor-k
Copy link
Contributor

This patch relaxes constraints on getting user's SSH keys via the JSON API. The same has been allowed by both GitHub and Gitlab and the output is already readable via http://domain/user.keys endpoint.

The benefit of allowing it via the API are twofold: first this is a structured output and second it can be CORS-enabled.

As a privacy precaution the Title property is set to an empty string if the request is unauthenticated.

Fixes: #30681

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 26, 2024
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 26, 2024
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels Apr 26, 2024
lunny
lunny requested changes Apr 26, 2024
View reviewed changes
routers/api/v1/api.go Show resolved Hide resolved
@GiteaBot GiteaBot added lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Apr 26, 2024
@wiktor-k
api: Allow unauthenticated access to user's SSH keys
693db80 
This patch relaxes constraints on getting user's SSH keys via the JSON
API. The same has been allowed by both GitHub and Gitlab and the output
is already readable via http://domain/user.keys endpoint.

The benefit of allowing it via the API are twofold: first this is
a structured output and second it can be CORS-enabled.

As a privacy precaution the `Title` property is set to an empty string
if the request is unauthenticated.

Fixes: go-gitea#30681
@wiktor-k wiktor-k force-pushed the allow-unauthenticated-retrieval-of-ssh-keys branch from 69afd9d to 693db80 Compare April 29, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lunny lunny lunny requested changes

Assignees
No one assigned
Labels
lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consider relaxing access constraints on /api/users/{username}/keys
3 participants
@wiktor-k @lunny @GiteaBot