Closed Nahiiko closed 5 months ago
Why isn't the https flag working (or so it seems)
when you set the https flag, you are telling gitness that you have installed gitness behind a reverse proxy / load balancer with https termination enabled. https://docs.gitness.com/installation/ssl
Would a working https config enforce the credentials usage
no, https has no bearing on whether or not credentials are required to clone
Why does the issue exist in the first place, shouldn't credentials be required all the time ?
It shouldn't exist, and would be a regression if it does. Credentials should always be required for cloning private repositories. I've forwarded this issue to our engineers and asked them to research further. They should have an answer shortly.
Hey @Nahiiko,
Could you verify if the repository is set to public? On the repository listing page, each repository is labeled as either public or private.
If it's private, please delete the token from the profile page and attempt the action again.
I think I was able to reproduce (although I'm unsure)
It seems this is the process:
Unless it's on purpose that credentials are shared across Repos in the same Project ? This might be the issue here, would also explain why the behavior is correct over the proxy (the credentials are probably saved on my end on a per-domain basis)
Hey @Nahiiko ,
Credentials are shared across Repos and projects.
Thanks @Nahiiko for providing additional details and thanks @hitesharinga for jumping in to troubleshoot.
Similar to a GitHub personal token or Gitlab personal token, your Gitness personal token is tied to your user account. This means the token can be used to clone any repository to which your account has access. It sounds like this has been clarified, so closing. We can re-open if needed.
Alright perfect, thanks for helping out !
Hi,
Is it normal that I'm able to clone a private repo without any credentials using
git clone http://192.168.X.XXX:5555/git/test/testrepo.git
? Seems quite insecure to me.It is working as intended (or so it seems) if I try
git clone https://gitness.mywebsite.com/git/test/testrepo.git
meaning I cannot clone without the credentials.I tried using https (just in case that was the reason somehow) didn't change anything, it seems even using the flag
GITNESS_HTTP_PROTO=https
didn't change anything ? I could still access the instance using http only, and https did not resolve.so three questions arise:
My docker-compose: