Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only check access tokens if they are likely to be tokens (#16164) #16171

Merged
merged 1 commit into from
Jun 16, 2021
Merged

Only check access tokens if they are likely to be tokens (#16164) #16171

merged 1 commit into from
Jun 16, 2021

Conversation

zeripath
Copy link
Contributor

@zeripath zeripath commented Jun 16, 2021
edited
Loading

Backport #16164

Gitea will currently check every if every password is an access token even though
most passwords are not and cannot be access tokens.

By creation access tokens are 40 byte hexadecimal strings therefore only these should
be checked.

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Only check access tokens if they are likely to be tokens (go-gitea#16164
7d9cbf2 
)

Backprt go-gitea#16164

Gitea will currently check every if every password is an access token even though
most passwords are not and cannot be access tokens.

By creation access tokens are 40 byte hexadecimal strings therefore only these should
be checked.

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.14.3 milestone Jun 16, 2021
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jun 16, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jun 16, 2021
@techknowlogick techknowlogick merged commit 946eb13 into go-gitea:release/v1.14 Jun 16, 2021
@zeripath zeripath deleted the backport-16164-v1.14 branch June 16, 2021 09:51
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 18, 2021
@zeripath zeripath mentioned this pull request Jul 25, 2021
Closed
4 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@khmarbaise khmarbaise khmarbaise approved these changes

@KN4CK3R KN4CK3R KN4CK3R approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.14.3
Development

Successfully merging this pull request may close these issues.
5 participants
@zeripath @khmarbaise @KN4CK3R @techknowlogick @GiteaBot