mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-10-31 20:44:07 +00:00
878c236f49
These are the three conflicted changes from #4716: * https://github.com/go-gitea/gitea/pull/31632 * https://github.com/go-gitea/gitea/pull/31688 * https://github.com/go-gitea/gitea/pull/31706 cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token) ## Checklist The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Draft release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Breaking features - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu> Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu> |
||
|---|---|---|
| .. | ||
| actions | ||
| activitypub | ||
| analyze | ||
| assetfs | ||
| auth | ||
| avatar | ||
| base | ||
| cache | ||
| charset | ||
| container | ||
| csv | ||
| emoji | ||
| eventsource | ||
| forgefed | ||
| generate | ||
| git | ||
| gitgraph | ||
| gitrepo | ||
| graceful | ||
| hcaptcha | ||
| highlight | ||
| hostmatcher | ||
| html | ||
| httpcache | ||
| httplib | ||
| indexer | ||
| issue/template | ||
| json | ||
| label | ||
| lfs | ||
| log | ||
| markup | ||
| mcaptcha | ||
| metrics | ||
| migration | ||
| nosql | ||
| optional | ||
| options | ||
| packages | ||
| paginator | ||
| pprof | ||
| private | ||
| process | ||
| proxy | ||
| proxyprotocol | ||
| public | ||
| queue | ||
| recaptcha | ||
| references | ||
| regexplru | ||
| repository | ||
| secret | ||
| session | ||
| setting | ||
| sitemap | ||
| ssh | ||
| storage | ||
| structs | ||
| svg | ||
| sync | ||
| system | ||
| templates | ||
| test | ||
| testlogger | ||
| timeutil | ||
| translation | ||
| turnstile | ||
| typesniffer | ||
| updatechecker | ||
| uri | ||
| user | ||
| util | ||
| validation | ||
| web | ||
| webhook | ||