[obs-commits] [openSUSE/open-build-service] 690d68: Require auth for binary action

Branch: refs/heads/master Home: https://github.com/openSUSE/open-build-service Commit: 690d68231d1f5fddb1c702861d23d2e2b59044cb https://github.com/openSUSE/open-build-service/commit/690d68231d1f5fddb1c702... Author: Henne Vogelsang Date: 2020-07-06 (Mon, 06 Jul 2020) Changed paths: M src/api/app/controllers/webui/package_controller.rb Log Message: ----------- Require auth for binary action Displaying information about a binary is a rather expensive backend action that we should not allow for anonymous users. We just had a case of a (bad) spider taking too many resources by querying all binaries of a distribution. If someone needs this information they can get it from the repository/binary data on the mirrors. Commit: b8938ed058342e5360c30bec9e088e70e7e3d81b https://github.com/openSUSE/open-build-service/commit/b8938ed058342e5360c30b... Author: Henne Vogelsang Date: 2020-07-06 (Mon, 06 Jul 2020) Changed paths: M src/api/app/controllers/webui/package_controller.rb Log Message: ----------- Remove superflous action There is no commit action Commit: 182b360cbfdc5d0e87d844499137df9801c0c933 https://github.com/openSUSE/open-build-service/commit/182b360cbfdc5d0e87d844... Author: Henne Vogelsang Date: 2020-07-06 (Mon, 06 Jul 2020) Changed paths: M src/api/app/controllers/webui/package_controller.rb M src/api/app/views/webui/package/revisions.html.haml Log Message: ----------- Require auth to look at unpaginated revisions To show all revisions of a package can be a very expensive operation. We just had a case of a (bad) spider taking too many resources by querying all revisions of all packages of a distribution. If someone needs this information they can get it from the paginated views. Commit: 68046d76f33297893469430d681a3552ca5a7058 https://github.com/openSUSE/open-build-service/commit/68046d76f3329789346943... Author: Henne Vogelsang Date: 2020-07-06 (Mon, 06 Jul 2020) Changed paths: M src/api/app/controllers/webui/package_controller.rb M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_1.yml M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_2.yml M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_no_difference_in_sources_diff_is_empty/1_9_1_1.yml M src/api/spec/controllers/webui/package_controller_spec.rb Log Message: ----------- Require auth to generate/look at diffs The rdiff action is basically a frontend to get the backend to generate diffs between arbitrary packages. We just had a case of a (bad) spider taking too many resources by querying all diffs for all revisions of large packages. Co-authored-by: Victor Pereira Commit: fe21bb8b545708feb86d9766070533a76b3e85f5 https://github.com/openSUSE/open-build-service/commit/fe21bb8b545708feb86d97... Author: Victor Pereira Date: 2020-07-06 (Mon, 06 Jul 2020) Changed paths: M src/api/app/controllers/webui/package_controller.rb M src/api/app/views/webui/package/revisions.html.haml M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_1.yml M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_an_empty_revision_is_provided/1_9_2_2.yml M src/api/spec/cassettes/Webui_PackageController/GET_rdiff/when_no_difference_in_sources_diff_is_empty/1_9_1_1.yml M src/api/spec/controllers/webui/package_controller_spec.rb Log Message: ----------- Merge pull request #9881 from hennevogel/bugfix/9876 Auth changes for expensive package actions Compare: https://github.com/openSUSE/open-build-service/compare/c3fc0b313e6b...fe21bb...