fix(repo): stop advertising HTTP clone URLs when DISABLE_HTTP_GIT is set#38378
fix(repo): stop advertising HTTP clone URLs when DISABLE_HTTP_GIT is set#38378TowyTowy wants to merge 3 commits into
Conversation
The repository clone panel force-enabled the HTTPS clone button whenever both the HTTPS and SSH buttons would otherwise be hidden, re-enabling HTTPS even after an admin set DISABLE_HTTP_GIT. The clone URL input also hardcoded the HTTPS URL regardless of the setting, so the disabled HTTP clone URL kept showing in the UI for both signed-in and anonymous users. Decide clone button visibility from the admin configuration only (extracted into cloneButtonsShow with a unit test), and render the URL input from the first protocol that is actually enabled, leaving it empty when none is available to the viewer. Fixes go-gitea#38339 Assisted-by: Claude Code:claude-opus-4-8 Signed-off-by: TowyTowy <towy@airreps.link>
When both the HTTPS and SSH clone buttons are hidden (eg: an anonymous visitor on a DISABLE_HTTP_GIT instance without anonymous SSH), the clone panel left an empty, unselected URL input next to an inactive Tea CLI tab, and the empty repo quick guide rendered an empty clone combo. Only show the clone URL input and its copy button when there is a URL to put in them: the empty-repo combo is dropped entirely when neither HTTPS nor SSH is available, and the clone panel falls back to the always present Tea CLI command. The scheme selector now resolves to the first available tab instead of early-returning on a missing preferred tab, so the Tea CLI tab becomes active when it is the only option. The empty repo push commands and the "open with editor" links follow the same availability, so a disabled HTTP clone URL is never advertised. Assisted-by: Claude Code:claude-opus-4-8 Signed-off-by: TowyTowy <towy@airreps.link>
|
|
||
| <div class="clone-panel-tab"> | ||
| <!-- there is always at least one button (guaranteed by context/repo.go) --> | ||
| <!-- Tea CLI is always available; HTTPS/SSH are shown only when the admin has not disabled them --> |
There was a problem hiding this comment.
If both HTTPS and SSH are disabled, how could "Tea CLI" work?
There was a problem hiding this comment.
You're right — it can't. I checked tea's source: repo_clone.go resolves repo.CloneURL (or repo.SSHURL when an SSH key is configured) and clones over the same git transports, so with both disabled the Tea command is equally dead. Fixed in b9c67b4: the entire clone section of the panel (tabs, URL input, copy button) is now hidden when neither HTTPS nor SSH is available — the Code popup then only offers the download links, which still work. initCloneSchemeUrlSelection gained an early return for the now-possible missing input. Thanks for pressing on this; my earlier claim that tea clones via the API was wrong.
(Authored with AI assistance — Claude Code; reviewed and verified before posting.)
There was a problem hiding this comment.
Please reply by human, concisely. Don't flood too much AI output.
…vailable tea clone resolves repo.CloneURL or repo.SSHURL and shells out to git, so it needs the same HTTP/SSH transports; showing the Tea CLI tab with both disabled offered a command that cannot work. Assisted-by: Claude Code:claude-fable-5 Signed-off-by: TowyTowy <towy@airreps.link>
Fixes #38339
When
[repository] DISABLE_HTTP_GIT = true, the repo UI still advertised HTTP(S) clone URLs: the clone panel force-showed the HTTPS tab whenever both protocols were hidden, and the URL input / empty-repo quick guide rendered the HTTP URL even though interacting with it returns 403.Changes:
services/context/repo.go: extractcloneButtonsShow()and remove the "force-show HTTPS when both are hidden" fallback, soDISABLE_HTTP_GITactually hides the HTTP tab; SSH stays shown per the existing SSH visibility rules.templates/repo/clone_buttons.tmpl+templates/repo/clone_panel.tmpl: the URL input renders the first enabled protocol (previously assumed HTTP is always available).services/context/repo_test.go: newTestCloneButtonsShowwith 7 cases (defaults signed-in/anonymous, expose-anonymous-SSH, HTTP disabled × signed-in/anonymous/anonymous-with-exposed-SSH, both disabled).Verified end-to-end on a local build: with the setting off,
git clone http://...succeeds; with it on, the server refuses (remote: Interacting with repositories by HTTP protocol is not allowed, exit 128) and the UI no longer offers the dead URL.Screenshots
DISABLE_HTTP_GIT = true)Per the AI Contribution Policy: this change was prepared with AI assistance (disclosed via the
Assisted-by:commit trailer); the code was reviewed, and behavior was manually tested against a local build as described above, with automated tests added.