OneDev
Dashboards
Projects
Global Views
Code Search
server
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Packages
Statistics
Child Projects
Audit Log
OneDev 14.1.0
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects onedev server Issues OD-318
Successful push without authorization (OD-318)
Artur opened 5 years ago

Hi,

I am running my test OneDev within a Docker container, todays last Docker image.

Created a test project with nothing set as Default Role. And confirmed from another browser the project is not visible to anyone except the project owner.

And then I attempted to push to the repository from command line without providing user credentials and the push succeeded.

These seems like a serious malfunction and security risk or maybe I have misconfigured something?

  • Robin Shen commented 5 years ago

    Seems that your git client cached credentials used previously. I tested here and it does ask for credential with credential cache disabled.

  • Artur commented 5 years ago

    Yes, you are right. I forgot, I already pushed code to a different repository a few weeks ago.

    I am sorry for the trouble.

  • Robin Shen changed state to 'Closed' 5 years ago
    Previous Value Current Value 
    Open
    		 
    Closed
issue 1/1
Type
Bug
Priority
Critical
Assignee
Robin Shen
Affected Versions
Not Found
Issue Votes (0)
Login to vote
Watchers (3)
Reference
OD-318
Please wait...
Connection lost or session expired, reload to recover
Page is in error, reload to recover