Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return nicer error if trying to pull from non-existent user #18288

Merged
merged 4 commits into from
Jan 16, 2022
Merged

Return nicer error if trying to pull from non-existent user #18288

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
71e1e17
Return nicer error if trying to pull from non-existent user
zeripath Jan 15, 2022
50c0c1e
change log level
zeripath Jan 15, 2022
8d8d14b
Merge branch 'main' into fix-18225-handle-missing-user-in-serv
zeripath Jan 15, 2022
0ffc33c
Merge branch 'main' into fix-18225-handle-missing-user-in-serv
6543 Jan 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions routers/private/serv.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,17 @@ func ServCommand(ctx *context.PrivateContext) {

owner, err := user_model.GetUserByName(results.OwnerName)
if err != nil {
if user_model.IsErrUserNotExist(err) {
// User is fetching/cloning a non-existent repository
log.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
ctx.JSON(http.StatusNotFound, private.ErrServCommand{
Results: results,
Err: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
})
return
}
log.Error("Unable to get repository owner: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
ctx.JSON(http.StatusInternalServerError, private.ErrServCommand{
ctx.JSON(http.StatusForbidden, private.ErrServCommand{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

403 means the repository is exist but user has no access and 404 means the repository is not exist? That will leak something.

Copy link
Contributor

@wxiaoguang wxiaoguang Jan 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The old code (below) is

	if !owner.IsOrganization() && !owner.IsActive {
		ctx.JSON(http.StatusForbidden, private.ErrServCommand{
			Results: results,
			Err:     "Repository cannot be accessed, you could retry it later",
		})
		return
	}
...
...
ctx.JSON(http.StatusUnauthorized, private.ErrServCommand{
  Results: results,
  Err:     fmt.Sprintf("User: %d:%s with Key: %d:%s is not authorized to %s %s/%s.", user.ID, user.Name, key.ID, key.Name, modeString, ownerName, repoName),
})

It was already 401 vs 403 vs 500 (with different message) before, not too much different. To prevent from leaking, we should re-design all the response codes and messages.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an internal URL endpoint. The status code is not shown to the user. Look at what cmd/serv.go does with this result instead of looking at what it is returning.

Results: results,
Err: fmt.Sprintf("Unable to get repository owner: %s/%s %v", results.OwnerName, results.RepoName, err),
})
Expand All @@ -135,7 +144,7 @@ func ServCommand(ctx *context.PrivateContext) {
for _, verb := range ctx.FormStrings("verb") {
if "git-upload-pack" == verb {
// User is fetching/cloning a non-existent repository
log.Error("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
log.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
ctx.JSON(http.StatusNotFound, private.ErrServCommand{
Results: results,
Err: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
Expand Down Expand Up @@ -325,7 +334,7 @@ func ServCommand(ctx *context.PrivateContext) {
userMode := perm.UnitAccessMode(unitType)

if userMode < mode {
log.Error("Failed authentication attempt for %s with key %s (not authorized to %s %s/%s) from %s", user.Name, key.Name, modeString, ownerName, repoName, ctx.RemoteAddr())
log.Warn("Failed authentication attempt for %s with key %s (not authorized to %s %s/%s) from %s", user.Name, key.Name, modeString, ownerName, repoName, ctx.RemoteAddr())
ctx.JSON(http.StatusUnauthorized, private.ErrServCommand{
Results: results,
Err: fmt.Sprintf("User: %d:%s with Key: %d:%s is not authorized to %s %s/%s.", user.ID, user.Name, key.ID, key.Name, modeString, ownerName, repoName),
Expand Down