From 4587b1d3f6ae7d7ca92db2b882d2ef31a6776361 Mon Sep 17 00:00:00 2001 From: Wim Date: Sat, 18 Jun 2022 19:42:55 +0200 Subject: [PATCH] Respond with a 401 on git push when password isn't changed yet Fixes #19090 If the user-agent starts with git and user must change password but hasn't return a 401 with the message. It must be a 401, git doesn't seem to show the contents of the error message when we return a 403 --- modules/context/auth.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/context/auth.go b/modules/context/auth.go index 09c22954550c7..e6d882eb5b34e 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -7,6 +7,7 @@ package context import ( "net/http" + "strings" "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/modules/log" @@ -41,6 +42,10 @@ func Toggle(options *ToggleOptions) func(ctx *Context) { if ctx.Doer.MustChangePassword { if ctx.Req.URL.Path != "/user/settings/change_password" { + if strings.HasPrefix(ctx.Req.UserAgent(), "git") { + ctx.Error(http.StatusUnauthorized, ctx.Tr("auth.must_change_password")) + return + } ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" if ctx.Req.URL.Path != "/user/events" {