github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-17 05:32:12 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Panic when listing user repos using API and not authenticated #665

New Issue
Closed
opened 2025-11-02 03:32:19 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-02 03:32:19 -06:00
Owner
Copy Link

Originally created by @cez81 on GitHub (Apr 25, 2017).

/home/jonas/go/src/code.gitea.io/gitea/routers/api/v1/user/repo.go:12 (0x101b389)
	listUserRepos: showPrivateRepos := (ctx.User.ID == userID || ctx.User.IsAdmin) && ctx.IsSigned
/home/jonas/go/src/code.gitea.io/gitea/routers/api/v1/user/repo.go:40 (0x101b764)
	ListUserRepos: listUserRepos(ctx, user)

Description

Trying to get users repositories using the API when not signed in will cause panic on line https://github.com/go-gitea/gitea/blob/master/routers/api/v1/user/repo.go#L12.
ctx.User is not populated unless signed in.

Github seems to allow this operation even when nog logged in so I guess that should be correct behaviour?

Originally created by @cez81 on GitHub (Apr 25, 2017). - Gitea version (or commit ref): 1.1.0+138-gc58708d3 - Git version: 2.7.4 - Operating system: Ubuntu 16.04 - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes (provide example URL) https://try.gitea.io/api/v1/users/cez81/repos - [ ] No - [ ] Not relevant - Log gist: ``` /home/jonas/go/src/code.gitea.io/gitea/routers/api/v1/user/repo.go:12 (0x101b389) listUserRepos: showPrivateRepos := (ctx.User.ID == userID || ctx.User.IsAdmin) && ctx.IsSigned /home/jonas/go/src/code.gitea.io/gitea/routers/api/v1/user/repo.go:40 (0x101b764) ListUserRepos: listUserRepos(ctx, user) ``` ## Description Trying to get users repositories using the API when not signed in will cause panic on line https://github.com/go-gitea/gitea/blob/master/routers/api/v1/user/repo.go#L12. ctx.User is not populated unless signed in. Github seems to allow this operation even when nog logged in so I guess that should be correct behaviour?
GiteaMirror added the type/bug label 2025-11-02 03:32:19 -06:00
GiteaMirror commented 2025-11-02 03:32:20 -06:00
Author
Owner
Copy Link

@bkcsoft commented on GitHub (Apr 25, 2017):

Related to #1539 which has the same issue (but for the web-view controller)

@bkcsoft commented on GitHub (Apr 25, 2017): Related to #1539 which has the same issue (but for the web-view controller)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#665
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?