1
0
Fork 0
forgejo/services
Gusted 5a871f6095
[SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128
2024-08-28 10:33:32 +02:00
..
actions Fix actions notify bug (#31866) 2024-08-25 10:41:24 +02:00
agit fix(agit): run full pr checks on force-push 2024-08-12 09:00:41 +02:00
asymkey Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
attachment Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
auth Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo 2024-08-26 07:31:56 +00:00
automerge Fix agit automerge (#31207) 2024-08-25 10:47:37 +02:00
context [CHORE] Move to new sessioner library 2024-08-25 03:47:08 +02:00
contexttest [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
convert [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
cron Clear up old Actions logs (#31735) 2024-08-04 18:24:10 +02:00
doctor fix: correct doctor commands and rename to forgejo 2024-08-27 02:40:55 +02:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-22 15:44:13 +02:00
f3 feat: upgrade F3 to v3.7.0 2024-08-18 19:39:20 +02:00
federation feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853) 2024-08-07 05:45:24 +00:00
feed Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forgejo Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
forms [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
gitdiff feat: Improve diff being generated 2024-08-26 13:58:17 +02:00
indexer
issue [BUG] Don't fire notification for comment of pending review 2024-08-18 17:04:00 +02:00
lfs feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
mailer style: reenable switch check 2024-08-18 15:19:01 +02:00
markup Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
migrations Merge pull request 'Update module github.com/google/go-github/v63 to v64 (forgejo)' (#5101) from renovate/forgejo-github.com-google-go-github-v63-64.x into forgejo 2024-08-24 18:43:11 +00:00
mirror [FEAT] Allow pushmirror to use publickey authentication 2024-08-22 17:05:07 +02:00
notify
org Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
packages [SEC] Ensure propagation of API scopes for Conan and Container authentication 2024-08-28 10:33:32 +02:00
pull Merge pull request 'Revert "Prevent allow/reject reviews on merged/closed PRs"' (#4907) from caesar/forgejo:revert-no-closed-pr-review into forgejo 2024-08-13 23:25:54 +00:00
release Fix linting issues 2024-08-18 16:25:13 +02:00
remote Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
repository [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
secrets
task feat(quota): Quota enforcement 2024-08-02 11:10:34 +02:00
uinotification
user Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
webhook [TESTS] Move CreateDeclarativeRepo to more accessible location 2024-08-25 02:54:43 +02:00
wiki Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00