Comments (12)
KN4CK3R
commented on May 22, 2024
That sounds really exhausting because the OTP always needs to be refreshed. Why not use a PAT instead of the normal password?
from gitea.
Kwonunn
commented on May 22, 2024
This is just for use in cases where I'm fetching a project once onto a server I don't want to set up SSH on.
Using tokens for this would either require making a fresh token every time which is annoying, or having one to always use which is a security hole.
from gitea.
techknowlogick
commented on May 22, 2024
This is quite interesting. On one hand user/pass auth for api/git operations are being depreciated, but it does give the idea of otp with scoped tokens 🤔
from gitea.
Kwonunn
commented on May 22, 2024
Is Gitea planning to deprecate http entirely for git operations?
from gitea.
KN4CK3R
commented on May 22, 2024
No, only the combination with username and password.
from gitea.
Kwonunn
commented on May 22, 2024
Why, if I may ask? I know GitHub has stopped allowing it but I'm not quite sure why.
from gitea.
KN4CK3R
commented on May 22, 2024
Because the username/password combination should be used in less places in favor of configurable tokens.
from gitea.
Kwonunn
commented on May 22, 2024
I see. Then, perhaps another method is more appropriate.
Maybe we could add a quick token button in this menu
which would generate a temporary personal access token scoped specifically to that repository and with read-only access, which you could use once to clone the repository somewhere?
from gitea.
JakobDev
commented on May 22, 2024
No, only the combination with username and password.
Why?
from gitea.
KN4CK3R
commented on May 22, 2024
No, only the combination with username and password.
Why?
#28968 (comment)
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/#background
from gitea.
Kwonunn
commented on May 22, 2024
I see. Then, perhaps another method is more appropriate.
Maybe we could add a quick token button in this menu
which would generate a temporary personal access token scoped specifically to that repository and with read-only access, which you could use once to clone the repository somewhere?
Should I make a new feature request for this new idea and just leave the http OTP thing?
from gitea.
JakobDev
commented on May 22, 2024
Not beeing able to use Username/Password could be a problem for one time contributors
from gitea.
Related Issues (20)
- Gitea 1.21 failing to build on musl-based distributions as of musl 1.2.4.
- [Community Feedback] Using a What-you-see-is-what-you-get markdown editor or not HOT 3
- Performance issue on pulls list API endpoint with lots of PR's
- Disallow deeply nested CSS selectors HOT 1
- When saving an LFS PDF file on Minio, the PDF preview may fail when SERVE_DIRECT is set to true.
- Gitea 1.22 detected as virus by windows defender HOT 7
- 405 Method Not Allowed: [no body]. But actually it is the right method HOT 2
- Get a list of all commits from a repository will lost some file sometimes HOT 3
- Commit history overflow in issue page HOT 4
- pre-receive hook error after updating HOT 9
- Button color regression
- Propose to restart 1.22 release HOT 7
- Non-admin user doesn't show repo dummy description HOT 4
- How to migrate data between Gitea servers? HOT 4
- Field login_name is empty after create an user
- To clone the project locally, execute 'make build' and get the following error HOT 10
- Watch/Unwatch, Star/Unstar buttons style error. Wrong radiuses have been added. HOT 1
- downgrade database version from 280" to'189" is not supported and may result in loss of data integrity. HOT 7
- Update failed if the `website` field is carried, when requesting `/user/settings` interface. HOT 3
- import from gogs /github.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitea.