github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-22 22:31:16 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

With Gitea as an OAuth provider, Gitea sends an incorrect user account back to its OAuth client #7610

New Issue
Closed
opened 2025-11-02 07:31:18 -06:00 by GiteaMirror · 9 comments
GiteaMirror commented 2025-11-02 07:31:18 -06:00
Owner
Copy Link

Originally created by @vw98075 on GitHub (Jul 20, 2021).

  • Gitea version (or commit ref): 1.15.0+dev-g49ad088b8
  • Git version: 2.30.1
  • Operating system: Macbook Pro
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
  • Log gist:

Description

Create an application for OAuth on Gitea, log in on its OAuth client app will be redirected to log in on Gttea. At this stage, log in on Gitea with the user account which creates the app will result in the same user log in on its client. In other words, the same user log in to both Gitea and its OAuth client. Log in on Gitea with other user accounts will result in the user account which creates the app on its client app. In other words, different user log in on Gitea and its OAuth client. For some reason, Gitea always returns the user account which creates the app as its OAuth client to its OAuth client for user login based on our current test.

...

Screenshots

The followings are logs for two use cases. Gitea is on the port 3000 while OAuth client is on the port 9000.

  1. A user signs in on the OAuth client while a user session is available on Gitea
        ◦ Request URL: http://localhost:3000/login/oauth/authorize?response_type=code&client_id=564a1ee4-7b37-4eb3-a2b7-aa53a5a18811&scope=openid%20profile%20email&state=x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE%3D&redirect_uri=http://localhost:9000/login/oauth2/code/oidc&nonce=9J3GH9fXj_rsCnsYiZIUXnf2hsOwxE4UdUsvcEYdBK0
        ◦ Request Method: GET
        ◦ Status Code: 302 Found
        ◦ Remote Address: [::1]:3000
        ◦ Referrer Policy: strict-origin-when-cross-origin
    • Response HeadersView source
        ◦ Content-Length: 174
        ◦ Content-Type: text/html; charset=utf-8
        ◦ Date: Wed, 21 Jul 2021 14:32:15 GMT
        ◦ Location: http://localhost:9000/login/oauth2/code/oidc?code=dwkOjutqosAts4Ec4sPkdP3X0Szv6iSKftXQZRkST6hJ&state=x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE%3D
        ◦ Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
        ◦ X-Frame-Options: SAMEORIGIN
    • Request HeadersView source
        ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        ◦ Accept-Encoding: gzip, deflate, br
        ◦ Accept-Language: de,en-US;q=0.9,en;q=0.8
        ◦ Connection: keep-alive
        ◦ Cookie: i_like_gitea=a0ff90920347641c; lang=en-US; _csrf=mabg6ZNunZvLKMPZZyRM00cXiGg6MTYyNjgxODU4ODE2NTE5NjAwMA; XSRF-TOKEN=0f8f7dbc-7231-4bfd-a63c-b615b787ce67; io=S7MZQeiWxrURbWy3AABv; JSESSIONID=BeCPs2QziP04x7e5My6nfgy668q-U37gxioSo262
        ◦ Host: localhost:3000
        ◦ Referer: http://localhost:9000/
        ◦ sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91"
        ◦ sec-ch-ua-mobile: ?1
        ◦ Sec-Fetch-Dest: document
        ◦ Sec-Fetch-Mode: navigate
        ◦ Sec-Fetch-Site: same-site
        ◦ Sec-Fetch-User: ?1
        ◦ Upgrade-Insecure-Requests: 1
        ◦ User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Mobile Safari/537.36
    • Query String Parametersview source
view URL-encoded
        ◦ response_type: code
        ◦ client_id: 564a1ee4-7b37-4eb3-a2b7-aa53a5a18811
        ◦ scope: openid profile email
        ◦ state: x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE=
        ◦ redirect_uri: http://localhost:9000/login/oauth2/code/oidc
        ◦ 
nonce: 9J3GH9fXj_rsCnsYiZIUXnf2hsOwxE4UdUsvcEYdBK0
  1. A user signs in on OAuth client app while the user session isn't available on Gitea.
        ◦ Request URL: http://localhost:3000/login/oauth/authorize?response_type=code&client_id=564a1ee4-7b37-4eb3-a2b7-aa53a5a18811&scope=openid%20profile%20email&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D&redirect_uri=http://localhost:9000/login/oauth2/code/oidc&nonce=A6M0phhMzfU-WDTQXlRscMMaaOq8s4KqolAez11U09E
        ◦ Request Method: GET
        ◦ Status Code: 302 Found
        ◦ Remote Address: [::1]:3000
        ◦ Referrer Policy: no-referrer
    • Response HeadersView source
        ◦ Content-Length: 174
        ◦ Content-Type: text/html; charset=utf-8
        ◦ Date: Wed, 21 Jul 2021 15:13:52 GMT
        ◦ Location: http://localhost:9000/login/oauth2/code/oidc?code=VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D
        ◦ Set-Cookie: _csrf=2HarUlUagFauOg88-09HRxGYGw86MTYyNjg4MDQzMjI5MTgxMzAwMA; Path=/; Expires=Thu, 22 Jul 2021 15:13:52 GMT; HttpOnly; SameSite=Lax
        ◦ Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax
        ◦ X-Frame-Options: SAMEORIGIN
    • Request HeadersView source
        ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        ◦ Accept-Encoding: gzip, deflate, br
        ◦ Accept-Language: en-US,en;q=0.9
        ◦ Cache-Control: max-age=0
        ◦ Connection: keep-alive
        ◦ Cookie: XSRF-TOKEN=6cfefe77-7912-40c1-9484-dcf61dad3271; io=_d8OSzN-PIQVJcl8AAB3; JSESSIONID=1leZuJFlAjLSinj02dBRx5vnFExPHgznDc5Imrkf; i_like_gitea=eed5ada632ae0f03; lang=en-US
        ◦ Host: localhost:3000
        ◦ sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="91", "Chromium";v="91"
        ◦ sec-ch-ua-mobile: ?0
        ◦ Sec-Fetch-Dest: document
        ◦ Sec-Fetch-Mode: navigate
        ◦ Sec-Fetch-Site: same-origin
        ◦ Sec-Fetch-User: ?1
        ◦ Upgrade-Insecure-Requests: 1
        ◦ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70
    • Query String Parametersview source
view URL-encoded
        ◦ response_type: code
        ◦ client_id: 564a1ee4-7b37-4eb3-a2b7-aa53a5a18811
        ◦ scope: openid profile email
        ◦ state: v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA=
        ◦ redirect_uri: http://localhost:9000/login/oauth2/code/oidc
        ◦ nonce: A6M0phhMzfU-WDTQXlRscMMaaOq8s4KqolAez11U09E
        ◦ 

        ◦ Request URL: http://localhost:9000/login/oauth2/code/oidc?code=VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D
        ◦ Request Method: GET
        ◦ Status Code: 302 Found
        ◦ Remote Address: [::1]:9000
        ◦ Referrer Policy: no-referrer
    • Response HeadersView source
        ◦ cache-control: no-cache, no-store, max-age=0, must-revalidate
        ◦ connection: close
        ◦ content-length: 0
        ◦ content-security-policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data:
        ◦ date: Wed, 21 Jul 2021 15:13:52 GMT
        ◦ expires: 0
        ◦ feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
        ◦ location: http://localhost:9000/
        ◦ pragma: no-cache
        ◦ referrer-policy: strict-origin-when-cross-origin
        ◦ set-cookie: JSESSIONID=--5zv-XZznshlU7hKmDiB_0C4Zvee_TpXJSbRFYa; path=/; HttpOnly
        ◦ set-cookie: XSRF-TOKEN=2bababa9-ad27-4706-97ed-2ed20122a842; path=/
        ◦ vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
        ◦ x-content-type-options: nosniff
        ◦ x-frame-options: DENY
        ◦ x-powered-by: Express
        ◦ x-xss-protection: 1; mode=block
    • Request HeadersView source
        ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        ◦ Accept-Encoding: gzip, deflate, br
        ◦ Accept-Language: en-US,en;q=0.9
        ◦ Cache-Control: max-age=0
        ◦ Connection: keep-alive
        ◦ Cookie: XSRF-TOKEN=6cfefe77-7912-40c1-9484-dcf61dad3271; io=_d8OSzN-PIQVJcl8AAB3; JSESSIONID=1leZuJFlAjLSinj02dBRx5vnFExPHgznDc5Imrkf; i_like_gitea=eed5ada632ae0f03; lang=en-US; _csrf=2HarUlUagFauOg88-09HRxGYGw86MTYyNjg4MDQzMjI5MTgxMzAwMA
        ◦ Host: localhost:9000
        ◦ sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="91", "Chromium";v="91"
        ◦ sec-ch-ua-mobile: ?0
        ◦ Sec-Fetch-Dest: document
        ◦ Sec-Fetch-Mode: navigate
        ◦ Sec-Fetch-Site: same-site
        ◦ Sec-Fetch-User: ?1
        ◦ Upgrade-Insecure-Requests: 1
        ◦ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70
    • Query String Parametersview source
view URL-encoded
        ◦ code: VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY
        ◦ state: v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA=
Originally created by @vw98075 on GitHub (Jul 20, 2021). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq) 5. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.15.0+dev-g49ad088b8 - Git version: 2.30.1 - Operating system: Macbook Pro <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package --> <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. ---> <!-- If you are using a package or systemd tell us what distribution you are using --> - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - Log gist: <!-- It really is important to provide pertinent logs --> <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems --> <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini --> ## Description Create an application for OAuth on Gitea, log in on its OAuth client app will be redirected to log in on Gttea. At this stage, log in on Gitea with the user account which creates the app will result in the same user log in on its client. In other words, the same user log in to both Gitea and its OAuth client. Log in on Gitea with other user accounts will result in the user account which creates the app on its client app. In other words, different user log in on Gitea and its OAuth client. For some reason, Gitea always returns the user account which creates the app as its OAuth client to its OAuth client for user login based on our current test. ... ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** --> The followings are logs for two use cases. Gitea is on the port 3000 while OAuth client is on the port 9000. 1) A user signs in on the OAuth client while a user session is available on Gitea ``` ◦ Request URL: http://localhost:3000/login/oauth/authorize?response_type=code&client_id=564a1ee4-7b37-4eb3-a2b7-aa53a5a18811&scope=openid%20profile%20email&state=x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE%3D&redirect_uri=http://localhost:9000/login/oauth2/code/oidc&nonce=9J3GH9fXj_rsCnsYiZIUXnf2hsOwxE4UdUsvcEYdBK0 ◦ Request Method: GET ◦ Status Code: 302 Found ◦ Remote Address: [::1]:3000 ◦ Referrer Policy: strict-origin-when-cross-origin • Response HeadersView source ◦ Content-Length: 174 ◦ Content-Type: text/html; charset=utf-8 ◦ Date: Wed, 21 Jul 2021 14:32:15 GMT ◦ Location: http://localhost:9000/login/oauth2/code/oidc?code=dwkOjutqosAts4Ec4sPkdP3X0Szv6iSKftXQZRkST6hJ&state=x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE%3D ◦ Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax ◦ X-Frame-Options: SAMEORIGIN • Request HeadersView source ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 ◦ Accept-Encoding: gzip, deflate, br ◦ Accept-Language: de,en-US;q=0.9,en;q=0.8 ◦ Connection: keep-alive ◦ Cookie: i_like_gitea=a0ff90920347641c; lang=en-US; _csrf=mabg6ZNunZvLKMPZZyRM00cXiGg6MTYyNjgxODU4ODE2NTE5NjAwMA; XSRF-TOKEN=0f8f7dbc-7231-4bfd-a63c-b615b787ce67; io=S7MZQeiWxrURbWy3AABv; JSESSIONID=BeCPs2QziP04x7e5My6nfgy668q-U37gxioSo262 ◦ Host: localhost:3000 ◦ Referer: http://localhost:9000/ ◦ sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91" ◦ sec-ch-ua-mobile: ?1 ◦ Sec-Fetch-Dest: document ◦ Sec-Fetch-Mode: navigate ◦ Sec-Fetch-Site: same-site ◦ Sec-Fetch-User: ?1 ◦ Upgrade-Insecure-Requests: 1 ◦ User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 Mobile Safari/537.36 • Query String Parametersview source
view URL-encoded ◦ response_type: code ◦ client_id: 564a1ee4-7b37-4eb3-a2b7-aa53a5a18811 ◦ scope: openid profile email ◦ state: x78w0_qNnCHsoZOdrCLSQog5Dn9rlYgGFkXk1FIPsWE= ◦ redirect_uri: http://localhost:9000/login/oauth2/code/oidc ◦ 
nonce: 9J3GH9fXj_rsCnsYiZIUXnf2hsOwxE4UdUsvcEYdBK0 ``` 2. A user signs in on OAuth client app while the user session isn't available on Gitea. ``` ◦ Request URL: http://localhost:3000/login/oauth/authorize?response_type=code&client_id=564a1ee4-7b37-4eb3-a2b7-aa53a5a18811&scope=openid%20profile%20email&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D&redirect_uri=http://localhost:9000/login/oauth2/code/oidc&nonce=A6M0phhMzfU-WDTQXlRscMMaaOq8s4KqolAez11U09E ◦ Request Method: GET ◦ Status Code: 302 Found ◦ Remote Address: [::1]:3000 ◦ Referrer Policy: no-referrer • Response HeadersView source ◦ Content-Length: 174 ◦ Content-Type: text/html; charset=utf-8 ◦ Date: Wed, 21 Jul 2021 15:13:52 GMT ◦ Location: http://localhost:9000/login/oauth2/code/oidc?code=VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D ◦ Set-Cookie: _csrf=2HarUlUagFauOg88-09HRxGYGw86MTYyNjg4MDQzMjI5MTgxMzAwMA; Path=/; Expires=Thu, 22 Jul 2021 15:13:52 GMT; HttpOnly; SameSite=Lax ◦ Set-Cookie: macaron_flash=; Path=/; Max-Age=0; HttpOnly; SameSite=Lax ◦ X-Frame-Options: SAMEORIGIN • Request HeadersView source ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 ◦ Accept-Encoding: gzip, deflate, br ◦ Accept-Language: en-US,en;q=0.9 ◦ Cache-Control: max-age=0 ◦ Connection: keep-alive ◦ Cookie: XSRF-TOKEN=6cfefe77-7912-40c1-9484-dcf61dad3271; io=_d8OSzN-PIQVJcl8AAB3; JSESSIONID=1leZuJFlAjLSinj02dBRx5vnFExPHgznDc5Imrkf; i_like_gitea=eed5ada632ae0f03; lang=en-US ◦ Host: localhost:3000 ◦ sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="91", "Chromium";v="91" ◦ sec-ch-ua-mobile: ?0 ◦ Sec-Fetch-Dest: document ◦ Sec-Fetch-Mode: navigate ◦ Sec-Fetch-Site: same-origin ◦ Sec-Fetch-User: ?1 ◦ Upgrade-Insecure-Requests: 1 ◦ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70 • Query String Parametersview source
view URL-encoded ◦ response_type: code ◦ client_id: 564a1ee4-7b37-4eb3-a2b7-aa53a5a18811 ◦ scope: openid profile email ◦ state: v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA= ◦ redirect_uri: http://localhost:9000/login/oauth2/code/oidc ◦ nonce: A6M0phhMzfU-WDTQXlRscMMaaOq8s4KqolAez11U09E ◦ ◦ Request URL: http://localhost:9000/login/oauth2/code/oidc?code=VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY&state=v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA%3D ◦ Request Method: GET ◦ Status Code: 302 Found ◦ Remote Address: [::1]:9000 ◦ Referrer Policy: no-referrer • Response HeadersView source ◦ cache-control: no-cache, no-store, max-age=0, must-revalidate ◦ connection: close ◦ content-length: 0 ◦ content-security-policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com data: ◦ date: Wed, 21 Jul 2021 15:13:52 GMT ◦ expires: 0 ◦ feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none' ◦ location: http://localhost:9000/ ◦ pragma: no-cache ◦ referrer-policy: strict-origin-when-cross-origin ◦ set-cookie: JSESSIONID=--5zv-XZznshlU7hKmDiB_0C4Zvee_TpXJSbRFYa; path=/; HttpOnly ◦ set-cookie: XSRF-TOKEN=2bababa9-ad27-4706-97ed-2ed20122a842; path=/ ◦ vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers ◦ x-content-type-options: nosniff ◦ x-frame-options: DENY ◦ x-powered-by: Express ◦ x-xss-protection: 1; mode=block • Request HeadersView source ◦ Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 ◦ Accept-Encoding: gzip, deflate, br ◦ Accept-Language: en-US,en;q=0.9 ◦ Cache-Control: max-age=0 ◦ Connection: keep-alive ◦ Cookie: XSRF-TOKEN=6cfefe77-7912-40c1-9484-dcf61dad3271; io=_d8OSzN-PIQVJcl8AAB3; JSESSIONID=1leZuJFlAjLSinj02dBRx5vnFExPHgznDc5Imrkf; i_like_gitea=eed5ada632ae0f03; lang=en-US; _csrf=2HarUlUagFauOg88-09HRxGYGw86MTYyNjg4MDQzMjI5MTgxMzAwMA ◦ Host: localhost:9000 ◦ sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="91", "Chromium";v="91" ◦ sec-ch-ua-mobile: ?0 ◦ Sec-Fetch-Dest: document ◦ Sec-Fetch-Mode: navigate ◦ Sec-Fetch-Site: same-site ◦ Sec-Fetch-User: ?1 ◦ Upgrade-Insecure-Requests: 1 ◦ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.70 • Query String Parametersview source
view URL-encoded ◦ code: VrtpJ103AYGYJMxNhwhLkG5P1sLIkD3q6kFKSPiFMosY ◦ state: v0H2VE_6063inEhPoR6SCEin7xplaSf8QN4MD8hq3KA= ```
GiteaMirror added the issue/needs-feedback label 2025-11-02 07:31:18 -06:00
GiteaMirror commented 2025-11-02 07:31:19 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Jul 26, 2021):

please test against v1.15.0-rc2

@6543 commented on GitHub (Jul 26, 2021): please test against v1.15.0-rc2
GiteaMirror commented 2025-11-02 07:31:19 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 26, 2021):

$ echo "49ad088b8" | git cat-file --batch
49ad088b8 missing

49ad088b8 does not refer to a commit, tag, or tree in Gitea's repository.

@zeripath commented on GitHub (Jul 26, 2021): ``` $ echo "49ad088b8" | git cat-file --batch 49ad088b8 missing ``` `49ad088b8` does not refer to a commit, tag, or tree in Gitea's repository.
GiteaMirror commented 2025-11-02 07:31:19 -06:00
Author
Owner
Copy Link

@vw98075 commented on GitHub (Jul 28, 2021):

I just did

git fetch upstream

Its version is 1.15.0+dev-591-g49ad088b8. The bug still exists. I don't know whether I get the latest version or not. The upstream is https://github.com/go-gitea/gitea.git.

@vw98075 commented on GitHub (Jul 28, 2021): I just did ``` git fetch upstream ``` Its version is 1.15.0+dev-591-g49ad088b8. The bug still exists. I don't know whether I get the latest version or not. The upstream is https://github.com/go-gitea/gitea.git.
GiteaMirror commented 2025-11-02 07:31:19 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 28, 2021):

At the time of me writing this comment the current HEAD of main is 370516883. The current head of release/v1.15 is 840d240a6 and is 614 commits after v1.15.0-dev. The current pre-release of v1.15 is v1.15.0-rc2 (0b06b2019) and is 607 commits after v1.15.0-dev.

You'll see that github has highlighted & changed those SHAs into links into our commit tree. 49ad088b8 is not a commit in Gitea and you'll see that because Github has not changed the SHA into a link.

You have some private changes and you are not testing on v1.15.0-rc2 or the latest head of v1.15.0.

You need to explain what those changes are and/or you need to update.

@zeripath commented on GitHub (Jul 28, 2021): At the time of me writing this comment the current HEAD of main is 370516883. The current head of release/v1.15 is 840d240a6 and is 614 commits after v1.15.0-dev. The current pre-release of v1.15 is v1.15.0-rc2 (0b06b2019) and is 607 commits after v1.15.0-dev. You'll see that github has highlighted & changed those SHAs into links into our commit tree. 49ad088b8 is not a commit in Gitea and you'll see that because Github has not changed the SHA into a link. You have some private changes and you are not testing on v1.15.0-rc2 or the latest head of v1.15.0. You need to explain what those changes are and/or you need to update.
GiteaMirror commented 2025-11-02 07:31:20 -06:00
Author
Owner
Copy Link

@vw98075 commented on GitHub (Jul 28, 2021):

Thanks for your quick reply. I guess that either my git upstream isn't pointed to the right place or the fix isn't in the release/main branch yet. I don't know where to check the head. The version I provided is what I see on the bottom of the home page.

@vw98075 commented on GitHub (Jul 28, 2021): Thanks for your quick reply. I guess that either my git upstream isn't pointed to the right place or the fix isn't in the release/main branch yet. I don't know where to check the head. The version I provided is what I see on the bottom of the home page.
GiteaMirror commented 2025-11-02 07:31:20 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jul 29, 2021):

Rebuild a clean version of Gitea.

I suggest you perform a clean checkout: git checkout v1.15.0-RC2 or git checkout release/v1.15 or git checkout main

Ensure that the checkout is clean - removing any old and weird files that you have - git status would help with that.

49ad088b8 is not a commit in Gitea - if you have changes that you wish to keep you will need to show that those changes are not the cause of your problems and explain why the SHA has changed (at the least with a git diff 49ad088b8 origin/release/v1.15 (v1.15.0-RC2 or main)) - but realistically we cannot support private patches on this forum.

@zeripath commented on GitHub (Jul 29, 2021): Rebuild a clean version of Gitea. I suggest you perform a clean checkout: `git checkout v1.15.0-RC2` or `git checkout release/v1.15` or `git checkout main` Ensure that the checkout is clean - removing any old and weird files that you have - `git status` would help with that. 49ad088b8 is not a commit in Gitea - if you have changes that you wish to keep you will need to show that those changes are not the cause of your problems and explain why the SHA has changed (at the least with a `git diff 49ad088b8 origin/release/v1.15` (`v1.15.0-RC2` or `main`)) - but realistically we cannot support private patches on this forum.
GiteaMirror commented 2025-11-02 07:31:20 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (Aug 13, 2021):

realistically we cannot support private patches on this forum.

If you'd like to commission a maintainer to review your code changes and support your issue please reach out (there are several maintainers who can offer paid support), otherwise, as @zeripath mentioned, we cannot support private patches.

I will close this issue now.

@techknowlogick commented on GitHub (Aug 13, 2021): > realistically we cannot support private patches on this forum. If you'd like to commission a maintainer to review your code changes and support your issue please reach out (there are several maintainers who can offer paid support), otherwise, as @zeripath mentioned, we cannot support private patches. I will close this issue now.
GiteaMirror commented 2025-11-02 07:31:20 -06:00
Author
Owner
Copy Link

@vw98075 commented on GitHub (Aug 13, 2021):

I try to trust the git code control practice. I learn that this is a proper way to merge my local changes with the upstream. The only change in my local codebase is the front page. That is not any business local changes in my local code. Assuming the upstream is correct in this regard, that would be a problem in git then.

@vw98075 commented on GitHub (Aug 13, 2021): I try to trust the git code control practice. I learn that this is a proper way to merge my local changes with the upstream. The only change in my local codebase is the front page. That is not any business local changes in my local code. Assuming the upstream is correct in this regard, that would be a problem in git then.
GiteaMirror commented 2025-11-02 07:31:20 -06:00
Author
Owner
Copy Link

@vw98075 commented on GitHub (Aug 17, 2021):

I get the rc3 branch without any changes, that is not merging it with my local customization code today. And I get the same error.
Screen Shot 2021-08-17 at 1 15 21 PM
.

@vw98075 commented on GitHub (Aug 17, 2021): I get the rc3 branch without any changes, that is not merging it with my local customization code today. And I get the same error. <img width="702" alt="Screen Shot 2021-08-17 at 1 15 21 PM" src="https://user-images.githubusercontent.com/10793038/129795555-6e32ca6e-67bc-473e-b457-b139270f29ca.png"> .
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/needs-feedback
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#7610
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?